#include <pk11/site.h>
#include <dns/byaddr.h>
+#include <dns/dns64.h>
#include <dns/fixedname.h>
#include <dns/masterdump.h>
#include <dns/message.h>
" fields in records)\n"
" +[no]defname (Use search list "
"(+[no]search))\n"
+ " +[no]dns64prefix (Get the DNS64 prefixes "
+ "from ipv4only.arpa)\n"
" +[no]dnssec (Request DNSSEC records)\n"
" +domain=### (Set default domainname)\n"
" +[no]dscp[=###] (Set the DSCP value to "
return (ISC_R_SUCCESS);
}
+/*%
+ * short_form message print handler. Calls above say_message()
+ */
+static isc_result_t
+dns64prefix_answer(dns_message_t *msg, isc_buffer_t *buf) {
+ dns_rdataset_t *rdataset = NULL;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_result_t result;
+ isc_netprefix_t prefix[10];
+ size_t i, count = 10;
+
+ name = dns_fixedname_initname(&fixed);
+ result = dns_name_fromstring(name, "ipv4only.arpa", 0, NULL);
+ check_result(result, "dns_name_fromstring");
+
+ result = dns_message_findname(msg, DNS_SECTION_ANSWER, name,
+ dns_rdatatype_aaaa, dns_rdatatype_none,
+ NULL, &rdataset);
+ if (result == DNS_R_NXDOMAIN || result == DNS_R_NXRRSET) {
+ return (ISC_R_SUCCESS);
+ } else if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ result = dns_dns64_findprefix(rdataset, prefix, &count);
+ if (result == ISC_R_NOTFOUND)
+ return (ISC_R_SUCCESS);
+ if (count > 10)
+ count = 10;
+ for (i = 0; i < count; i++) {
+ result = isc_netaddr_totext(&prefix[i].addr, buf);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+ result = isc_buffer_printf(buf, "/%u\n", prefix[i].prefixlen);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
/*%
* short_form message print handler. Calls above say_message()
*/
dns_master_style_t *style = NULL;
unsigned int styleflags = 0;
bool isquery = (msg == query->lookup->sendmsg);
+ bool dns64prefix = query->lookup->dns64prefix;
UNUSED(msgbuf);
check_result(result, "dns_master_stylecreate");
if (query->lookup->cmdline[0] != 0) {
- if (!short_form && printcmd) {
+ if (!short_form && !dns64prefix && printcmd) {
printf("%s", query->lookup->cmdline);
}
query->lookup->cmdline[0] = '\0';
}
debug("printmessage(%s %s %s)", headers ? "headers" : "noheaders",
query->lookup->comments ? "comments" : "nocomments",
- short_form ? "short_form" : "long_form");
+ short_form ? "short_form"
+ : dns64prefix ? "dns64prefix_form" : "long_form");
flags = 0;
if (!headers) {
printf(" %s:\n", isquery ? "query_message_data"
: "response_message_data");
result = dns_message_headertotext(msg, style, flags, buf);
- } else if (query->lookup->comments && !short_form) {
+ } else if (query->lookup->comments && !short_form && !dns64prefix) {
if (query->lookup->cmdline[0] != '\0' && printcmd) {
printf("; %s\n", query->lookup->cmdline);
}
repopulate_buffer:
- if (query->lookup->comments && headers && !short_form) {
+ if (query->lookup->comments && headers && !short_form && !dns64prefix) {
result = dns_message_pseudosectiontotext(
msg, DNS_PSEUDOSECTION_OPT, style, flags, buf);
if (result == ISC_R_NOSPACE) {
}
if (query->lookup->section_question && headers) {
- if (!short_form) {
+ if (!short_form && !dns64prefix) {
result = dns_message_sectiontotext(
msg, DNS_SECTION_QUESTION, style, flags, buf);
