dnsruby 1.26 → 1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (996) hide show
  1. data/DNSSEC +19 -0
  2. data/EVENTMACHINE +1 -64
  3. data/EXAMPLES +124 -0
  4. data/README +2 -6
  5. data/demo/axfr.rb +2 -2
  6. data/demo/check_soa.rb +1 -1
  7. data/demo/check_zone.rb +2 -2
  8. data/demo/digdlv.rb +65 -0
  9. data/demo/digitar.rb +62 -0
  10. data/demo/mresolv.rb +1 -1
  11. data/demo/mx.rb +1 -1
  12. data/demo/rubydig.rb +8 -1
  13. data/demo/trace_dns.rb +28 -14
  14. data/html/created.rid +1 -0
  15. data/{doc → html}/fr_class_index.html +118 -172
  16. data/{doc → html}/fr_file_index.html +81 -130
  17. data/html/fr_method_index.html +371 -0
  18. data/{doc → html}/index.html +23 -23
  19. data/lib/Dnsruby/Cache.rb +129 -22
  20. data/lib/Dnsruby/Config.rb +72 -11
  21. data/lib/Dnsruby/DNS.rb +3 -0
  22. data/lib/Dnsruby/PacketSender.rb +565 -0
  23. data/lib/Dnsruby/Recursor.rb +337 -156
  24. data/lib/Dnsruby/Resolver.rb +508 -447
  25. data/lib/Dnsruby/SingleResolver.rb +151 -629
  26. data/lib/Dnsruby/code_mapper.rb +4 -2
  27. data/lib/Dnsruby/dnssec.rb +212 -518
  28. data/lib/Dnsruby/event_machine_interface.rb +266 -265
  29. data/lib/Dnsruby/iana_ports.rb +5206 -5196
  30. data/lib/Dnsruby/key_cache.rb +85 -0
  31. data/lib/Dnsruby/message.rb +207 -72
  32. data/lib/Dnsruby/name.rb +42 -4
  33. data/lib/Dnsruby/resource/CERT.rb +1 -1
  34. data/lib/Dnsruby/resource/DNSKEY.rb +66 -25
  35. data/lib/Dnsruby/resource/DS.rb +7 -2
  36. data/lib/Dnsruby/resource/NAPTR.rb +2 -2
  37. data/lib/Dnsruby/resource/NSEC.rb +31 -2
  38. data/lib/Dnsruby/resource/NSEC3.rb +86 -8
  39. data/lib/Dnsruby/resource/OPT.rb +9 -6
  40. data/lib/Dnsruby/resource/PX.rb +1 -1
  41. data/lib/Dnsruby/resource/RT.rb +1 -1
  42. data/lib/Dnsruby/resource/SRV.rb +3 -3
  43. data/lib/Dnsruby/resource/resource.rb +30 -36
  44. data/lib/Dnsruby/select_thread.rb +160 -23
  45. data/lib/Dnsruby/single_verifier.rb +1289 -0
  46. data/lib/Dnsruby/validator_thread.rb +108 -0
  47. data/lib/Dnsruby/zone_transfer.rb +5 -2
  48. data/lib/dnsruby.rb +33 -18
  49. data/test/tc_cache.rb +88 -0
  50. data/test/tc_dlv.rb +55 -0
  51. data/test/tc_dns.rb +3 -1
  52. data/test/tc_dnskey.rb +21 -5
  53. data/test/tc_ds.rb +1 -7
  54. data/test/tc_itar.rb +76 -0
  55. data/test/tc_name.rb +21 -0
  56. data/test/tc_nsec.rb +169 -0
  57. data/test/tc_nsec3.rb +18 -1
  58. data/test/tc_packet.rb +97 -6
  59. data/test/tc_queue.rb +7 -5
  60. data/test/tc_recur.rb +6 -1
  61. data/test/tc_res_config.rb +1 -3
  62. data/test/tc_res_opt.rb +1 -5
  63. data/test/tc_resolver.rb +27 -8
  64. data/test/tc_rr-opt.rb +1 -0
  65. data/test/tc_rr.rb +6 -0
  66. data/test/tc_rrset.rb +60 -0
  67. data/test/tc_single_resolver.rb +55 -2
  68. data/test/tc_tsig.rb +29 -13
  69. data/test/tc_update.rb +6 -0
  70. data/test/tc_validator.rb +56 -0
  71. data/test/{tc_dnssec.rb → tc_verifier.rb} +106 -92
  72. data/test/ts_online.rb +19 -16
  73. metadata +27 -1053
  74. data/doc/classes/Cache.html +0 -179
