rpms/ldns
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'master' of ssh://pkgs.fedoraproject.org/ldns

Browse Source 
Conflicts:
	ldns.spec
This commit is contained in:
Paul Wouters 2014-01-10 20:05:28 -05:00
commit 196614eeb8
11 changed files with 561 additions and 1254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
ldns-1.6.13-readzone.patch
View File

@ -1,156 +0,0 @@
diff --git a/examples/ldns-read-zone.1 b/examples/ldns-read-zone.1
index 81f238d..7d4fd7d 100644
--- a/examples/ldns-read-zone.1
+++ b/examples/ldns-read-zone.1
@@ -22,6 +22,12 @@ that is not of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are not
printed.
.TP
+\fB-0\fR
+Print a 0 for the RRSIG inception, expiry and key data. This option
+can be used when comparing different signing systems that use the same
+DNSKEYs for signing but would have a slightly different timings/jitter.
+
+.TP
\fB-h\fR
Show usage and exit
@@ -30,6 +36,11 @@ Show usage and exit
Do not print the SOA record
.TP
+\fB-p\fR
+Pad the SOA serial number with spaces so the number and the spaces together
+take ten characters. This is useful for in file serial number increments
+ that want to use mmap()
+.TP
\fB-s\fR
Strip DNSSEC data from the zone. This option skips every record
that is of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are still
diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c
index ac32bac..df2b2c2 100644
--- a/examples/ldns-read-zone.c
+++ b/examples/ldns-read-zone.c
@@ -33,14 +33,23 @@ main(int argc, char **argv)
ldns_rr_list *stripped_list;
ldns_rr *cur_rr;
ldns_rr_type cur_rr_type;
- const ldns_output_format *fmt = NULL;
+ ldns_output_format fmt = {
+ ldns_output_format_default->flags,
+ ldns_output_format_default->data
+ };
ldns_soa_serial_increment_func_t soa_serial_increment_func = NULL;
int soa_serial_increment_func_data = 0;
- while ((c = getopt(argc, argv, "bcdhnsvzS:")) != -1) {
+ while ((c = getopt(argc, argv, "0bcdhnpsvzS:")) != -1) {
switch(c) {
case 'b':
- fmt = ldns_output_format_bubblebabble;
+ fmt.flags |=
+ ( LDNS_COMMENT_BUBBLEBABBLE |
+ LDNS_COMMENT_FLAGS );
+ break;
+ case '0':
+ fmt.flags |= LDNS_FMT_ZEROIZE_RRSIGS;
+ break;
case 'c':
canonicalize = true;
break;
@@ -55,10 +64,13 @@ main(int argc, char **argv)
printf("\tReads the zonefile and prints it.\n");
printf("\tThe RR count of the zone is printed to stderr.\n");
printf("\t-b include bubblebabble of DS's.\n");
+ printf("\t-0 zeroize timestamps and signature in RRSIG records.\n");
printf("\t-c canonicalize all rrs in the zone.\n");
printf("\t-d only show DNSSEC data from the zone\n");
printf("\t-h show this text\n");
printf("\t-n do not print the SOA record\n");
+ printf("\t-p prepend SOA serial with spaces so"
+ " it takes exactly ten characters.\n");
printf("\t-s strip DNSSEC data from the zone\n");
printf("\t-S [[+|-]<number> | YYYYMMDDxx | "
" unixtime ]\n"
@@ -80,6 +92,9 @@ main(int argc, char **argv)
case 'n':
print_soa = false;
break;
+ case 'p':
+ fmt.flags |= LDNS_FMT_PAD_SOA_SERIAL;
+ break;
case 's':
strip = true;
if (only_dnssec) {
@@ -195,9 +210,9 @@ main(int argc, char **argv)
, soa_serial_increment_func_data
);
}
- ldns_rr_print_fmt(stdout, fmt, ldns_zone_soa(z));
+ ldns_rr_print_fmt(stdout, &fmt, ldns_zone_soa(z));
}
- ldns_rr_list_print_fmt(stdout, fmt, ldns_zone_rrs(z));
+ ldns_rr_list_print_fmt(stdout, &fmt, ldns_zone_rrs(z));
ldns_zone_deep_free(z);
} else {
diff --git a/host2str.c b/host2str.c
index 636d80d..2ec8ae1 100644
--- a/host2str.c
+++ b/host2str.c
@@ -123,6 +123,7 @@ const ldns_output_format *ldns_output_format_onlykeyids
= &ldns_output_format_onlykeyids_record;
const ldns_output_format *ldns_output_format_default
= &ldns_output_format_onlykeyids_record;
+
const ldns_output_format ldns_output_format_bubblebabble_record = {
LDNS_COMMENT_KEY | LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS, NULL
};
@@ -1231,7 +1232,33 @@ ldns_rr2buffer_str_fmt(ldns_buffer *output,
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
/* ldns_rdf2buffer_str handles NULL input fine! */
- status = ldns_rdf2buffer_str(output, ldns_rr_rdf(rr, i));
+ if ((fmt->flags & LDNS_FMT_ZEROIZE_RRSIGS) &&
+ (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) &&
+ ((/* inception */ i == 4 &&
+ ldns_rdf_get_type(ldns_rr_rdf(rr, 4)) ==
+ LDNS_RDF_TYPE_TIME) ||
+ (/* expiration */ i == 5 &&
+ ldns_rdf_get_type(ldns_rr_rdf(rr, 5)) ==
+ LDNS_RDF_TYPE_TIME) ||
+ (/* signature */ i == 8 &&
+ ldns_rdf_get_type(ldns_rr_rdf(rr, 8)) ==
+ LDNS_RDF_TYPE_B64))) {
+
+ ldns_buffer_printf(output, "0");
+ status = ldns_buffer_status(output);
+ } else if ((fmt->flags & LDNS_FMT_PAD_SOA_SERIAL) &&
+ (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) &&
+ /* serial */ i == 2 &&
+ ldns_rdf_get_type(ldns_rr_rdf(rr, 2)) ==
+ LDNS_RDF_TYPE_INT32) {
+ ldns_buffer_printf(output, "%10lu",
+ (unsigned long) ldns_read_uint32(
+ ldns_rdf_data(ldns_rr_rdf(rr, 2))));
+ status = ldns_buffer_status(output);
+ } else {
+ status = ldns_rdf2buffer_str(output,
+ ldns_rr_rdf(rr, i));
+ }
if(status != LDNS_STATUS_OK)
return status;
if (i < ldns_rr_rd_count(rr) - 1) {
diff --git a/ldns/host2str.h b/ldns/host2str.h
index f0a14a4..32cdd60 100644
--- a/ldns/host2str.h
+++ b/ldns/host2str.h
@@ -64,6 +64,8 @@ extern "C" {
#define LDNS_COMMENT_LAYOUT 0x0080
/** Also comment KEY_ID with RRSIGS **/
#define LDNS_COMMENT_RRSIGS 0x0100
+#define LDNS_FMT_ZEROIZE_RRSIGS 0x0200
+#define LDNS_FMT_PAD_SOA_SERIAL 0x0400
/**
* Output format specifier