if (result == ISC_R_NOSPACE) {
}
}
if (query->lookup->section_answer) {
- if (!short_form) {
+ if (!short_form && !dns64prefix) {
result = dns_message_sectiontotext(
msg, DNS_SECTION_ANSWER, style, flags, buf);
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
check_result(result, "dns_message_sectiontotext");
+ } else if (dns64prefix) {
+ result = dns64prefix_answer(msg, buf);
+ if (result == ISC_R_NOSPACE)
+ goto buftoosmall;
+ check_result(result, "dns64prefix_answer");
} else {
result = short_answer(msg, flags, buf, query);
if (result == ISC_R_NOSPACE) {
}
}
if (query->lookup->section_authority) {
- if (!short_form) {
+ if (!short_form && !dns64prefix) {
result = dns_message_sectiontotext(
msg, DNS_SECTION_AUTHORITY, style, flags, buf);
if (result == ISC_R_NOSPACE) {
}
}
if (query->lookup->section_additional) {
- if (!short_form) {
+ if (!short_form && !dns64prefix) {
result = dns_message_sectiontotext(
msg, DNS_SECTION_ADDITIONAL, style, flags, buf);
if (result == ISC_R_NOSPACE) {
* XXX doc options
*/
-static void
-plus_option(char *option, bool is_batchfile, dig_lookup_t *lookup) {
+static dig_lookup_t *
+plus_option(char *option, bool is_batchfile, bool *need_clone,
+ dig_lookup_t *lookup) {
isc_result_t result;
char *cmd, *value, *last = NULL, *code, *extra;
uint32_t num;
if ((cmd = strtok_r(option, "=", &last)) == NULL) {
printf(";; Invalid option %s\n", option);
- return;
+ return (lookup);
}
if (strncasecmp(cmd, "no", 2) == 0) {
cmd += 2;
usesearch = state;
}
break;
- case 'n': /* dnssec */
- FULLCHECK("dnssec");
- dnssec:
- if (state && lookup->edns == -1) {
- lookup->edns = DEFAULT_EDNS_VERSION;
+ case 'n':
+ switch (cmd[2]) {
+ case 's':
+ switch (cmd[3]) {
+ case '6': /* dns64prefix */
+ FULLCHECK("dns64prefix");
+ if (state) {
+ if (*need_clone) {
+ lookup = clone_lookup(
+ default_lookup,
+ true);
+ }
+ *need_clone = true;
+ lookup->dns64prefix = state;
+ strlcpy(lookup->textname,
+ "ipv4only.arpa",
+ sizeof(lookup->textname));
+ printcmd = false;
+ lookup->section_additional =
+ false;
+ lookup->section_answer = true;
+ lookup->section_authority =
+ false;
+ lookup->section_question =
+ false;
+ lookup->comments = false;
+ lookup->stats = false;
+ lookup->rrcomments = -1;
+ lookup->rdtype =
+ dns_rdatatype_aaaa;
+ lookup->rdtypeset = true;
+ ISC_LIST_APPEND(lookup_list,
+ lookup, link);
+ }
+ break;
+ case 's': /* dnssec */
+ FULLCHECK("dnssec");
+ dnssec:
+ if (state && lookup->edns == -1) {
+ lookup->edns =
+ DEFAULT_EDNS_VERSION;
+ }
+ lookup->dnssec = state;
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ default:
+ goto invalid_option;
}
- lookup->dnssec = state;
break;
case 'o': /* domain ... but treat "do" as synonym for dnssec */
if (cmd[2] == '\0') {
fprintf(stderr, "Invalid option: +%s\n", option);
usage();
}
- return;
+ return (lookup);
#if !TARGET_OS_IPHONE
exit_or_usage:
}
}
} else if (rv[0][0] == '+') {
- plus_option(&rv[0][1], is_batchfile, lookup);
+ lookup = plus_option(&rv[0][1], is_batchfile,
+ &need_clone, lookup);
} else if (rv[0][0] == '-') {
if (rc <= 1) {
if (dash_option(&rv[0][1], NULL, &lookup,
``+[no]defname``
This option, which is deprecated, is treated as a synonym for ``+[no]search``.