  75. data/doc/classes/Cache.src/M000212.html +0 -19
  76. data/doc/classes/Cache.src/M000213.html +0 -18
  77. data/doc/classes/Cache.src/M000214.html +0 -23
  78. data/doc/classes/ConfigTable.html +0 -500
  79. data/doc/classes/ConfigTable.src/M000019.html +0 -25
  80. data/doc/classes/ConfigTable.src/M000020.html +0 -18
  81. data/doc/classes/ConfigTable.src/M000021.html +0 -18
  82. data/doc/classes/ConfigTable.src/M000022.html +0 -18
  83. data/doc/classes/ConfigTable.src/M000023.html +0 -18
  84. data/doc/classes/ConfigTable.src/M000024.html +0 -18
  85. data/doc/classes/ConfigTable.src/M000025.html +0 -18
  86. data/doc/classes/ConfigTable.src/M000026.html +0 -18
  87. data/doc/classes/ConfigTable.src/M000027.html +0 -18
  88. data/doc/classes/ConfigTable.src/M000028.html +0 -19
  89. data/doc/classes/ConfigTable.src/M000029.html +0 -21
  90. data/doc/classes/ConfigTable.src/M000030.html +0 -20
  91. data/doc/classes/ConfigTable.src/M000031.html +0 -18
  92. data/doc/classes/ConfigTable.src/M000032.html +0 -25
  93. data/doc/classes/ConfigTable.src/M000033.html +0 -23
  94. data/doc/classes/ConfigTable.src/M000034.html +0 -20
  95. data/doc/classes/ConfigTable.src/M000035.html +0 -20
  96. data/doc/classes/ConfigTable.src/M000036.html +0 -23
  97. data/doc/classes/ConfigTable.src/M000037.html +0 -19
  98. data/doc/classes/ConfigTable.src/M000038.html +0 -18
  99. data/doc/classes/ConfigTable.src/M000039.html +0 -18
  100. data/doc/classes/ConfigTable/BoolItem.html +0 -154
  101. data/doc/classes/ConfigTable/BoolItem.src/M000040.html +0 -18
  102. data/doc/classes/ConfigTable/BoolItem.src/M000041.html +0 -18
  103. data/doc/classes/ConfigTable/ExecItem.html +0 -201
  104. data/doc/classes/ConfigTable/ExecItem.src/M000059.html +0 -20
  105. data/doc/classes/ConfigTable/ExecItem.src/M000060.html +0 -18
  106. data/doc/classes/ConfigTable/ExecItem.src/M000061.html +0 -18
  107. data/doc/classes/ConfigTable/ExecItem.src/M000062.html +0 -18
  108. data/doc/classes/ConfigTable/ExecItem.src/M000063.html +0 -22
  109. data/doc/classes/ConfigTable/Item.html +0 -250
  110. data/doc/classes/ConfigTable/Item.src/M000066.html +0 -22
  111. data/doc/classes/ConfigTable/Item.src/M000067.html +0 -18
  112. data/doc/classes/ConfigTable/Item.src/M000068.html +0 -18
  113. data/doc/classes/ConfigTable/Item.src/M000069.html +0 -18
  114. data/doc/classes/ConfigTable/Item.src/M000070.html +0 -18
  115. data/doc/classes/ConfigTable/Item.src/M000071.html +0 -18
  116. data/doc/classes/ConfigTable/MetaConfigEnvironment.html +0 -325
  117. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000046.html +0 -19
  118. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000047.html +0 -18
  119. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000048.html +0 -18
  120. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000049.html +0 -18
  121. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000050.html +0 -18
  122. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000051.html +0 -18