269
ldns-1.6.16-manpage-fixes-bundle.patch Normal file
View File

@ -0,0 +1,269 @@
From 8481a8f65fec3b6b9bc0984f6ba36fbc82cc78ff Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 18 Jul 2013 14:52:28 +0200
Subject: [PATCH 1/8] ldns-compare: add missing options into usage
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
examples/ldns-compare-zones.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/examples/ldns-compare-zones.c b/examples/ldns-compare-zones.c
index 663b744..084b801 100644
--- a/examples/ldns-compare-zones.c
+++ b/examples/ldns-compare-zones.c
@@ -33,6 +33,8 @@ usage(char *prog)
printf(" -a - print all differences (-i -d -c)\n");
printf(" -s - do not exclude SOA record from comparison\n");
printf(" -z - do not sort zones\n");
+ printf(" -h - show usage and exit\n");
+ printf(" -v - show the version and exit\n");
}
int
--
1.8.3.1
From 911a2bdcb03cbf36ac4591e1eea3c142b236350f Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 18 Jul 2013 15:01:39 +0200
Subject: [PATCH 2/8] ldns-key2ds: Add -f option into man page
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
examples/ldns-key2ds.1 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/examples/ldns-key2ds.1 b/examples/ldns-key2ds.1
index 6fdbee5..a20ab96 100644
--- a/examples/ldns-key2ds.1
+++ b/examples/ldns-key2ds.1
@@ -17,6 +17,10 @@ SHA1 for RSASHA1, and so on.
.SH OPTIONS
.TP
+\fB-f\fR
+Ignore SEP flag (i.e. make DS records for any key)
+
+.TP
\fB-n\fR
Write the result DS Resource Record to stdout instead of a file
--
1.8.3.1
From 4d9ea09fac2965316381336e83e78a30cd9b0573 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 18 Jul 2013 15:07:51 +0200
Subject: [PATCH 3/8] ldns-keygen: remove unused options
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
examples/ldns-keygen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
index 5765417..38ecfc1 100644
--- a/examples/ldns-keygen.c
+++ b/examples/ldns-keygen.c
@@ -71,7 +71,7 @@ main(int argc, char *argv[])
random = NULL;
ksk = false; /* don't create a ksk per default */
- while ((c = getopt(argc, argv, "a:kb:r:v25")) != -1) {
+ while ((c = getopt(argc, argv, "a:kb:r:v")) != -1) {
switch (c) {
case 'a':
if (algorithm != 0) {
--
1.8.3.1
From 8726559f93ed85ae85b3667e4d8018c80714f3af Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 18 Jul 2013 15:17:58 +0200
Subject: [PATCH 4/8] ldns-read-zone: document -b option in man page
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
examples/ldns-read-zone.1 | 4 ++++
examples/ldns-read-zone.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/examples/ldns-read-zone.1 b/examples/ldns-read-zone.1
index 7d4fd7d..e166658 100644
--- a/examples/ldns-read-zone.1
+++ b/examples/ldns-read-zone.1
@@ -22,6 +22,10 @@ that is not of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are not
printed.
.TP
+\fB-b\fR
+Include Bubble Babble encoding of DS's.
+
+.TP
\fB-0\fR
Print a (null) for the RRSIG inception, expiry and key data. This option
can be used when comparing different signing systems that use the same
diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c
index efe187e..b0f5c3c 100644
--- a/examples/ldns-read-zone.c
+++ b/examples/ldns-read-zone.c
@@ -63,7 +63,7 @@ main(int argc, char **argv)
printf("Usage: %s [OPTIONS] <zonefile>\n", argv[0]);
printf("\tReads the zonefile and prints it.\n");
printf("\tThe RR count of the zone is printed to stderr.\n");
- printf("\t-b include bubblebabble of DS's.\n");
+ printf("\t-b include Bubble Babble encoding of DS's.\n");
printf("\t-0 zeroize timestamps and signature in RRSIG records.\n");
printf("\t-c canonicalize all rrs in the zone.\n");
printf("\t-d only show DNSSEC data from the zone\n");
--
1.8.3.1
From 9292d3ffc9e929b50e23d6ccc71fe2201af11e25 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 18 Jul 2013 15:22:47 +0200
Subject: [PATCH 5/8] ldns-sigzone: remove unused -l option
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
examples/ldns-signzone.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ldns-signzone.c b/examples/ldns-signzone.c
index 25ece3a..be505f4 100644
--- a/examples/ldns-signzone.c
+++ b/examples/ldns-signzone.c
@@ -379,7 +379,7 @@ main(int argc, char *argv[])
OPENSSL_config(NULL);
- while ((c = getopt(argc, argv, "a:bde:f:i:k:lno:ps:t:vAE:K:")) != -1) {
+ while ((c = getopt(argc, argv, "a:bde:f:i:k:no:ps:t:vAE:K:")) != -1) {
switch (c) {
case 'a':
nsec3_algorithm = (uint8_t) atoi(optarg);
--
1.8.3.1
From 76a188d66f919b25d553c94e41781d6bf14704f1 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 18 Jul 2013 15:28:21 +0200
Subject: [PATCH 6/8] ldns-walk: add missing options into man page
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
examples/ldns-walk.1 | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/examples/ldns-walk.1 b/examples/ldns-walk.1
index c8ace40..d4d1b6e 100644
--- a/examples/ldns-walk.1
+++ b/examples/ldns-walk.1
@@ -22,6 +22,14 @@ Of course the nameserver that is used must be DNSSEC-aware.
.SH OPTIONS
.TP
+\fB-4\fR
+Use only IPv4.
+
+.TP
+\fB-6\fR
+Use only IPv6.
+
+.TP
\fB-f\fR
Do a 'full' zone walk; by default, ldns-walk will only show the names, and types present at those names. If this option is given, all resource records will be printed.
@@ -31,6 +39,10 @@ Start the walk with this owner name. Useful when continuing the walk for a
large zone.
.TP
+\fB-v\fR \fIverbosity\fR
+Verbosity level [1-5].
+
+.TP
\fB@\fR \fInameserver\fR
Send the queries to this nameserver.
--
1.8.3.1
From 4317011bef2f58c045300ff7e479635d2e680809 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 18 Jul 2013 15:35:35 +0200
Subject: [PATCH 7/8] ldns-zcat: remove unused option -n and document option -v
in man page
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
examples/ldns-zcat.1 | 4 ++++
examples/ldns-zcat.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/examples/ldns-zcat.1 b/examples/ldns-zcat.1
index 9c4054d..4fd7ba6 100644
--- a/examples/ldns-zcat.1
+++ b/examples/ldns-zcat.1
@@ -18,6 +18,10 @@ The resulted zone file is printed to standard output.
.B -o ORIGIN
use ORIGIN when reading in the zone
+.TP
+.B -v
+show the version number and exit
+
.SH AUTHOR
Written by the ldns team as an example for ldns usage.
diff --git a/examples/ldns-zcat.c b/examples/ldns-zcat.c
index df4ecba..eea6ea7 100644
--- a/examples/ldns-zcat.c
+++ b/examples/ldns-zcat.c
@@ -54,7 +54,7 @@ main(int argc, char **argv)
progname = strdup(argv[0]);
origin = NULL;
- while ((c = getopt(argc, argv, "n:o:v")) != -1) {
+ while ((c = getopt(argc, argv, "o:v")) != -1) {
switch(c) {
case 'o':
origin = ldns_dname_new_frm_str(strdup(optarg));
--
1.8.3.1
From 147b12971f4308f6ebf1085fde5e61327c192ed5 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 18 Jul 2013 15:39:03 +0200
Subject: [PATCH 8/8] ldns-zsplit: document -v option in man page
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
examples/ldns-zsplit.1 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/examples/ldns-zsplit.1 b/examples/ldns-zsplit.1
index 8e64668..02dce40 100644
--- a/examples/ldns-zsplit.1
+++ b/examples/ldns-zsplit.1
@@ -27,6 +27,10 @@ use ORIGIN as origin when reading the zonefile.
.B -z
Sort the zone before splitting.
+.TP
+.B -v
+Show version number and exit.
+
.SH AUTHOR
Written by the ldns team as an example for ldns usage.
--
1.8.3.1