+``+[no]dns64prefix``
+ Lookup IPV4ONLY.ARPA AAAA and print any DNS64 prefixes found.
+
``+[no]dnssec``
This option requests that DNSSEC records be sent by setting the DNSSEC OK (DO) bit in
the OPT record in the additional section of the query.
looknew->ignore = false;
looknew->servfail_stops = true;
looknew->besteffort = true;
+ looknew->dns64prefix = false;
looknew->dnssec = false;
looknew->ednsflags = 0;
looknew->opcode = dns_opcode_query;
looknew->ignore = lookold->ignore;
looknew->servfail_stops = lookold->servfail_stops;
looknew->besteffort = lookold->besteffort;
+ looknew->dns64prefix = lookold->dns64prefix;
looknew->dnssec = lookold->dnssec;
looknew->ednsflags = lookold->ednsflags;
looknew->opcode = lookold->opcode;
}
debug("before parse starts");
- parseflags = DNS_MESSAGEPARSE_PRESERVEORDER;
+ parseflags = l->dns64prefix ? 0 : DNS_MESSAGEPARSE_PRESERVEORDER;
if (l->besteffort) {
parseflags |= DNS_MESSAGEPARSE_BESTEFFORT;
parseflags |= DNS_MESSAGEPARSE_IGNORETRUNCATION;
struct dig_lookup {
unsigned int magic;
isc_refcount_t references;
- bool pending, /*%< Pending a successful answer */
- doing_xfr, ns_search_only, /*%< dig +nssearch, host -C */
- identify, /*%< Append an "on server <foo>" message */
- identify_previous_line, /*% Prepend a "Nameserver <foo>:"
- * message, with newline and tab */
- ignore, recurse, aaonly, adflag, cdflag, raflag, tcflag, zflag,
+ bool aaonly, adflag, badcookie, besteffort, cdflag, comments,
+ dns64prefix, dnssec, doing_xfr, done_as_is, ednsneg, expandaaaa,
+ expire, header_only, identify, /*%< Append an "on server <foo>"
+ message */
+ identify_previous_line, /*% Prepend a "Nameserver <foo>:"
+ message, with newline and tab */
+ idnin, idnout, ignore, mapped, multiline, need_search,
+ new_search, noclass, nocrypto, nottl,
+ ns_search_only, /*%< dig +nssearch, host -C */
+ nsid, /*% Name Server ID (RFC 5001) */
+ onesoa, pending, /*%< Pending a successful answer */
+ print_unknown_format, qr, raflag, recurse, section_additional,
+ section_answer, section_authority, section_question,
+ seenbadcookie, sendcookie, servfail_stops,
+ setqid, /*% use a speciied query ID */
+ stats, tcflag, tcp_keepalive, tcp_mode, tcp_mode_set,
+ tls_mode, /*% connect using TLS */
trace, /*% dig +trace */
- trace_root, /*% initial query for either +trace or +nssearch
- * */
- tcp_mode, tcp_mode_set, comments, stats, section_question,
- section_answer, section_authority, section_additional,
- servfail_stops, new_search, need_search, done_as_is, besteffort,
- dnssec, expire, sendcookie, seenbadcookie, badcookie,
- nsid, /*% Name Server ID (RFC 5001) */
- tcp_keepalive, header_only, ednsneg, mapped,
- print_unknown_format, multiline, nottl, noclass, onesoa,
- use_usec, nocrypto, ttlunits, idnin, idnout, expandaaaa, qr,
- setqid, /*% use a specified query ID */
- tls_mode; /*% connect using TLS */
- char textname[MXNAME]; /*% Name we're going to be
- * looking up */
+ trace_root, /*% initial query for either +trace or +nssearch */
+ ttlunits, use_usec, waiting_connect, zflag;
+ char textname[MXNAME]; /*% Name we're going to be looking up */
char cmdline[MXNAME];
dns_rdatatype_t rdtype;
dns_rdatatype_t qrdtype;
--- /dev/null
+ipv4only.arpa. 3600 IN SOA . . 2018112766 7200 3600 604800 3600
+ipv4only.arpa. 3600 IN NS .
