- : 1.0.1: ldns-team
- * added include/ and lib/ dirs so that you can compile against ldns
+December??? 2005: 1.0.1: ldns-team
+ * Added include/ and lib/ dirs so that you can compile against ldns
without installing ldns on your system
+ * Makefile updates
Drill:
* -r was killed in favor of -o <header bit mnemonic> which
allows for a header bits setting (and maybe more in the
future)
+ * DS was added to the list of records which, when used automaticly
+ enable DNSSEC (i.e. Set the do-bit in the query)
18 Oct 2005: 1.0.0: ldns-team
* Commited a patch from Håkan Olsson
* Examples
There are some examples in the examples/ directory. These can be built with:
-1. make examples
-(in the build directory of the library)
-
-You can also do it yourself:
-
-1. autoreconf
-2. ./configure
+1. cd examples/
+2. autoreconf [--with-ldns=../]
3. gmake
The library has to be installed in order for this to work. If it is not
installed in one of the default paths (i.e. if you have specified --prefix
when configuring the library) you can use --with-ldns=PATH to specify that
-path.
-
-If you have only built the library and not installed it you can add the
-directories with the headers and libraries to the search path of configure
-by specifying:
-LDFLAGS="-L<build-dir>/.libs" CPPFLAGS="-I<build-dir> -I<src_dir>"
+path. PATH in that case would be '../'
In that last case, you will also need to have your LD_LIBRARY_PATH set to
-the .libs directory to be able to run the examples.
+the .libs directory to be able to run the examples. I.e.:
+LD_LIBRARY_PATH=../lib ./ldns-version
* Drill
-Building drill is the same as building the examples.
+Drill can be build by issueing a 'make drill' from the ldns source dir.
If you want to build drill by hand, the configure and running options are
-the same as those for the examples. You can use the make target 'lib' if you
-only want to build the library and not drill (and make install-lib to
-install it).
+the same as those for the examples.
* Building from repository
ldns is developed by the ldns team at NLnet Labs. This team currently
consists out of:
o Jelte Jansen
- o Erik Rozendaal
o Miek Gieben
* Credits
We have received patches from the following people, thanks!
+ o Erik Rozendaal
o Håkan Olsson
o Jakob Schlyter
o Paul Wouters
It has been brought to our attention that the build script might have some
problems on MACOSX 10.4 and Solaris. Please contact us if you have more info
-on this.
+on this.
For MACOSX 10.4, it seems that you have to set the MACOSX_DEPLOYMENT_TARGET
environment variable to 10.4 before running make. Apparently it defaults to
10.1.
+
+Also RedHat 9 seems to be having a problem when building ldns - we have
+very little details about this.
+++ /dev/null
-What is working in what release and when is it released.
-
-0.65: 14 June 2005 - released
- [func] ?
- [impl] cleanups, clearer memeory management
-
-0.70: July?
- [func]
-
- [impl]
-
- [unsorted]
- o Fix ALL remaining loose ends:
- - half supported records, nsec_frm_str comes to mind
- - documentation
- - tutorial
- - more dnssec example programs
-
-0.80: End of July???
- [unsorted]
- o concept of a DNS zone worked out
- o serving stuff - i.e build a server in a few lines
-
-0.90: August???
- [func]
- [impl] private key type for all signing (tsig/DNSSEC)
- [unsorted]
- o DNS zone stuff working
-
-1.0: August??
- [func] Fully working, documented library
- o server stuff working
- o feature complete
- o documentation complete
-
-Post 1.0:
- [unsorted]
- o bugs/docs/updates
-
- o Incorperate features from drill that look promising
Current TODO list
+1.0.1:
+------
+ o Fix what needs to be fixed
+ o Make drill a worthy dig replacement wrt to
+ DNSSEC debugging
+
Post 1.0 Stuff:
---------------
o Dname compression
ldns_pkt *pkt_o, uint16_t qflags);
ldns_status do_secure_trace(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type,
ldns_rr_class c, ldns_rr_list *trusted_keys);
+ldns_status do_secure_trace2(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type,
+ ldns_rr_class c, ldns_rr_list *trusted_keys);
/* dnssec.c */
ldns_rr_list *get_rr(ldns_resolver *res, ldns_rdf *zname, ldns_rr_type t, ldns_rr_class c);
void drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p);
#include "drill.h"
#include <ldns/dns.h>
+/*
+ * generic function to get some RRset from a nameserver
+ * and possible some signatures too (that would be the day...)
+ */
+ldns_rr_list *
+get_rr(ldns_resolver *r, ldns_rdf *name, ldns_rr_type t, ldns_rr_list **sig)
+{
+ ldns_pkt *p;
+ ldns_rr_list *k;
+
+ /* ldns_resolver_set_dnssec(r, true); */
+
+ p = ldns_resolver_query(r, apexname, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, 0);
+ if (!p) {
+ return NULL;
+ }
+
+ k = ldns_pkt_rr_list_by_name_and_type(p, apexname, LDNS_RR_TYPE_DNSKEY,
+ LDNS_SECTION_ANSWER);
+ /* there must be a sig there too... */
+ *opt_sig = ldns_pkt_rr_list_by_name_and_type(p, apexname, LDNS_RR_TYPE_RRSIG,
+ LDNS_SECTION_ANSWER);
+
+ return k;
+
+
+}
+
+
/*
* retrieve keys for this zone
*/
return k;
}
+/*
+ * check to see if we can find a DS rrset here which we can then follow
+ */
+ldns_rr_list *
+get_ds(ldns_resolver r, ldns_rdf *ownername, ldns_rr_list **opt_sig)
+{
+ ldns_pkt *p;
+ ldns_rr_list *d;
+
+ p = ldns_resolver_query(r, apexname, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, 0);
+ if (!p) {
+ return NULL;
+ }
+
+ k = ldns_pkt_rr_list_by_name_and_type(p, apexname, LDNS_RR_TYPE_DNSKEY,
+ LDNS_SECTION_ANSWER);
+ /* there must be a sig there too... */
+ *opt_sig = ldns_pkt_rr_list_by_name_and_type(p, apexname, LDNS_RR_TYPE_RRSIG,
+ LDNS_SECTION_ANSWER);
+
+ return k;
+}
+
+
/* do a secure trace - local_res has been setup, so try to use that */
ldns_status
do_secure_trace2(ldns_resolver *res, ldns_rdf *name, ldns_rr_type t,
printf("\nFirst dname with keys and sigs here */\n");
ldns_rdf_print(stdout, chopped_dname[i]);
+ /* chopped_dname[i] is the zone which is configured at the
+ * nameserver pointed to by res. This is our starting point
+ * for the secure trace. Hopefully the trusted keys we got
+ * match the keys we see here
+ */
+
printf("\nkeys\n");
ldns_rr_list_print(stdout, dnskey_cache);
printf("\nsigs\n");
if (!rrsig_cache) {
- /* huh!? the sigs are sent along with the keys... */
+ /* huh!? the sigs must be sent along with the keys...
+ * probably are using some lame forwarder... exit as
+ * we cannot do anything in that case
+ */
+ error("Are you using an non DNSSEC-aware forwarder?");
return LDNS_STATUS_ERR;
}
ldns_rr_list_print(stdout, rrsig_cache);
projects / thirdparty / ldns.git / commitdiff