106
ldns-1.6.16-multilib.patch Normal file
View File

@ -0,0 +1,106 @@
From 3a006cd795855bf2cad86e0e86cd485d27548f36 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 19 Jul 2013 12:11:44 +0200
Subject: [PATCH] Make ldns-config multilib clean
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
configure | 3 +++
packaging/ldns-config.1 | 4 ++++
packaging/ldns-config.in | 26 +++++++++++++++++++++-----
3 files changed, 28 insertions(+), 5 deletions(-)
diff --git a/configure b/configure
index be312d1..ec8d551 100755
--- a/configure
+++ b/configure
@@ -674,6 +674,7 @@ PYTHON_SITE_PKG
PYTHON_LDFLAGS
PYTHON_CPPFLAGS
PYTHON
+PYTHON_LIB
PYTHON_VERSION
UNINSTALL_CONFIG_MANPAGE
UNINSTALL_CONFIG
@@ -6356,6 +6357,7 @@ EOD
# use the official shared library
ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"`
PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library"
+ PYTHON_LIB="$ac_python_library"
else
# old way: use libpython from python_configdir
ac_python_libdir=`$PYTHON -c \
@@ -6363,6 +6365,7 @@ EOD
import os; \
print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
+ PYTHON_LIB="python$ac_python_version"
fi
if test -z "PYTHON_LDFLAGS"; then
diff --git a/packaging/ldns-config.1 b/packaging/ldns-config.1
index c5a00a1..1e4ff93 100644
--- a/packaging/ldns-config.1
+++ b/packaging/ldns-config.1
@@ -23,6 +23,10 @@ Show the C compiler flags needed to compile with ldns
Show the flags to be used to link with ldns
.TP
+\fB--libs_sec\fR
+Show the flags to be used to link with ldns compiled for secondary architecture.
+
+.TP
\fB--version\fR
Shows the version of the installed ldns library
diff --git a/packaging/ldns-config.in b/packaging/ldns-config.in
index b728ba5..e34051f 100755
--- a/packaging/ldns-config.in
+++ b/packaging/ldns-config.in
@@ -3,12 +3,24 @@
prefix="@prefix@"
exec_prefix="@exec_prefix@"
VERSION="@PACKAGE_VERSION@"
-CFLAGS="@CFLAGS@"
-CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@ @PYTHON_CPPFLAGS@"
-LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@"
LIBS="@LIBS@ @LIBSSL_LIBS@"
-LIBDIR="@libdir@"
INCLUDEDIR="@includedir@"
+ARCH="`uname -m`"
+
+case $ARCH in
+ x86_64 | amd64 | sparc64 | s390x | ppc64)
+
+ LIBDIR="/usr/lib64"
+ LIBDIR_SEC="/usr/lib"
+ ;;
+ * )
+ LIBDIR="/usr/lib"
+ LIBDIR_SEC="usr/lib64"
+ ;;
+esac
+
+LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR -l@PYTHON_LIB@"
+LDFLAGS_SEC="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR_SEC -l@PYTHON_LIB@"
for arg in $@
do
@@ -20,9 +32,13 @@ do
then
echo "${LDFLAGS} -L${LIBDIR} ${LIBS} -lldns"
fi
+ if [ $arg = "--libs_sec" ]
+ then
+ echo "${LDFLAGS_SEC} -L${LIBDIR_SEC} ${LIBS} -lldns"
+ fi
if [ $arg = "-h" ] || [ $arg = "--help" ]
then
- echo "Usage: $0 [--cflags] [--libs] [--version]"
+ echo "Usage: $0 [--cflags] [--libs] [--libs_sec] [--version]"
fi
if [ $arg = "--version" ]
then
--
1.8.3.1

147
ldns-1.6.16-uninitialized-value-compiler-warnings.patch Normal file
View File

@ -0,0 +1,147 @@
From ab321a4f77eba0048c4cfb1081ae2c8e3496f3fd Mon Sep 17 00:00:00 2001
From: willem <willem@af62348d-a3ea-0310-b058-bb613a78d823>
Date: Tue, 12 Mar 2013 13:34:18 +0000
Subject: [PATCH] - Uninitialized variable in securetrace.c - New install-sh
(apperantly :) - Get rid of "dereferencing type-punned pointer will break
strict-aliasing rules" warnings in sha2.c with gcc >= 4.7
git-svn-id: http://www.nlnetlabs.nl/svn/ldns@3826 af62348d-a3ea-0310-b058-bb613a78d823
---
trunk/drill/securetrace.c | 2 +-
trunk/install-sh | 14 +++++++-------
trunk/sha2.c | 15 ++++++++++++---
3 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/trunk/drill/securetrace.c b/trunk/drill/securetrace.c
index c6e7e58..9d61ec0 100644
--- a/trunk/drill/securetrace.c
+++ b/trunk/drill/securetrace.c
@@ -138,7 +138,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
size_t j;
size_t k;
size_t l;
- uint8_t labels_count;
+ uint8_t labels_count = 0;
/* dnssec */
ldns_rr_list *key_list;
diff --git a/trunk/install-sh b/trunk/install-sh
index a9244eb..377bb86 100755
--- a/trunk/install-sh
+++ b/trunk/install-sh
@@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
-scriptversion=2011-01-19.21; # UTC
+scriptversion=2011-11-20.07; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@@ -35,7 +35,7 @@ scriptversion=2011-01-19.21; # UTC
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
+# 'make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
@@ -156,7 +156,7 @@ while test $# -ne 0; do
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
- # Protect names problematic for `test' and other utilities.
+ # Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
@@ -190,7 +190,7 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
fi
shift # arg
dst_arg=$arg
- # Protect names problematic for `test' and other utilities.
+ # Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
@@ -202,7 +202,7 @@ if test $# -eq 0; then
echo "$0: no input file specified." >&2
exit 1
fi
- # It's OK to call `install-sh -d' without argument.
+ # It's OK to call 'install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
@@ -240,7 +240,7 @@ fi
for src
do
- # Protect names problematic for `test' and other utilities.
+ # Protect names problematic for 'test' and other utilities.
case $src in
-* | [=\(\)!]) src=./$src;;
esac
@@ -354,7 +354,7 @@ do
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
- # other-writeable bit of parent directory when it shouldn't.
+ # other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
diff --git a/trunk/sha2.c b/trunk/sha2.c
index 6ba4ab5..9a27122 100644
--- a/trunk/sha2.c
+++ b/trunk/sha2.c
@@ -546,9 +546,15 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t
usedspace = freespace = 0;
}
+typedef union _ldns_sha2_buffer_union {
+ uint8_t* theChars;
+ uint64_t* theLongs;
+} ldns_sha2_buffer_union;
+
void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
sha2_word32 *d = (sha2_word32*)digest;
size_t usedspace;
+ ldns_sha2_buffer_union cast_var;
/* Sanity check: */
assert(context != (ldns_sha256_CTX*)0);
@@ -585,7 +591,8 @@ void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
*context->buffer = 0x80;
}
/* Set the bit count: */
- *(sha2_word64*)&context->buffer[ldns_sha256_SHORT_BLOCK_LENGTH] = context->bitcount;
+ cast_var.theChars = context->buffer;
+ cast_var.theLongs[ldns_sha256_SHORT_BLOCK_LENGTH / 8] = context->bitcount;
/* final transform: */
ldns_sha256_Transform(context, (sha2_word32*)context->buffer);
@@ -850,6 +857,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t
static void ldns_sha512_Last(ldns_sha512_CTX* context) {
size_t usedspace;
+ ldns_sha2_buffer_union cast_var;
usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH;
#if BYTE_ORDER == LITTLE_ENDIAN
@@ -882,8 +890,9 @@ static void ldns_sha512_Last(ldns_sha512_CTX* context) {
*context->buffer = 0x80;
}
/* Store the length of input data (in bits): */
- *(sha2_word64*)&context->buffer[ldns_sha512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
- *(sha2_word64*)&context->buffer[ldns_sha512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
+ cast_var.theChars = context->buffer;
+ cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8] = context->bitcount[1];
+ cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8 + 1] = context->bitcount[0];
/* final transform: */
ldns_sha512_Transform(context, (sha2_word64*)context->buffer);
--
1.8.3.1

70
ldns-fragmentdrop.patch
View File

@ -1,70 +0,0 @@
Index: resolver.c
===================================================================
--- resolver.c (revision 3550)
+++ resolver.c (revision 3551)
@@ -1031,12 +1031,41 @@
return pkt;
}
+static size_t *
+ldns_resolver_backup_rtt(ldns_resolver *r)
+{
+ size_t *new_rtt;
+ size_t *old_rtt = ldns_resolver_rtt(r);
+
+ if (old_rtt && ldns_resolver_nameserver_count(r)) {
+ new_rtt = LDNS_XMALLOC(size_t
+ , ldns_resolver_nameserver_count(r));
+ memcpy(new_rtt, old_rtt, sizeof(size_t)
+ * ldns_resolver_nameserver_count(r));
+ ldns_resolver_set_rtt(r, new_rtt);
+ return old_rtt;
+ }
+ return NULL;
+}
+
+static void
+ldns_resolver_restore_rtt(ldns_resolver *r, size_t *old_rtt)
+{
+ size_t *cur_rtt = ldns_resolver_rtt(r);
+
+ if (cur_rtt) {
+ LDNS_FREE(cur_rtt);
+ }
+ ldns_resolver_set_rtt(r, old_rtt);
+}
+
ldns_status
ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r,
ldns_pkt *query_pkt)
{
ldns_pkt *answer_pkt = NULL;
ldns_status stat = LDNS_STATUS_OK;
+ size_t *rtt;
stat = ldns_send(&answer_pkt, (ldns_resolver *)r, query_pkt);
if (stat != LDNS_STATUS_OK) {
@@ -1051,9 +1080,21 @@
if (ldns_pkt_tc(answer_pkt)) {
/* was EDNS0 set? */
if (ldns_pkt_edns_udp_size(query_pkt) == 0) {
- ldns_pkt_set_edns_udp_size(query_pkt, 4096);
+ ldns_pkt_set_edns_udp_size(query_pkt
+ , 4096);
ldns_pkt_free(answer_pkt);
- stat = ldns_send(&answer_pkt, r, query_pkt);
+ /* Nameservers should not become
+ * unreachable because fragments are
+ * dropped (network error). We might
+ * still have success with TCP.
+ * Therefore maintain reachability
+ * statuses of the nameservers by
+ * backup and restore the rtt list.
+ */
+ rtt = ldns_resolver_backup_rtt(r);
+ stat = ldns_send(&answer_pkt, r
+ , query_pkt);
+ ldns_resolver_restore_rtt(r, rtt);
}
/* either way, if it is still truncated, use TCP */
if (stat != LDNS_STATUS_OK ||