  123. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000052.html +0 -18
  124. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000053.html +0 -18
  125. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000054.html +0 -18
  126. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000055.html +0 -18
  127. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000056.html +0 -18
  128. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000057.html +0 -19
  129. data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000058.html +0 -19
  130. data/doc/classes/ConfigTable/PackageSelectionItem.html +0 -169
  131. data/doc/classes/ConfigTable/PackageSelectionItem.src/M000044.html +0 -19
  132. data/doc/classes/ConfigTable/PackageSelectionItem.src/M000045.html +0 -18
  133. data/doc/classes/ConfigTable/PathItem.html +0 -139
  134. data/doc/classes/ConfigTable/PathItem.src/M000043.html +0 -18
  135. data/doc/classes/ConfigTable/ProgramItem.html +0 -139
  136. data/doc/classes/ConfigTable/ProgramItem.src/M000042.html +0 -18
  137. data/doc/classes/ConfigTable/SelectItem.html +0 -156
  138. data/doc/classes/ConfigTable/SelectItem.src/M000064.html +0 -19
  139. data/doc/classes/ConfigTable/SelectItem.src/M000065.html +0 -18
  140. data/doc/classes/DnskeyTest.html +0 -180
  141. data/doc/classes/DnskeyTest.src/M000016.html +0 -26
  142. data/doc/classes/DnskeyTest.src/M000017.html +0 -24
  143. data/doc/classes/DnskeyTest.src/M000018.html +0 -33
  144. data/doc/classes/Dnsruby.html +0 -504
  145. data/doc/classes/Dnsruby.src/M000351.html +0 -18
  146. data/doc/classes/Dnsruby/Algorithms.html +0 -173
  147. data/doc/classes/Dnsruby/Classes.html +0 -197
  148. data/doc/classes/Dnsruby/Classes.src/M000573.html +0 -23
  149. data/doc/classes/Dnsruby/Classes.src/M000574.html +0 -19
  150. data/doc/classes/Dnsruby/CodeMapper.html +0 -375
  151. data/doc/classes/Dnsruby/CodeMapper.src/M000550.html +0 -18
  152. data/doc/classes/Dnsruby/CodeMapper.src/M000551.html +0 -33
  153. data/doc/classes/Dnsruby/CodeMapper.src/M000552.html +0 -21
  154. data/doc/classes/Dnsruby/CodeMapper.src/M000553.html +0 -19
  155. data/doc/classes/Dnsruby/CodeMapper.src/M000554.html +0 -19
  156. data/doc/classes/Dnsruby/CodeMapper.src/M000555.html +0 -18
  157. data/doc/classes/Dnsruby/CodeMapper.src/M000556.html +0 -22
  158. data/doc/classes/Dnsruby/CodeMapper.src/M000557.html +0 -22
  159. data/doc/classes/Dnsruby/CodeMapper.src/M000558.html +0 -22
  160. data/doc/classes/Dnsruby/CodeMapper.src/M000559.html +0 -31
  161. data/doc/classes/Dnsruby/CodeMapper.src/M000560.html +0 -19
  162. data/doc/classes/Dnsruby/Config.html +0 -413
  163. data/doc/classes/Dnsruby/Config.src/M000505.html +0 -18
  164. data/doc/classes/Dnsruby/Config.src/M000506.html +0 -19
  165. data/doc/classes/Dnsruby/Config.src/M000507.html +0 -19
  166. data/doc/classes/Dnsruby/Config.src/M000508.html +0 -25
  167. data/doc/classes/Dnsruby/Config.src/M000509.html +0 -21
  168. data/doc/classes/Dnsruby/Config.src/M000510.html +0 -38
