#include "drill.h"
#include <ldns/dns.h>
-#define SELF "[SELF]" /* self sig ok */
-#define TRUST "[TRUST]" /* self sig ok */
-#define CHAIN "[CHAIN]" /* chain from parent */
+#define OK "[OK]" /* self sig ok */
+#define TRUST "[TR]" /* chain from parent */
+#define BOGUS "[BO]" /* bogus */
#if 0
/* See if there is a key/ds in trusted that matches
ldns_rr_class c, ldns_rr_list *trusted_keys)
{
ldns_resolver *res;
- ldns_pkt *p;
+ ldns_pkt *p, *local_p;
ldns_rr_list *new_nss_a;
ldns_rr_list *new_nss_aaaa;
ldns_rr_list *new_nss;
uint16_t loop_count;
ldns_rdf *pop;
ldns_rdf **labels;
- ldns_status status;
+ ldns_status status, st;
ssize_t i;
size_t j;
uint8_t labels_count;
pt = LDNS_PACKET_UNKNOWN;
p = ldns_pkt_new();
+ local_p = ldns_pkt_new();
res = ldns_resolver_new();
key_sig_list = ldns_rr_list_new();
ds_sig_list = ldns_rr_list_new();
ldns_resolver_set_random(res,
ldns_resolver_random(local_res));
ldns_resolver_set_recursive(res, false);
- ldns_resolver_set_dnssec_cd(res, true);
+ ldns_resolver_set_dnssec_cd(res, false);
+ ldns_resolver_set_dnssec(res, true);
ldns_resolver_set_recursive(local_res, false);
labels_count = ldns_dname_label_count(name);
for(i = (ssize_t)labels_count + 1; i > 0; i--) {
/* get the nameserver for this label */
- status = ldns_resolver_send(&p, local_res, labels[i], LDNS_RR_TYPE_NS, c, 0);
+ status = ldns_resolver_send(&local_p, local_res, labels[i], LDNS_RR_TYPE_NS, c, 0);
/* ldns_pkt_print(stdout, p); */
- new_nss_a = ldns_pkt_rr_list_by_type(p,
+ new_nss_a = ldns_pkt_rr_list_by_type(local_p,
LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL);
- new_nss_aaaa = ldns_pkt_rr_list_by_type(p,
+ new_nss_aaaa = ldns_pkt_rr_list_by_type(local_p,
LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL);
- new_nss = ldns_pkt_rr_list_by_type(p,
+ new_nss = ldns_pkt_rr_list_by_type(local_p,
LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY);
if (!new_nss) {
/* sometimes they are hidden in the answer section */
- new_nss = ldns_pkt_rr_list_by_type(p,
+ new_nss = ldns_pkt_rr_list_by_type(local_p,
LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER);
}
error("No nameservers found for this node\n");
return NULL;
}
- ldns_rr_list_print(stdout, new_nss);
+ ldns_rdf_print(stdout, labels[i]); puts("");
p = get_dnssec_pkt(res, labels[i], LDNS_RR_TYPE_DNSKEY);
pt = get_key(p, labels[i], &key_list, &key_sig_list);
- if (key_list) {
- ldns_rr_list_print(stdout, key_list);
+/* ldns_pkt_print(stdout, p);*/
+ if (key_sig_list) {
+ if (key_list) {
+ if ((st = ldns_verify(key_list, key_sig_list, key_list, NULL)) ==
+ LDNS_STATUS_OK) {
+ print_rr_list_abbr(stdout, key_list, OK);
+ } else {
+ print_rr_list_abbr(stdout, key_list, BOGUS);
+ }
+ } else {
+ mesg("No DNSKEY");
+ }
}
p = get_dnssec_pkt(res, labels[i], LDNS_RR_TYPE_DS);
pt = get_ds(p, labels[i], &ds_list, &ds_sig_list);
- if (ds_list) {
- ldns_rr_list_print(stdout, ds_list);
+ if (!ds_list) {
+ /* we might get lucky and get a DS referral wehn
+ * asking for the key of the query name */
+ p = get_dnssec_pkt(res, name, LDNS_RR_TYPE_DNSKEY);
+ pt = get_ds(p, NULL, &ds_list, &ds_sig_list);
}
- ds_list = NULL;
-
- /* we might get lucky and get a DS referral wehn
- * asking for the key of the query name */
- p = get_dnssec_pkt(res, name, LDNS_RR_TYPE_DNSKEY);
- pt = get_ds(p, NULL, &ds_list, &ds_sig_list);
- if (ds_list) {
- ldns_rr_list_print(stdout, ds_list);
+ if (ds_sig_list) {
+ if (ds_list) {
+ if ((st = ldns_verify(ds_list, ds_sig_list, key_list, NULL)) ==
+ LDNS_STATUS_OK) {
+ print_rr_list_abbr(stdout, ds_list, OK);
+ } else {
+ print_rr_list_abbr(stdout, ds_list, BOGUS);
+ }
+ } else {
+ mesg("No DS");
+ }
}
- ds_list = NULL;
+ ds_list = NULL;
new_nss_aaaa = NULL;
new_nss_a = NULL;
new_nss = NULL;
ns_addr = NULL;
key_list = NULL;
- while((pop = ldns_resolver_pop_nameserver(res))) { /* do it */ }
+ while((ldns_resolver_pop_nameserver(res))) { /* remove it */ }
puts("");
}
projects / thirdparty / ldns.git / commitdiff