13
ldns-installfix-r3167.patch
View File

@ -1,13 +0,0 @@
--- Makefile.in.org 2010-01-22 11:09:15.671232722 -0500
+++ Makefile.in 2010-01-22 11:10:08.346392415 -0500
@@ -203,8 +203,8 @@
install-pyldns: @PYLDNS@
$(INSTALL) -m 755 -d $(DESTDIR)$(python_site)/ldns
- $(INSTALL) -c -m 644 $(pywrapdir)/ldns.py $(DESTDIR)$(python_site)/ldns/__init__.py
- $(INSTALL) -c -m 755 _ldns.* $(DESTDIR)$(python_site)/ldns/
+ $(INSTALL) -c -m 644 $(pywrapdir)/ldns.py $(DESTDIR)$(python_site)/ldns.py
+ $(LIBTOOL) --mode=install cp _ldns.la $(DESTDIR)$(python_site)
uninstall-pyldns:
rm -f $(DESTDIR)$(python_site)/ldns/*

13
ldns-keygen-hmac-memory.patch
View File

@ -1,13 +0,0 @@
Index: keys.c
===================================================================
--- keys.c (revision 2895)
+++ keys.c (revision 2897)
@@ -1050,7 +1050,7 @@
case LDNS_SIGN_HMACMD5:
case LDNS_SIGN_HMACSHA1:
case LDNS_SIGN_HMACSHA256:
- bin = LDNS_XMALLOC(unsigned char, size);
+ bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k));
if (!bin) {
return NULL;
}

23
ldns-rpathfix.patch
View File

@ -1,23 +0,0 @@
Index: configure.ac
===================================================================
--- configure.ac (revision 3167)
+++ configure.ac (working copy)
@@ -163,16 +163,8 @@
fi
AC_SUBST(INSTALL_LDNS_CONFIG)
-# add option to disable the evil rpath
-dnl Check whether to use rpath or not
-AC_ARG_ENABLE(rpath,
- [ --disable-rpath disable hardcoded rpath (default=enabled)],
- enable_rpath=$enableval, enable_rpath=yes)
+ACX_ARG_RPATH
-if test "x$enable_rpath" = xyes; then
- RPATH_VAL="-Wl,-rpath=\${libdir}"
-fi
-
#AC_TRY_RUN(
#[
#int main()

55
ldns-ssl.patch
View File

@ -1,55 +0,0 @@
diff -Naur ldns-1.6.0.org/examples/ldns-nsec3-hash.c ldns-1.6.0/examples/ldns-nsec3-hash.c
--- ldns-1.6.0.org/examples/ldns-nsec3-hash.c 2009-07-11 00:09:45.000000000 -0400
+++ ldns-1.6.0/examples/ldns-nsec3-hash.c 2009-07-11 00:10:13.000000000 -0400
@@ -16,8 +16,10 @@
#include <ldns/ldns.h>
#include <ldns/keys.h>
+#ifdef HAVE_SSL
#include <openssl/conf.h>
#include <openssl/engine.h>
+#endif
#define MAX_FILENAME_LEN 250
diff -Naur ldns-1.6.0.org/examples/ldns-revoke.c ldns-1.6.0/examples/ldns-revoke.c
--- ldns-1.6.0.org/examples/ldns-revoke.c 2009-07-11 00:10:07.000000000 -0400
+++ ldns-1.6.0/examples/ldns-revoke.c 2009-07-11 00:10:13.000000000 -0400
@@ -8,7 +8,9 @@
#include "config.h"
#include <ldns/ldns.h>
+#ifdef HAVE_SSL
#include <openssl/ssl.h>
+#endif
#include <errno.h>
diff -Naur ldns-1.6.0.org/higher.c ldns-1.6.0/higher.c
--- ldns-1.6.0.org/higher.c 2007-08-09 05:03:41.000000000 -0400
+++ ldns-1.6.0/higher.c 2009-07-11 00:11:55.000000000 -0400
@@ -15,8 +15,10 @@
#include <ldns/ldns.h>
+#ifdef HAVE_SSL
#include <openssl/ssl.h>
#include <openssl/sha.h>
+#endif
diff -Naur ldns-1.6.0.org/examples/ldns-signzone.c ldns-1.6.0/examples/ldns-signzone.c
--- ldns-1.6.0.org/examples/ldns-signzone.c 2009-07-09 04:35:25.000000000 -0400
+++ ldns-1.6.0/examples/ldns-signzone.c 2009-07-13 15:36:31.000000000 -0400
@@ -16,8 +16,10 @@
#include <ldns/ldns.h>
#include <ldns/keys.h>
+#ifdef HAVE_SSL
#include <openssl/conf.h>
#include <openssl/engine.h>
+#endif
#define MAX_FILENAME_LEN 250

40
ldns.spec
View File

@ -14,6 +14,9 @@ Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
Patch0: %{name}-1.6.16-uninitialized-value-compiler-warnings.patch
Patch1: %{name}-1.6.16-multilib.patch
Patch2: %{name}-1.6.16-manpage-fixes-bundle.patch
Group: System Environment/Libraries
BuildRequires: libpcap-devel, openssl-devel, gcc-c++, doxygen,
# for snapshots only
@ -61,8 +64,20 @@ Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Perl extensions for ldns
%endif
%package doc
Summary: Documentation for the ldns library
Group: Development/Libraries
Requires: %{name}-devel = %{version}-%{release}
BuildArch: noarch
%description doc
This package contains documentation for the ldns library
%prep
%setup -q
%patch0 -p2
%patch1 -p1
%patch2 -p1 -b .manpage
# To built svn snapshots
# rm config.guess config.sub ltmain.sh
# aclocal
@ -80,6 +95,7 @@ Perl extensions for ldns
%if %{with_python}
--with-pyldns \
%endif
--with-trust-anchor=%{_sharedstatedir}/unbound/root.key
(cd drill ; %configure --disable-rpath --disable-static \
--with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \
@ -119,6 +135,8 @@ rm -rf %{buildroot}
make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install
make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-doc
# don't package xml files
rm doc/*.xml
# don't package building script for install-doc in doc section
rm doc/doxyparse.pl
# remove double set of man pages
@ -151,7 +169,7 @@ rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{python_sitearch}/*.la
%{_bindir}/ldns-config
%dir %{_includedir}/ldns
%{_includedir}/ldns/*.h
%doc doc Changelog README
%doc Changelog README
%if %{with_python}
%files python
@ -164,6 +182,9 @@ rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{python_sitearch}/*.la
%exclude %dir %{perl_vendorarch}/auto/
%endif
%files doc
%doc doc
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
@ -174,6 +195,23 @@ rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{python_sitearch}/*.la
- Enable perl bindings via new ldns-perl sub-package
- Enable ECDSA/GOST which is now allowed in Fedora
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.16-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jul 23 2013 Tomas Hozza <thozza@redhat.com> - 1.6.16-5
- Fix compiler warnings and one uninitialized value
- make ldns-config multilib clean
- Fix man pages and usages errors
* Mon Jun 03 2013 Paul Wouters <pwouters@redhat.com> - 1.6.16-4
- Use /var/lib/unbound/root.key for --with-trust-anchor
* Fri Apr 19 2013 Adam Tkac <atkac redhat com> - 1.6.16-3
- make package multilib clean
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Oct 30 2012 Paul Wouters <pwouters@redhat.com> - 1.6.16-1
- Updated to 1.6.16
- Addresses bug in 1.6.14 and 1.6.15 that affects opendnssec