+ipv4only.arpa. 3600 IN A 192.0.0.170
+ipv4only.arpa. 3600 IN A 192.0.0.171
// NS1
+include "../../common/rndc.key";
+
+controls {
+ inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
options {
file "signed.db.signed";
};
-// include "trusted.conf";
+zone "ipv4only.arpa" {
+ type master;
+ file "ipv4only.arpa.db";
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS1
+
+include "../../common/rndc.key";
+
+controls {
+ inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ allow-recursion { 10.53.0.1; };
+ notify yes;
+ dnssec-validation yes;
+
+ dns64 2001:bbbb::/96 {
+ clients { any; };
+ mapped { !rfc1918; any; };
+ exclude { 2001:eeee::/32; 64:FF9B::/96; ::ffff:0000:0000/96; };
+ suffix ::;
+ recursive-only yes;
+ };
+ dns64 2001:aaaa::/64 {
+ mapped { !rfc1918; any; };
+ };
+};
+
+zone "." {
+ type primary;
+ file "root.db";
+};
+
+zone "example" {
+ type primary;
+ file "example.db";
+};
+
+zone "signed" {
+ type primary;
+ file "signed.db.signed";
+};
+
+zone "ipv4only.arpa" {
+ type master;
+ file "ipv4only.arpa.db";
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS1
+
+include "../../common/rndc.key";
+
+controls {
+ inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ allow-recursion { 10.53.0.1; };
+ notify yes;
+ dnssec-validation yes;
+};
+
+zone "." {
+ type primary;
+ file "root.db";
+};
+
+zone "example" {
+ type primary;
+ file "example.db";
+};
+
+zone "signed" {
+ type primary;
+ file "signed.db.signed";
+};
+
+zone "ipv4only.arpa" {
+ type master;
+ file "ipv4only.arpa.db";
+};
. ../conf.sh
-copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns1/named.conf1.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
cd ns1 && $SHELL sign.sh
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+echo_i "checking 'dig +dns64prefix' ($n)"
+$DIG $DIGOPTS +dns64prefix @10.53.0.1 > dig.out.ns1.test$n || ret=1
+grep '^2001:bbbb::/96$' dig.out.ns1.test$n > /dev/null || ret=1
+test $(wc -l < dig.out.ns1.test$n) -eq 1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+copy_setports ns1/named.conf2.in ns1/named.conf
+rndc_reload ns1 10.53.0.1
+
+echo_i "checking 'dig +dns64prefix' with multiple prefixes ($n)"
+$DIG $DIGOPTS +dns64prefix @10.53.0.1 > dig.out.ns1.test$n || ret=1
+grep '^2001:bbbb::/96$' dig.out.ns1.test$n > /dev/null || ret=1
+grep '2001:aaaa::/64' dig.out.ns1.test$n > /dev/null || ret=1
+test $(wc -l < dig.out.ns1.test$n) -eq 2 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+copy_setports ns1/named.conf3.in ns1/named.conf
+rndc_reload ns1 10.53.0.1
+
+echo_i "checking 'dig +dns64prefix' with no prefixes ($n)"
+$DIG $DIGOPTS +dns64prefix @10.53.0.1 > dig.out.ns1.test$n || ret=1
+test $(wc -l < dig.out.ns1.test$n) -eq 0 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
.B \fB+[no]defname\fP
This option, which is deprecated, is treated as a synonym for \fB+[no]search\fP\&.
.TP
+.B \fB+[no]dns64prefix\fP
+Lookup IPV4ONLY.ARPA AAAA and print any DNS64 prefixes found.
+.TP
.B \fB+[no]dnssec\fP
This option requests that DNSSEC records be sent by setting the DNSSEC OK (DO) bit in
the OPT record in the additional section of the query.
projects / thirdparty / bind9.git / commitdiff