  169. data/doc/classes/Dnsruby/Config.src/M000511.html +0 -26
  170. data/doc/classes/Dnsruby/Config.src/M000512.html +0 -22
  171. data/doc/classes/Dnsruby/Config.src/M000513.html +0 -27
  172. data/doc/classes/Dnsruby/Config.src/M000514.html +0 -22
  173. data/doc/classes/Dnsruby/Config.src/M000515.html +0 -21
  174. data/doc/classes/Dnsruby/DNS.html +0 -571
  175. data/doc/classes/Dnsruby/DNS.src/M000645.html +0 -24
  176. data/doc/classes/Dnsruby/DNS.src/M000646.html +0 -18
  177. data/doc/classes/Dnsruby/DNS.src/M000647.html +0 -18
  178. data/doc/classes/Dnsruby/DNS.src/M000648.html +0 -20
  179. data/doc/classes/Dnsruby/DNS.src/M000649.html +0 -19
  180. data/doc/classes/Dnsruby/DNS.src/M000650.html +0 -20
  181. data/doc/classes/Dnsruby/DNS.src/M000651.html +0 -18
  182. data/doc/classes/Dnsruby/DNS.src/M000652.html +0 -19
  183. data/doc/classes/Dnsruby/DNS.src/M000653.html +0 -20
  184. data/doc/classes/Dnsruby/DNS.src/M000654.html +0 -30
  185. data/doc/classes/Dnsruby/DNS.src/M000655.html +0 -19
  186. data/doc/classes/Dnsruby/DNS.src/M000656.html +0 -20
  187. data/doc/classes/Dnsruby/DNS.src/M000657.html +0 -31
  188. data/doc/classes/Dnsruby/DecodeError.html +0 -120
  189. data/doc/classes/Dnsruby/Dnssec.html +0 -536
  190. data/doc/classes/Dnsruby/Dnssec.src/M000615.html +0 -21
  191. data/doc/classes/Dnsruby/Dnssec.src/M000616.html +0 -18
  192. data/doc/classes/Dnsruby/Dnssec.src/M000617.html +0 -18
  193. data/doc/classes/Dnsruby/Dnssec.src/M000618.html +0 -19
  194. data/doc/classes/Dnsruby/Dnssec.src/M000619.html +0 -18
  195. data/doc/classes/Dnsruby/Dnssec.src/M000620.html +0 -18
  196. data/doc/classes/Dnsruby/Dnssec.src/M000621.html +0 -18
  197. data/doc/classes/Dnsruby/Dnssec.src/M000622.html +0 -18
  198. data/doc/classes/Dnsruby/Dnssec.src/M000623.html +0 -19
  199. data/doc/classes/Dnsruby/Dnssec.src/M000624.html +0 -18
  200. data/doc/classes/Dnsruby/Dnssec.src/M000625.html +0 -20
  201. data/doc/classes/Dnsruby/Dnssec.src/M000626.html +0 -46
  202. data/doc/classes/Dnsruby/Dnssec.src/M000627.html +0 -23
  203. data/doc/classes/Dnsruby/Dnssec.src/M000628.html +0 -22
  204. data/doc/classes/Dnsruby/Dnssec.src/M000629.html +0 -19
  205. data/doc/classes/Dnsruby/Dnssec.src/M000630.html +0 -116
  206. data/doc/classes/Dnsruby/Dnssec.src/M000631.html +0 -33
  207. data/doc/classes/Dnsruby/Dnssec.src/M000632.html +0 -28
  208. data/doc/classes/Dnsruby/Dnssec.src/M000633.html +0 -92
  209. data/doc/classes/Dnsruby/Dnssec/ValidationPolicy.html +0 -167
  210. data/doc/classes/Dnsruby/EncodeError.html +0 -120
  211. data/doc/classes/Dnsruby/FormErr.html +0 -119
  212. data/doc/classes/Dnsruby/Header.html +0 -531
  213. data/doc/classes/Dnsruby/Header.src/M000595.html +0 -18
  214. data/doc/classes/Dnsruby/Header.src/M000596.html +0 -35
  215. data/doc/classes/Dnsruby/Header.src/M000597.html +0 -18
  216. data/doc/classes/Dnsruby/Header.src/M000598.html +0 -18
  217. data/doc/classes/Dnsruby/Header.src/M000599.html +0 -21