923
ldnsx.py
View File

@ -1,923 +0,0 @@
# (c) Christopher Olah <colah@xelerance.com>, 2011. Xelerance <http://www.xelerance.com/>.
# License: BSD
""" Easy DNS (including DNSSEC) via ldns.
ldns is a great library. It is a powerfull tool for
working with DNS. python-ldns it is a straight up clone of the C
interface, howver that is not a very good interface for python. Its
documentation is incomplete and some functions don't work as
described. And some objects don't have a full python API.
ldnsx aims to fix this. It wraps around the ldns python bindings,
working around its limitations and providing a well-documented, more
pythonistic interface.
**WARNING:**
**API subject to change.** No backwards compatibility guarantee. Write software using this version at your own risk!
Examples
--------
Query the default resolver for google.com's A records. Print the response
packet.
>>> import ldnsx
>>> resolver = ldnsx.resolver()
>>> print resolver.query("google.com","A")
Print the root NS records from f.root-servers.net; if we get a
response, else an error message.
>>> import ldnsx
>>> pkt = ldnsx.resolver("f.root-servers.net").query(".", "NS")
>>> if pkt:
>>> for rr in pkt.answer():
>>> print rr
>>> else:
>>> print "response not received"
"""
import time, sys, calendar, warnings
try:
import ipcalc
except ImportError:
print >> sys.stderr, "ldnsx requires the python-ipcalc"
print >> sys.stderr, "Fedora/CentOS: yum install python-ipcalc"
print >> sys.stderr, "Debian/Ubuntu: apt-get install python-ipcalc"
print >> sys.stderr, "openSUSE: zypper in python-ipcalc"
sys.exit(1)
try:
import ldns
except ImportError:
print >> sys.stderr, "ldnsx requires the ldns-python sub-package from http://www.nlnetlabs.nl/projects/ldns/"
print >> sys.stderr, "Fedora/CentOS: yum install ldns-python"
print >> sys.stderr, "Debian/Ubuntu: apt-get install python-ldns"
print >> sys.stderr, "openSUSE: zypper in python-ldns"
sys.exit(1)
__version__ = "0.1"
def isValidIP(ipaddr):
try:
bits_to_type = { 32 : 4, 128 : 6}
bits = len(ipcalc.IP(ipaddr).bin())
return bits_to_type[bits]
except:
return 0
def query(name, rr_type, rr_class="IN", flags=["RD"], tries = 3, res=None):
"""Convenience function. Creates a resolver and then queries it. Refer to resolver.query()
* name -- domain to query for
* rr_type -- rr_type to query for
* flags -- flags for query (list of strings)
* tries -- number of times to retry the query on failure
* res -- configurations for the resolver as a dict -- see resolver()
"""
if isinstance(res, list) or isinstance(res, tuple):
res = resolver(*res)
elif isinstance(res, dict):
res = resolver(**res)
else:
res = resolver(res)
return res.query(name, rr_type, rr_class, flags, tries)
def get_rrs(name, rr_type, rr_class="IN", tries = 3, strict = False, res=None, **kwds):
"""Convenience function. Gets RRs for name of type rr_type trying tries times.
If strict, it raises and exception on failure, otherwise it returns [].
* name -- domain to query for
* rr_type -- rr_type to query for
* flags -- flags for query (list of strings)
* tries -- number of times to retry the query on failure
* strict -- if the query fails, do we return [] or raise an exception?
* res -- configurations for the resolver as a dict -- see resolver()
* kwds -- query filters, refer to packet.answer()
"""
if isinstance(res, list) or isinstance(res, tuple):
res = resolver(*res)
elif isinstance(res, dict):
res = resolver(**res)
else:
res = resolver(res)
if "|" in rr_type:
pkt = res.query(name, "ANY", rr_class=rr_class, tries=tries)
else:
pkt = res.query(name, rr_type, rr_class=rr_class, tries=tries)
if pkt:
if rr_type in ["", "ANY", "*"]:
return pkt.answer( **kwds)
else:
return pkt.answer(rr_type=rr_type, **kwds)
else:
if strict:
raise Exception("LDNS couldn't complete query")
else:
return []
def secure_query(name, rr_type, rr_class="IN", flags=["RD"], tries = 1, flex=False, res=None):
"""Convenience function. Creates a resolver and then does a DNSSEC query. Refer to resolver.query()
* name -- domain to query for
* rr_type -- rr_type to query for
* flags -- flags for query (list of strings)
* tries -- number of times to retry the query on failure
* flex -- if we can't verify data, exception or warning?
* res -- configurations for the resolver as a dict -- see resolver()"""
if isinstance(res, list) or isinstance(res, tuple):
res = resolver(*res)
elif isinstance(res, dict):
res = resolver(**res)
else:
res = resolver(res)
pkt = res.query(name, rr_type, rr_class, flags, tries)
if pkt.rcode() == "SERVFAIL":
raise Exception("%s lookup failed (server error or dnssec validation failed)" % name)
if pkt.rcode() == "NXDOMAIN":
if "AD" in pkt.flags():
raise Exception("%s lookup failed (non-existence proven by DNSSEC)" % hostname )
else:
raise Exception("%s lookup failed" % hostname )
if pkt.rcode() == "NOERROR":
if "AD" not in pkt.flags():
if not flex:
raise Exception("DNS lookup was insecure")
else:
warnings.warn("DNS lookup was insecure")
return pkt
else:
raise Exception("unknown ldns error, %s" % pkt.rcode())
class resolver:
""" A wrapper around ldns.ldns_resolver.
**Examples**
Making resolvers is easy!
>>> from ldnsx import resolver
>>> resolver() # from /etc/resolv.conf
<resolver: 192.168.111.9>
>>> resolver("") # resolver with no nameservers
<resolver: >
>>> resolver("193.110.157.135") #resolver pointing to ip addr
<resolver: 193.110.157.135>
>>> resolver("f.root-servers.net") # resolver pointing ip address(es) resolved from name
<resolver: 2001:500:2f::f, 192.5.5.241>
>>> resolver("193.110.157.135, 193.110.157.136")
>>> # resolver pointing to multiple ip addr, first takes precedence.
<resolver: 193.110.157.136, 193.110.157.135>
So is playing around with their nameservers!
>>> import ldnsx
>>> res = ldnsx.resolver("192.168.1.1")
>>> res.add_nameserver("192.168.1.2")
>>> res.add_nameserver("192.168.1.3")
>>> res.nameservers_ip()
["192.168.1.1","192.168.1.2","192.168.1.3"]
And querying!
>>> from ldnsx import resolver
>>> res= resolver()
>>> res.query("cow.com","A")
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7663
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; cow.com. IN A
;; ANSWER SECTION:
cow.com. 300 IN A 208.87.34.18
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 313 msec
;; SERVER: 192.168.111.9
;; WHEN: Fri Jun 3 11:01:02 2011
;; MSG SIZE rcvd: 41
"""
def __init__(self, ns = None, dnssec = False, tcp = 'auto', port = 53):
"""resolver constructor
* ns -- the nameserver/comma delimited nameserver list
defaults to settings from /etc/resolv.conf
* dnssec -- should the resolver try and use dnssec or not?
* tcp -- should the resolve try to connect with TCP?
'auto' tries without tcp, and falls back to it
to work around both ldns choking on truncated packets
and nameservers that don't support tcp.
* port -- the port to use, must be the same for all nameservers
"""
