Add the ability to dig to specify the signing time

(cherry picked from commit 805e2ba31d2816772e3643545baef5ff5a42c102)

diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 035b62dada9e745a544a8668745fe1f1fd2f32c8..f8eef3f54a13410620fe5d504c65a1ac85692c94 100644 (file)
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1530,8 +1530,31 @@ plus_option(char *option, bool is_batchfile, bool *need_clone,
                }
                break;
        case 'f': /* fail */
-               FULLCHECK("fail");
-               lookup->servfail_stops = state;
+               switch (cmd[1]) {
+               case 'a':
+                       FULLCHECK("fail");
+                       lookup->servfail_stops = state;
+                       break;
+               case 'u':
+                       FULLCHECK("fuzztime");
+                       lookup->fuzzing = state;
+                       if (lookup->fuzzing) {
+                               if (value == NULL) {
+                                       lookup->fuzztime = 0x622acce1;
+                                       break;
+                               }
+                               result = parse_uint(&num, value, 0xffffffff,
+                                                   "fuzztime");
+                               if (result != ISC_R_SUCCESS) {
+                                       warn("Couldn't parse fuzztime");
+                                       goto exit_or_usage;
+                               }
+                               lookup->fuzztime = num;
+                       }
+                       break;
+               default:
+                       goto invalid_option;
+               }
                break;
        case 'h':
                switch (cmd[1]) {

diff --git a/bin/dig/dig.rst b/bin/dig/dig.rst
index 798931bebc52afae0009cb1722ada7ce52a35abc..42d2752f31f4c980298e9daa25679913115e6e32 100644 (file)
--- a/bin/dig/dig.rst
+++ b/bin/dig/dig.rst
@@ -388,6 +388,14 @@ abbreviation is unambiguous; for example, :option:`+cd` is equivalent to
    to not try the next server, which is the reverse of normal stub
    resolver behavior.
 
+.. option:: +fuzztime[=value], +nofuzztime
+
+   This option allows the signing time to be specified when generating
+   signed messages.  If a value is specified it is the seconds since
+   00:00:00 January 1, 1970 UTC ignoring leap seconds.  If no value
+   is specified 1646972129 (Fri 11 Mar 2022 04:15:29 UTC) is used.
+   The default is ``+nofuzztime`` and the current time is used.
+
 .. option:: +header-only, +noheader-only
 
    This option sends a query with a DNS header without a question section. The

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 99bda7215a8e525575ae7b6cdfeb53830f8b8ef8..f7bb1c90ce856f123df294b924608af35399cb27 100644 (file)
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -812,6 +812,8 @@ clone_lookup(dig_lookup_t *lookold, bool servers) {
        looknew->done_as_is = lookold->done_as_is;
        looknew->dscp = lookold->dscp;
        looknew->rrcomments = lookold->rrcomments;
+       looknew->fuzzing = lookold->fuzzing;
+       looknew->fuzztime = lookold->fuzztime;
 
        if (lookold->ecs_addr != NULL) {
                size_t len = sizeof(isc_sockaddr_t);
@@ -2466,6 +2468,11 @@ setup_lookup(dig_lookup_t *lookup) {
                check_result(result, "dns_message_setsig0key");
        }
 
+       if (lookup->fuzzing) {
+               lookup->sendmsg->fuzzing = true;
+               lookup->sendmsg->fuzztime = lookup->fuzztime;
+       }
+
        lookup->sendspace = isc_mem_get(mctx, COMMSIZE);
 
        result = dns_compress_init(&cctx, -1, mctx);

diff --git a/bin/dig/dighost.h b/bin/dig/dighost.h
index 00158ac6f94121bb9445500e963bfccb831a3082..a09485328d15b3074fc4771b6852473a1a2cfd59 100644 (file)
--- a/bin/dig/dighost.h
+++ b/bin/dig/dighost.h
@@ -107,10 +107,11 @@ struct dig_lookup {
        isc_refcount_t references;
        bool aaonly, adflag, badcookie, besteffort, cdflag, cleared, comments,
                dns64prefix, dnssec, doing_xfr, done_as_is, ednsneg, expandaaaa,
-               expire, header_only, identify, /*%< Append an "on server <foo>"
-                                                 message */
-               identify_previous_line,        /*% Prepend a "Nameserver <foo>:"
-                                                 message, with newline and tab */
+               expire, fuzzing, header_only, identify, /*%< Append an "on
+                                                          server <foo>" message
+                                                        */
+               identify_previous_line, /*% Prepend a "Nameserver <foo>:"
+                                          message, with newline and tab */
                idnin, idnout, ignore, multiline, need_search, new_search,
                noclass, nocrypto, nottl, ns_search_only, /*%< dig +nssearch,
                                                             host -C */
@@ -187,6 +188,7 @@ struct dig_lookup {
                char *tls_key_file;
                isc_tlsctx_cache_t *tls_ctx_cache;
        };
+       isc_stdtime_t fuzztime;
 };
 
 /*% The dig_query structure */

diff --git a/doc/man/dig.1in b/doc/man/dig.1in
index 42a8dc7124eacb833e167979a4962b44ee6277a9..2b5ae70a59c5008407f15f4b018125526ca8525c 100644 (file)
--- a/doc/man/dig.1in
+++ b/doc/man/dig.1in
@@ -450,6 +450,15 @@ resolver behavior.
 .UNINDENT
 .INDENT 0.0
 .TP
+.B +fuzztime[=value], +nofuzztime
+This option allows the signing time to be specified when generating
+signed messages.  If a value is specified it is the seconds since
+00:00:00 January 1, 1970 UTC ignoring leap seconds.  If no value
+is specified 1646972129 (Fri 11 Mar 2022 04:15:29 UTC) is used.
+The default is \fB+nofuzztime\fP and the current time is used.
+.UNINDENT
+.INDENT 0.0
+.TP
 .B +header\-only, +noheader\-only
 This option sends a query with a DNS header without a question section. The
 default is to add a question section. The query type and query name