  218. data/doc/classes/Dnsruby/Header.src/M000600.html +0 -20
  219. data/doc/classes/Dnsruby/Header.src/M000601.html +0 -32
  220. data/doc/classes/Dnsruby/Header.src/M000602.html +0 -27
  221. data/doc/classes/Dnsruby/Header.src/M000603.html +0 -26
  222. data/doc/classes/Dnsruby/Header.src/M000604.html +0 -18
  223. data/doc/classes/Dnsruby/Header.src/M000605.html +0 -47
  224. data/doc/classes/Dnsruby/Header.src/M000606.html +0 -28
  225. data/doc/classes/Dnsruby/Header.src/M000607.html +0 -30
  226. data/doc/classes/Dnsruby/Hosts.html +0 -316
  227. data/doc/classes/Dnsruby/Hosts.src/M000561.html +0 -20
  228. data/doc/classes/Dnsruby/Hosts.src/M000562.html +0 -19
  229. data/doc/classes/Dnsruby/Hosts.src/M000563.html +0 -20
  230. data/doc/classes/Dnsruby/Hosts.src/M000564.html +0 -21
  231. data/doc/classes/Dnsruby/Hosts.src/M000565.html +0 -19
  232. data/doc/classes/Dnsruby/Hosts.src/M000566.html +0 -20
  233. data/doc/classes/Dnsruby/Hosts.src/M000567.html +0 -21
  234. data/doc/classes/Dnsruby/IPv4.html +0 -233
  235. data/doc/classes/Dnsruby/IPv4.src/M000568.html +0 -32
  236. data/doc/classes/Dnsruby/IPv4.src/M000569.html +0 -19
  237. data/doc/classes/Dnsruby/IPv4.src/M000570.html +0 -18
  238. data/doc/classes/Dnsruby/IPv4.src/M000571.html +0 -18
  239. data/doc/classes/Dnsruby/IPv4.src/M000572.html +0 -18
  240. data/doc/classes/Dnsruby/IPv6.html +0 -281
  241. data/doc/classes/Dnsruby/IPv6.src/M000608.html +0 -60
  242. data/doc/classes/Dnsruby/IPv6.src/M000609.html +0 -22
  243. data/doc/classes/Dnsruby/IPv6.src/M000610.html +0 -20
  244. data/doc/classes/Dnsruby/IPv6.src/M000611.html +0 -18
  245. data/doc/classes/Dnsruby/Message.html +0 -861
  246. data/doc/classes/Dnsruby/Message.src/M000473.html +0 -39
  247. data/doc/classes/Dnsruby/Message.src/M000474.html +0 -26
  248. data/doc/classes/Dnsruby/Message.src/M000475.html +0 -23
  249. data/doc/classes/Dnsruby/Message.src/M000476.html +0 -22
  250. data/doc/classes/Dnsruby/Message.src/M000477.html +0 -22
  251. data/doc/classes/Dnsruby/Message.src/M000478.html +0 -20
  252. data/doc/classes/Dnsruby/Message.src/M000479.html +0 -20
  253. data/doc/classes/Dnsruby/Message.src/M000480.html +0 -20
  254. data/doc/classes/Dnsruby/Message.src/M000481.html +0 -20
  255. data/doc/classes/Dnsruby/Message.src/M000482.html +0 -18
  256. data/doc/classes/Dnsruby/Message.src/M000483.html +0 -20
  257. data/doc/classes/Dnsruby/Message.src/M000484.html +0 -23
  258. data/doc/classes/Dnsruby/Message.src/M000485.html +0 -30
  259. data/doc/classes/Dnsruby/Message.src/M000486.html +0 -20
  260. data/doc/classes/Dnsruby/Message.src/M000487.html +0 -18
  261. data/doc/classes/Dnsruby/Message.src/M000488.html +0 -23
  262. data/doc/classes/Dnsruby/Message.src/M000489.html +0 -24
  263. data/doc/classes/Dnsruby/Message.src/M000490.html +0 -73
  264. data/doc/classes/Dnsruby/Message.src/M000491.html +0 -35
  265. data/doc/classes/Dnsruby/Message.src/M000492.html +0 -46
  266. data/doc/classes/Dnsruby/Message/Section.html +0 -160