# We construct based on a file and dump the nameservers rather than using
# ldns_resolver_new() to avoid environment/configuration/magic specific
# bugs.
self._ldns_resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf")
if ns != None:
self.drop_nameservers()
nm_list = ns.split(',')
nm_list = map(lambda s: s.strip(), nm_list)
nm_list = filter(lambda s: s != "", nm_list)
nm_list.reverse()
for nm in nm_list:
self.add_nameserver(nm)
# Configure DNSSEC, tcp and port
self.set_dnssec(dnssec)
if tcp == 'auto':
self.autotcp = True
self._ldns_resolver.set_usevc(False)
else:
self.autotcp = False
self._ldns_resolver.set_usevc(tcp)
self._ldns_resolver.set_port(port)
def query(self, name, rr_type, rr_class="IN", flags=["RD"], tries = 3):
"""Run a query on the resolver.
* name -- name to query for
* rr_type -- the record type to query for
* rr_class -- the class to query for, defaults to IN (Internet)
* flags -- the flags to send the query with
* tries -- the number of times to attempt to acheive query in case of packet loss, etc
**Examples**
Let's get some A records!
>>> google_a_records = resolver.query("google.com","A").answer()
Using DNSSEC is easy :)
>>> dnssec_pkt = ldnsx.resolver(dnssec=True).query("xelerance.com")
We let you use strings to make things easy, but if you prefer stay close to DNS...
>>> AAAA = 28
>>> resolver.query("ipv6.google.com", AAAA)
**More about rr_type**
rr_type must be a supported resource record type. There are a large number of RR types:
=========== =================================== ==================
TYPE Value and meaning Reference
=========== =================================== ==================
A 1 a host address [RFC1035]
NS 2 an authoritative name server [RFC1035]
...
AAAA 28 IP6 Address [RFC3596]
...
DS 43 Delegation Signer [RFC4034][RFC3658]
...
DNSKEY 48 DNSKEY [RFC4034][RFC3755]
...
Unassigned 32770-65279
Private use 65280-65534
Reserved 65535
=========== =================================== ==================
(From http://www.iana.org/assignments/dns-parameters)
RR types are given as a string (eg. "A"). In the case of Unassigned/Private use/Reserved ones,
they are given as "TYPEXXXXX" where XXXXX is the number. ie. RR type 65280 is "TYPE65280". You
may also pass the integer, but you always be given the string.
If the version of ldnsx you are using is old, it is possible that there could be new rr_types that
we don't recognise mnemonic for. You can still use the number XXX or the string "TYPEXXX". To
determine what rr_type menmonics we support, please refer to resolver.supported_rr_types()
"""
# Determine rr_type int
if rr_type in _rr_types.keys():
_rr_type = _rr_types[rr_type]
elif isinstance(rr_type,int):
_rr_type = rr_type
elif isinstance(rr_type,str) and rr_type[0:4] == "TYPE":
try:
_rr_type = int(rr_type[4:])
except:
raise Exception("%s is a bad RR type. TYPEXXXX: XXXX must be a number")
else:
raise Exception("ldnsx (version %s) does not support the RR type %s." % (__version__, str(rr_type)) )
# Determine rr_class int
if rr_class == "IN": _rr_class = ldns.LDNS_RR_CLASS_IN
elif rr_class == "CH": _rr_class = ldns.LDNS_RR_CLASS_CH
elif rr_class == "HS": _rr_class = ldns.LDNS_RR_CLASS_HS
else:
raise Exception("ldnsx (version %s) does not support the RR class %s." % (__version__, str(rr_class)) )
# Determine flags int
_flags = 0
if "QR" in flags: _flags |= ldns.LDNS_QR
if "AA" in flags: _flags |= ldns.LDNS_AA
if "TC" in flags: _flags |= ldns.LDNS_TC
if "RD" in flags: _flags |= ldns.LDNS_RD
if "CD" in flags: _flags |= ldns.LDNS_CD
if "RA" in flags: _flags |= ldns.LDNS_RA
if "AD" in flags: _flags |= ldns.LDNS_AD
# Query
if tries == 0: return None
try:
pkt = self._ldns_resolver.query(name, _rr_type, _rr_class, _flags)
except KeyboardInterrupt: #Since so much time is spent waiting on ldns, this is very common place for Ctr-C to fall
raise
except: #Since the ldns exceptiion is not very descriptive...
raise Exception("ldns backend ran into problems. Likely, the name you were querying for, %s, was invalid." % name)
#Deal with failed queries
if not pkt:
if tries <= 1:
return None
else:
# One of the major causes of none-packets is truncation of packets
# When autotcp is set, we are in a flexible enough position to try and use tcp
# to get around this.
# Either way, we want to replace the resolver, since resolvers will sometimes
# just freeze up.
if self.autotcp:
self = resolver( ",".join(self.nameservers_ip()),tcp=True)
self.autotcp = True
pkt = self.query(name, rr_type, rr_class=rr_class, flags=flags, tries = tries-1)
self._ldns_resolver.set_usevc(False)
return pkt
else:
self = resolver( ",".join(self.nameservers_ip()) )
time.sleep(1) # It could be that things are failing because of a brief outage
return self.query(name, rr_type, rr_class=rr_class, flags=flags, tries = tries-1)
elif self.autotcp:
pkt = packet(pkt)
if "TC" in pkt.flags():
self._ldns_resolver.set_usevc(True)
pkt2 = self.query(name, rr_type, rr_class=rr_class, flags=flags, tries = tries-1)
self._ldns_resolver.set_usevc(False)
if pkt2: return packet(pkt2)
return pkt
return packet(pkt)
#ret = []
#for rr in pkt.answer().rrs():
# ret.append([str(rr.owner()),rr.ttl(),rr.get_class_str(),rr.get_type_str()]+[str(rdf) for rdf in rr.rdfs()])
#return ret
def suported_rr_types(self):
""" Returns the supported DNS resource record types.
Refer to resolver.query() for thorough documentation of resource
record types or refer to:
http://www.iana.org/assignments/dns-parameters
"""
return _rr_types.keys()
def AXFR(self,name):
"""AXFR for name
* name -- name to AXFR for
This function is a generator. As it AXFRs it will yield you the records.
**Example**
Let's get a list of the tlds (gotta catch em all!):
>>> tlds = []
>>> for rr in resolver("f.root-servers.net").AXFR("."):
>>> if rr.rr_type() == "NS":
>>> tlds.append(rr.owner())
"""
#Dname seems to be unecessary on some computers, but it is on others. Avoid bugs.
if self._ldns_resolver.axfr_start(ldns.ldns_dname(name), ldns.LDNS_RR_CLASS_IN) != ldns.LDNS_STATUS_OK:
raise Exception("Starting AXFR failed. Error: %s" % ldns.ldns_get_errorstr_by_id(status))
pres = self._ldns_resolver.axfr_next()
while pres:
yield resource_record(pres)
pres = self._ldns_resolver.axfr_next()
def nameservers_ip(self):
""" returns a list of the resolvers nameservers (as IP addr)
"""
nm_stack2 =[]
nm_str_stack2=[]
nm = self._ldns_resolver.pop_nameserver()
while nm:
nm_stack2.append(nm)
nm_str_stack2.append(str(nm))
nm = self._ldns_resolver.pop_nameserver()
for nm in nm_stack2:
self._ldns_resolver.push_nameserver(nm)
nm_str_stack2.reverse()
return nm_str_stack2
def add_nameserver(self,ns):
""" Add a nameserver, IPv4/IPv6/name.
"""
if isValidIP(ns) == 4:
address = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A,ns)
self._ldns_resolver.push_nameserver(address)
elif isValidIP(ns) == 6:
address = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_AAAA,ns)
self._ldns_resolver.push_nameserver(address)
