From: Miek Gieben Date: Wed, 30 Nov 2005 10:01:55 +0000 (+0000) Subject: updated documentation and some unsorted drill tweaks X-Git-Tag: release-1.1.0~584 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c2e5f6fceeb32868c386d47fde3cbd76efb3545a;p=thirdparty%2Fldns.git updated documentation and some unsorted drill tweaks --- diff --git a/Changelog b/Changelog index a374b625..c6d8e0df 100644 --- a/Changelog +++ b/Changelog @@ -1,11 +1,14 @@ - : 1.0.1: ldns-team - * added include/ and lib/ dirs so that you can compile against ldns +December??? 2005: 1.0.1: ldns-team + * Added include/ and lib/ dirs so that you can compile against ldns without installing ldns on your system + * Makefile updates Drill: * -r was killed in favor of -o
which allows for a header bits setting (and maybe more in the future) + * DS was added to the list of records which, when used automaticly + enable DNSSEC (i.e. Set the do-bit in the query) 18 Oct 2005: 1.0.0: ldns-team * Commited a patch from HÃ¥kan Olsson diff --git a/README b/README index 496a403c..aa579de6 100644 --- a/README +++ b/README @@ -28,37 +28,26 @@ INSTALLATION * Examples There are some examples in the examples/ directory. These can be built with: -1. make examples -(in the build directory of the library) - -You can also do it yourself: - -1. autoreconf -2. ./configure +1. cd examples/ +2. autoreconf [--with-ldns=../] 3. gmake The library has to be installed in order for this to work. If it is not installed in one of the default paths (i.e. if you have specified --prefix when configuring the library) you can use --with-ldns=PATH to specify that -path. - -If you have only built the library and not installed it you can add the -directories with the headers and libraries to the search path of configure -by specifying: -LDFLAGS="-L/.libs" CPPFLAGS="-I -I" +path. PATH in that case would be '../' In that last case, you will also need to have your LD_LIBRARY_PATH set to -the .libs directory to be able to run the examples. +the .libs directory to be able to run the examples. I.e.: +LD_LIBRARY_PATH=../lib ./ldns-version * Drill -Building drill is the same as building the examples. +Drill can be build by issueing a 'make drill' from the ldns source dir. If you want to build drill by hand, the configure and running options are -the same as those for the examples. You can use the make target 'lib' if you -only want to build the library and not drill (and make install-lib to -install it). +the same as those for the examples. * Building from repository @@ -74,11 +63,11 @@ libtoolize and make allautoconf (or do autoreconf manually in the subdirs) ldns is developed by the ldns team at NLnet Labs. This team currently consists out of: o Jelte Jansen - o Erik Rozendaal o Miek Gieben * Credits We have received patches from the following people, thanks! + o Erik Rozendaal o HÃ¥kan Olsson o Jakob Schlyter o Paul Wouters @@ -88,8 +77,11 @@ KNOWN ISSUES It has been brought to our attention that the build script might have some problems on MACOSX 10.4 and Solaris. Please contact us if you have more info -on this. +on this. For MACOSX 10.4, it seems that you have to set the MACOSX_DEPLOYMENT_TARGET environment variable to 10.4 before running make. Apparently it defaults to 10.1. + +Also RedHat 9 seems to be having a problem when building ldns - we have +very little details about this. diff --git a/ROADMAP b/ROADMAP deleted file mode 100644 index 73775fa6..00000000 --- a/ROADMAP +++ /dev/null @@ -1,40 +0,0 @@ -What is working in what release and when is it released. - -0.65: 14 June 2005 - released - [func] ? - [impl] cleanups, clearer memeory management - -0.70: July? - [func] - - [impl] - - [unsorted] - o Fix ALL remaining loose ends: - - half supported records, nsec_frm_str comes to mind - - documentation - - tutorial - - more dnssec example programs - -0.80: End of July??? - [unsorted] - o concept of a DNS zone worked out - o serving stuff - i.e build a server in a few lines - -0.90: August??? - [func] - [impl] private key type for all signing (tsig/DNSSEC) - [unsorted] - o DNS zone stuff working - -1.0: August?? - [func] Fully working, documented library - o server stuff working - o feature complete - o documentation complete - -Post 1.0: - [unsorted] - o bugs/docs/updates - - o Incorperate features from drill that look promising diff --git a/TODO b/TODO index 1bc26f7d..8ef851bb 100644 --- a/TODO +++ b/TODO @@ -1,5 +1,11 @@ Current TODO list +1.0.1: +------ + o Fix what needs to be fixed + o Make drill a worthy dig replacement wrt to + DNSSEC debugging + Post 1.0 Stuff: --------------- o Dname compression diff --git a/drill/drill.h.in b/drill/drill.h.in index 80ab6746..ab1cfeab 100644 --- a/drill/drill.h.in +++ b/drill/drill.h.in @@ -41,6 +41,8 @@ ldns_status do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_pkt *pkt_o, uint16_t qflags); ldns_status do_secure_trace(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c, ldns_rr_list *trusted_keys); +ldns_status do_secure_trace2(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, + ldns_rr_class c, ldns_rr_list *trusted_keys); /* dnssec.c */ ldns_rr_list *get_rr(ldns_resolver *res, ldns_rdf *zname, ldns_rr_type t, ldns_rr_class c); void drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p); diff --git a/drill/securetrace.c b/drill/securetrace.c index 47e2c5c9..7eea218d 100644 --- a/drill/securetrace.c +++ b/drill/securetrace.c @@ -11,6 +11,35 @@ #include "drill.h" #include +/* + * generic function to get some RRset from a nameserver + * and possible some signatures too (that would be the day...) + */ +ldns_rr_list * +get_rr(ldns_resolver *r, ldns_rdf *name, ldns_rr_type t, ldns_rr_list **sig) +{ + ldns_pkt *p; + ldns_rr_list *k; + + /* ldns_resolver_set_dnssec(r, true); */ + + p = ldns_resolver_query(r, apexname, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, 0); + if (!p) { + return NULL; + } + + k = ldns_pkt_rr_list_by_name_and_type(p, apexname, LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANSWER); + /* there must be a sig there too... */ + *opt_sig = ldns_pkt_rr_list_by_name_and_type(p, apexname, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + + return k; + + +} + + /* * retrieve keys for this zone */ @@ -36,6 +65,30 @@ get_apex_keys(ldns_resolver *r, ldns_rdf *apexname, ldns_rr_list **opt_sig) return k; } +/* + * check to see if we can find a DS rrset here which we can then follow + */ +ldns_rr_list * +get_ds(ldns_resolver r, ldns_rdf *ownername, ldns_rr_list **opt_sig) +{ + ldns_pkt *p; + ldns_rr_list *d; + + p = ldns_resolver_query(r, apexname, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, 0); + if (!p) { + return NULL; + } + + k = ldns_pkt_rr_list_by_name_and_type(p, apexname, LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANSWER); + /* there must be a sig there too... */ + *opt_sig = ldns_pkt_rr_list_by_name_and_type(p, apexname, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + + return k; +} + + /* do a secure trace - local_res has been setup, so try to use that */ ldns_status do_secure_trace2(ldns_resolver *res, ldns_rdf *name, ldns_rr_type t, @@ -86,11 +139,21 @@ do_secure_trace2(ldns_resolver *res, ldns_rdf *name, ldns_rr_type t, printf("\nFirst dname with keys and sigs here */\n"); ldns_rdf_print(stdout, chopped_dname[i]); + /* chopped_dname[i] is the zone which is configured at the + * nameserver pointed to by res. This is our starting point + * for the secure trace. Hopefully the trusted keys we got + * match the keys we see here + */ + printf("\nkeys\n"); ldns_rr_list_print(stdout, dnskey_cache); printf("\nsigs\n"); if (!rrsig_cache) { - /* huh!? the sigs are sent along with the keys... */ + /* huh!? the sigs must be sent along with the keys... + * probably are using some lame forwarder... exit as + * we cannot do anything in that case + */ + error("Are you using an non DNSSEC-aware forwarder?"); return LDNS_STATUS_ERR; } ldns_rr_list_print(stdout, rrsig_cache);