  267. data/doc/classes/Dnsruby/Message/Section.src/M000498.html +0 -29
  268. data/doc/classes/Dnsruby/Message/Section.src/M000499.html +0 -30
  269. data/doc/classes/Dnsruby/MetaTypes.html +0 -136
  270. data/doc/classes/Dnsruby/Modes.html +0 -171
  271. data/doc/classes/Dnsruby/NXDomain.html +0 -119
  272. data/doc/classes/Dnsruby/Name.html +0 -330
  273. data/doc/classes/Dnsruby/Name.src/M000458.html +0 -35
  274. data/doc/classes/Dnsruby/Name.src/M000459.html +0 -20
  275. data/doc/classes/Dnsruby/Name.src/M000460.html +0 -18
  276. data/doc/classes/Dnsruby/Name.src/M000461.html +0 -21
  277. data/doc/classes/Dnsruby/Name.src/M000462.html +0 -22
  278. data/doc/classes/Dnsruby/Name.src/M000463.html +0 -18
  279. data/doc/classes/Dnsruby/Name/Label.html +0 -300
  280. data/doc/classes/Dnsruby/Name/Label.src/M000464.html +0 -21
  281. data/doc/classes/Dnsruby/Name/Label.src/M000465.html +0 -18
  282. data/doc/classes/Dnsruby/Name/Label.src/M000466.html +0 -22
  283. data/doc/classes/Dnsruby/Name/Label.src/M000467.html +0 -18
  284. data/doc/classes/Dnsruby/Name/Label.src/M000468.html +0 -18
  285. data/doc/classes/Dnsruby/Name/Label.src/M000469.html +0 -18
  286. data/doc/classes/Dnsruby/Name/Label.src/M000470.html +0 -18
  287. data/doc/classes/Dnsruby/Name/Label.src/M000471.html +0 -18
  288. data/doc/classes/Dnsruby/Name/Label.src/M000472.html +0 -18
  289. data/doc/classes/Dnsruby/NotImp.html +0 -119
  290. data/doc/classes/Dnsruby/OpCode.html +0 -146
  291. data/doc/classes/Dnsruby/OtherResolvError.html +0 -119
  292. data/doc/classes/Dnsruby/QTypes.html +0 -146
  293. data/doc/classes/Dnsruby/Question.html +0 -306
  294. data/doc/classes/Dnsruby/Question.src/M000590.html +0 -47
  295. data/doc/classes/Dnsruby/Question.src/M000591.html +0 -18
  296. data/doc/classes/Dnsruby/Question.src/M000592.html +0 -18
  297. data/doc/classes/Dnsruby/Question.src/M000593.html +0 -32
  298. data/doc/classes/Dnsruby/Question.src/M000594.html +0 -18
  299. data/doc/classes/Dnsruby/RCode.html +0 -211
  300. data/doc/classes/Dnsruby/RR.html +0 -653
  301. data/doc/classes/Dnsruby/RR.src/M000352.html +0 -18
  302. data/doc/classes/Dnsruby/RR.src/M000353.html +0 -22
  303. data/doc/classes/Dnsruby/RR.src/M000354.html +0 -18
  304. data/doc/classes/Dnsruby/RR.src/M000355.html +0 -26
  305. data/doc/classes/Dnsruby/RR.src/M000356.html +0 -26
  306. data/doc/classes/Dnsruby/RR.src/M000357.html +0 -18
  307. data/doc/classes/Dnsruby/RR.src/M000358.html +0 -36
  308. data/doc/classes/Dnsruby/RR.src/M000359.html +0 -100
  309. data/doc/classes/Dnsruby/RR.src/M000360.html +0 -18
  310. data/doc/classes/Dnsruby/RR.src/M000361.html +0 -18
  311. data/doc/classes/Dnsruby/RR.src/M000362.html +0 -22
  312. data/doc/classes/Dnsruby/RR.src/M000363.html +0 -33
  313. data/doc/classes/Dnsruby/RR.src/M000364.html +0 -24
  314. data/doc/classes/Dnsruby/RR/ANY.html +0 -133
  315. data/doc/classes/Dnsruby/RR/CERT.html +0 -180
  316. data/doc/classes/Dnsruby/RR/CERT/CertificateTypes.html +0 -169