else:
resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf")
#address = resolver.get_addr_by_name(ns)
address = resolver.get_addr_by_name(ldns.ldns_dname(ns))
if not address:
address = resolver.get_addr_by_name(ldns.ldns_dname(ns))
if not address:
raise Exception("Failed to resolve address for %s" % ns)
for rr in address.rrs():
self._ldns_resolver.push_nameserver_rr(rr)
def drop_nameservers(self):
"""Drops all nameservers.
This function causes the resolver to forget all nameservers.
"""
while self._ldns_resolver.pop_nameserver():
pass
def set_nameservers(self, nm_list):
"""Takes a list of nameservers and sets the resolver to use them
"""
self.drop_nameservers()
for nm in nm_list:
self.add_nameserver(nm)
def __repr__(self):
return "<resolver: %s>" % ", ".join(self.nameservers_ip())
__str__ = __repr__
def set_dnssec(self,new_dnssec_status):
"""Set whether the resolver uses DNSSEC.
"""
self._ldns_resolver.set_dnssec(new_dnssec_status)
class packet:
def _construct_rr_filter(self, **kwds):
def match(pattern, target):
if pattern[0] in ["<",">","!"]:
rel = pattern[0]
pattern=pattern[1:]
elif pattern[0:2] in ["<=","=>"]:
rel = pattern[0:2]
pattern=pattern[2:]
else:
rel = "="
for val in pattern.split("|"):
if {"<" : target < val,
">" : target > val,
"!" : target != val,
"=" : target == val,
">=": target >= val,
"<=": target <= val}[rel]:
return True
return False
def f(rr):
for key in kwds.keys():
if ( ( isinstance(kwds[key], list) and str(rr[key]) not in map(str,kwds[key]) )
or ( not isinstance(kwds[key], list) and not match(str(kwds[key]), str(rr[key])))):
return False
return True
return f
def __init__(self, pkt):
self._ldns_pkt = pkt
def __repr__(self):
return str(self._ldns_pkt)
__str__ = __repr__
def rcode(self):
"""Returns the rcode.
Example returned value: "NOERROR"
possilbe rcodes (via ldns): "FORMERR", "MASK", "NOERROR",
"NOTAUTH", "NOTIMPL", "NOTZONE", "NXDOMAIN",
"NXRSET", "REFUSED", "SERVFAIL", "SHIFT",
"YXDOMAIN", "YXRRSET"
Refer to http://www.iana.org/assignments/dns-parameters
section: DNS RCODEs
"""
return self._ldns_pkt.rcode2str()
def opcode(self):
"""Returns the rcode.
Example returned value: "QUERY"
"""
return self._ldns_pkt.opcode2str()
def flags(self):
"""Return packet flags (as list of strings).
Example returned value: ['QR', 'RA', 'RD']
**What are the flags?**
======== ==== ===================== =========
Bit Flag Description Reference
======== ==== ===================== =========
bit 5 AA Authoritative Answer [RFC1035]
bit 6 TC Truncated Response [RFC1035]
bit 7 RD Recursion Desired [RFC1035]
bit 8 RA Recursion Allowed [RFC1035]
bit 9 Reserved
bit 10 AD Authentic Data [RFC4035]
bit 11 CD Checking Disabled [RFC4035]
======== ==== ===================== =========
(from http://www.iana.org/assignments/dns-parameters)
There is also QR. It is mentioned in other sources,
though not the above page. It being false means that
the packet is a query, it being true means that it is
a response.
"""
ret = []
if self._ldns_pkt.aa(): ret += ["AA"]
if self._ldns_pkt.ad(): ret += ["AD"]
if self._ldns_pkt.cd(): ret += ["CD"]
if self._ldns_pkt.qr(): ret += ["QR"]
if self._ldns_pkt.ra(): ret += ["RA"]
if self._ldns_pkt.rd(): ret += ["RD"]
if self._ldns_pkt.tc(): ret += ["TC"]
return ret
def answer(self, **filters):
"""Returns the answer section.
* filters -- a filtering mechanism
Since a very common desire is to filter the resource records in a packet
section, we provide a special tool for doing this: filters. They are a
lot like regular python filters, but more convenient. If you set a
field equal to some value, you will only receive resource records for which
it holds true.
**Examples**
>>> res = ldnsx.resolver()
>>> pkt = res.query("google.ca","A")
>>> pkt.answer()
[google.ca. 28 IN A 74.125.91.99
, google.ca. 28 IN A 74.125.91.105
, google.ca. 28 IN A 74.125.91.147
, google.ca. 28 IN A 74.125.91.103
, google.ca. 28 IN A 74.125.91.104
, google.ca. 28 IN A 74.125.91.106
]
To understand filters, consider the following:
>>> pkt = ldnsx.query("cow.com","ANY")
>>> pkt.answer()
[cow.com. 276 IN A 208.87.32.75
, cow.com. 3576 IN NS sell.internettraffic.com.
, cow.com. 3576 IN NS buy.internettraffic.com.
, cow.com. 3576 IN SOA buy.internettraffic.com. hostmaster.hostingnet.com. 1308785320 10800 3600 604800 3600
]
>>> pkt.answer(rr_type="A")
[cow.com. 276 IN A 208.87.32.75
]
>>> pkt.answer(rr_type="A|NS")
[cow.com. 276 IN A 208.87.32.75
, cow.com. 3576 IN NS sell.internettraffic.com.
, cow.com. 3576 IN NS buy.internettraffic.com.
]
>>> pkt.answer(rr_type="!NS")
[cow.com. 276 IN A 208.87.32.75
, cow.com. 3576 IN SOA buy.internettraffic.com. hostmaster.hostingnet.com. 1308785320 10800 3600 604800 3600
]
fields are the same as when indexing a resource record.
note: ordering is alphabetical.
"""
ret = [resource_record(rr) for rr in self._ldns_pkt.answer().rrs()]
return filter(self._construct_rr_filter(**filters), ret)
def authority(self, **filters):
"""Returns the authority section.
* filters -- a filtering mechanism
Since a very common desire is to filter the resource records in a packet
section, we provide a special tool for doing this: filters. They are a
lot like regular python filters, but more convenient. If you set a
field equal to some value, you will only receive resource records for which
it holds true. See answer() for details.
**Examples**
>>> res = ldnsx.resolver()
>>> pkt = res.query("google.ca","A")
>>> pkt.authority()
[google.ca. 251090 IN NS ns3.google.com.
, google.ca. 251090 IN NS ns1.google.com.
, google.ca. 251090 IN NS ns2.google.com.
, google.ca. 251090 IN NS ns4.google.com.
]
"""
ret = [resource_record(rr) for rr in self._ldns_pkt.authority().rrs()]
return filter(self._construct_rr_filter(**filters), ret)
def additional(self, **filters):
"""Returns the additional section.
* filters -- a filtering mechanism
Since a very common desire is to filter the resource records in a packet
section, we provide a special tool for doing this: filters. They are a
lot like regular python filters, but more convenient. If you set a
field equal to some value, you will only receive resource records for which
it holds true. See answer() for details.
**Examples**
>>> res = ldnsx.resolver()
>>> pkt = res.query("google.ca","A")
>>> pkt.additional()
[ns3.google.com. 268778 IN A 216.239.36.10
, ns1.google.com. 262925 IN A 216.239.32.10
, ns2.google.com. 255659 IN A 216.239.34.10
, ns4.google.com. 264489 IN A 216.239.38.10
]
"""
ret = [resource_record(rr) for rr in self._ldns_pkt.additional().rrs()]
return filter(self._construct_rr_filter(**filters), ret)
def question(self, **filters):
"""Returns the question section.
* filters -- a filtering mechanism
Since a very common desire is to filter the resource records in a packet
section, we provide a special tool for doing this: filters. They are a
lot like regular python filters, but more convenient. If you set a
field equal to some value, you will only receive resource records for which
it holds true. See answer() for details.
"""
ret = [resource_record(rr) for rr in self._ldns_pkt.question().rrs()]
return filter(self._construct_rr_filter(**filters), ret)
class resource_record:
_rdfs = None
_iter_pos = None
def __init__(self, rr):
self._ldns_rr = rr
self._rdfs = [str(rr.owner()),rr.ttl(),rr.get_class_str(),rr.get_type_str()]+[str(rdf) for rdf in rr.rdfs()]
def __repr__(self):
return str(self._ldns_rr)
__str__ = __repr__
def __iter__(self):
self._iter_pos = 0
return self
def next(self):
if self._iter_pos < len(self._rdfs):
self._iter_pos += 1
return self._rdfs[self._iter_pos-1]
else:
raise StopIteration
def __len__(self):
try:
return len(_rdfs)
except:
return 0
def __getitem__(self, n):
if isinstance(n, int):
return self._rdfs[n]
elif isinstance(n, str):
n = n.lower()
if n in ["owner"]:
return self.owner()
elif n in ["rr_type", "rr type", "type"]:
return self.rr_type()
elif n in ["rr_class", "rr class", "class"]:
return self.rr_class()
elif n in ["covered_type", "covered type", "type2"]:
return self.covered_type()
elif n in ["ttl"]:
return self.ttl()
elif n in ["ip"]:
return self.ip()
elif n in ["alg", "algorithm"]:
return self.alg()
elif n in ["protocol"]:
return self.protocol()
elif n in ["flags"]:
return self.flags()
else:
raise Exception("ldnsx (version %s) does not recognize the rr field %s" % (__version__,n) )
else:
raise TypeError("bad type %s for index resource record" % type(n) )
#def rdfs(self):
# return self._rdfs.clone()
def owner(self):
"""Get the RR's owner"""
return str(self._ldns_rr.owner())
def rr_type(self):
"""Get a RR's type """
return self._ldns_rr.get_type_str()
def covered_type(self):
"""Get an RRSIG RR's covered type"""
if self.rr_type() == "RRSIG":
return self[4]
else:
return ""
def rr_class(self):
"""Get the RR's collapse"""
return self._ldns_rr.get_class_str()
def ttl(self):
"""Get the RR's TTL"""
return self._ldns_rr.ttl()
def inception(self, out_format="UTC"):
"""returns the inception time in format out_format, defaulting to a UTC string.
options for out_format are:
UTC -- a UTC string eg. 20110712192610 (2011/07/12 19:26:10)
unix -- number of seconds since the epoch, Jan 1, 1970
struct_time -- the format used by python's time library
"""
# Something very strange is going on with inception/expiration dates in DNS.
# According to RFC 4034 section 3.1.5 (http://tools.ietf.org/html/rfc4034#page-9)
# the inception/expiration fields should be in seconds since Jan 1, 1970, the Unix
# epoch (as is standard in unix). Yet all the packets I've seen provide UTC encoded
# as a string instead, eg. "20110712192610" which is 2011/07/12 19:26:10.
#
# It turns out that this is a standard thing that ldns is doing before the data gets
# to us.
if self.rr_type() == "RRSIG":
if out_format.lower() in ["utc", "utc str", "utc_str"]:
return self[9]
elif out_format.lower() in ["unix", "posix", "ctime"]:
return calendar.timegm(time.strptime(self[9], "%Y%m%d%H%M%S"))
elif out_format.lower() in ["relative"]:
return calendar.timegm(time.strptime(self[9], "%Y%m%d%H%M%S")) - time.time()
elif out_format.lower() in ["struct_time", "time.struct_time"]:
return time.strptime(self[9], "%Y%m%d%H%M%S")
else:
raise Exception("unrecognized time format")
else:
return ""
def expiration(self, out_format="UTC"):
"""get expiration time. see inception() for more information"""
if self.rr_type() == "RRSIG":
if out_format.lower() in ["utc", "utc str", "utc_str"]:
return self[8]
elif out_format.lower() in ["unix", "posix", "ctime"]:
return calendar.timegm(time.strptime(self[8], "%Y%m%d%H%M%S"))
elif out_format.lower() in ["relative"]:
return calendar.timegm(time.strptime(self[8], "%Y%m%d%H%M%S")) - time.time()
elif out_format.lower() in ["struct_time", "time.struct_time"]:
return time.strptime(self[8], "%Y%m%d%H%M%S")
else:
raise Exception("unrecognized time format")
else:
return ""
def ip(self):
""" IP address form A/AAAA record"""
if self.rr_type() in ["A", "AAAA"]:
return self[4]
else:
raise Exception("ldnsx does not support ip for records other than A/AAAA")
def alg(self):
"""Returns algorithm of RRSIG/DNSKEY/DS"""
t = self.rr_type()
if t == "RRSIG":
return int(self[5])
elif t == "DNSKEY":
return int(self[6])
elif t == "DS":
return int(self[5])
else:
return -1
def protocol(self):
""" Returns proticol of the DNSKEY"""
t = self.rr_type()
if t == "DNSKEY":
return int(self[5])
else:
return -1
def flags(self):
"""Return RR flags for DNSKEY """
t = self.rr_type()
if t == "DNSKEY":
ret = []
n = int(self[4])
for m in range(1):
if 2**(15-m) & n:
if m == 7: ret.append("ZONE")
elif m == 8: ret.append("REVOKE")
elif m ==15: ret.append("SEP")
else: ret.append(m)
return ret
else:
return []
_rr_types={
"A" : ldns.LDNS_RR_TYPE_A,
"A6" : ldns.LDNS_RR_TYPE_A6,
"AAAA" : ldns.LDNS_RR_TYPE_AAAA,
"AFSDB": ldns.LDNS_RR_TYPE_AFSDB,
"ANY" : ldns.LDNS_RR_TYPE_ANY,
"APL" : ldns.LDNS_RR_TYPE_APL,
"ATMA" : ldns.LDNS_RR_TYPE_ATMA,
"AXFR" : ldns.LDNS_RR_TYPE_AXFR,
"CERT" : ldns.LDNS_RR_TYPE_CERT,
"CNAME": ldns.LDNS_RR_TYPE_CNAME,
"COUNT": ldns.LDNS_RR_TYPE_COUNT,
"DHCID": ldns.LDNS_RR_TYPE_DHCID,
"DLV" : ldns.LDNS_RR_TYPE_DLV,
"DNAME": ldns.LDNS_RR_TYPE_DNAME,
"DNSKEY": ldns.LDNS_RR_TYPE_DNSKEY,
"DS" : ldns.LDNS_RR_TYPE_DS,
"EID" : ldns.LDNS_RR_TYPE_EID,
"FIRST": ldns.LDNS_RR_TYPE_FIRST,
"GID" : ldns.LDNS_RR_TYPE_GID,
"GPOS" : ldns.LDNS_RR_TYPE_GPOS,
"HINFO": ldns.LDNS_RR_TYPE_HINFO,
"IPSECKEY": ldns.LDNS_RR_TYPE_IPSECKEY,
"ISDN" : ldns.LDNS_RR_TYPE_ISDN,
"IXFR" : ldns.LDNS_RR_TYPE_IXFR,
"KEY" : ldns.LDNS_RR_TYPE_KEY,
"KX" : ldns.LDNS_RR_TYPE_KX,
"LAST" : ldns.LDNS_RR_TYPE_LAST,
"LOC" : ldns.LDNS_RR_TYPE_LOC,
"MAILA": ldns.LDNS_RR_TYPE_MAILA,
"MAILB": ldns.LDNS_RR_TYPE_MAILB,
"MB" : ldns.LDNS_RR_TYPE_MB,
"MD" : ldns.LDNS_RR_TYPE_MD,
"MF" : ldns.LDNS_RR_TYPE_MF,
"MG" : ldns.LDNS_RR_TYPE_MG,
"MINFO": ldns.LDNS_RR_TYPE_MINFO,
"MR" : ldns.LDNS_RR_TYPE_MR,
"MX" : ldns.LDNS_RR_TYPE_MX,
"NAPTR": ldns.LDNS_RR_TYPE_NAPTR,
"NIMLOC": ldns.LDNS_RR_TYPE_NIMLOC,
"NS" : ldns.LDNS_RR_TYPE_NS,
"NSAP" : ldns.LDNS_RR_TYPE_NSAP,
"NSAP_PTR" : ldns.LDNS_RR_TYPE_NSAP_PTR,
"NSEC" : ldns.LDNS_RR_TYPE_NSEC,
"NSEC3": ldns.LDNS_RR_TYPE_NSEC3,
"NSEC3PARAMS" : ldns.LDNS_RR_TYPE_NSEC3PARAMS,
"NULL" : ldns.LDNS_RR_TYPE_NULL,
"NXT" : ldns.LDNS_RR_TYPE_NXT,
"OPT" : ldns.LDNS_RR_TYPE_OPT,
"PTR" : ldns.LDNS_RR_TYPE_PTR,
"PX" : ldns.LDNS_RR_TYPE_PX,
"RP" : ldns.LDNS_RR_TYPE_RP,
"RRSIG": ldns.LDNS_RR_TYPE_RRSIG,
"RT" : ldns.LDNS_RR_TYPE_RT,
"SIG" : ldns.LDNS_RR_TYPE_SIG,
"SINK" : ldns.LDNS_RR_TYPE_SINK,
"SOA" : ldns.LDNS_RR_TYPE_SOA,
"SRV" : ldns.LDNS_RR_TYPE_SRV,
"SSHFP": ldns.LDNS_RR_TYPE_SSHFP,
"TSIG" : ldns.LDNS_RR_TYPE_TSIG,
"TXT" : ldns.LDNS_RR_TYPE_TXT,
"UID" : ldns.LDNS_RR_TYPE_UID,
"UINFO": ldns.LDNS_RR_TYPE_UINFO,
"UNSPEC": ldns.LDNS_RR_TYPE_UNSPEC,
"WKS" : ldns.LDNS_RR_TYPE_WKS,
"X25" : ldns.LDNS_RR_TYPE_X25
}