  317. data/doc/classes/Dnsruby/RR/CNAME.html +0 -151
  318. data/doc/classes/Dnsruby/RR/DLV.html +0 -134
  319. data/doc/classes/Dnsruby/RR/DNAME.html +0 -150
  320. data/doc/classes/Dnsruby/RR/DNSKEY.html +0 -422
  321. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000397.html +0 -20
  322. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000398.html +0 -21
  323. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000399.html +0 -28
  324. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000400.html +0 -22
  325. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000401.html +0 -18
  326. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000402.html +0 -22
  327. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000403.html +0 -18
  328. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000404.html +0 -26
  329. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000405.html +0 -38
  330. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000406.html +0 -58
  331. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000407.html +0 -21
  332. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000408.html +0 -24
  333. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000409.html +0 -39
  334. data/doc/classes/Dnsruby/RR/DNSKEY.src/M000410.html +0 -24
  335. data/doc/classes/Dnsruby/RR/DS.html +0 -329
  336. data/doc/classes/Dnsruby/RR/DS.src/M000390.html +0 -19
  337. data/doc/classes/Dnsruby/RR/DS.src/M000391.html +0 -28
  338. data/doc/classes/Dnsruby/RR/DS.src/M000392.html +0 -28
  339. data/doc/classes/Dnsruby/RR/DS.src/M000393.html +0 -38
  340. data/doc/classes/Dnsruby/RR/DS.src/M000394.html +0 -29
  341. data/doc/classes/Dnsruby/RR/DS.src/M000395.html +0 -53
  342. data/doc/classes/Dnsruby/RR/DS.src/M000396.html +0 -40
  343. data/doc/classes/Dnsruby/RR/DS/DigestTypes.html +0 -111
  344. data/doc/classes/Dnsruby/RR/DomainName.html +0 -175
  345. data/doc/classes/Dnsruby/RR/DomainName.src/M000436.html +0 -18
  346. data/doc/classes/Dnsruby/RR/Generic.html +0 -133
  347. data/doc/classes/Dnsruby/RR/HINFO.html +0 -155
  348. data/doc/classes/Dnsruby/RR/IN.html +0 -155
  349. data/doc/classes/Dnsruby/RR/IN/A.html +0 -200
  350. data/doc/classes/Dnsruby/RR/IN/A.src/M000368.html +0 -18
  351. data/doc/classes/Dnsruby/RR/IN/A.src/M000369.html +0 -18
  352. data/doc/classes/Dnsruby/RR/IN/A.src/M000370.html +0 -18
  353. data/doc/classes/Dnsruby/RR/IN/AAAA.html +0 -139
  354. data/doc/classes/Dnsruby/RR/IN/AFSDB.html +0 -145
  355. data/doc/classes/Dnsruby/RR/IN/PX.html +0 -143
  356. data/doc/classes/Dnsruby/RR/IN/SRV.html +0 -238
  357. data/doc/classes/Dnsruby/RR/IN/SRV.src/M000365.html +0 -29
  358. data/doc/classes/Dnsruby/RR/IN/SRV.src/M000366.html +0 -26
  359. data/doc/classes/Dnsruby/RR/IN/SRV.src/M000367.html +0 -22
  360. data/doc/classes/Dnsruby/RR/IN/WKS.html +0 -166
  361. data/doc/classes/Dnsruby/RR/IN/WKS.src/M000371.html +0 -20
  362. data/doc/classes/Dnsruby/RR/ISDN.html +0 -155
  363. data/doc/classes/Dnsruby/RR/LOC.html +0 -395
  364. data/doc/classes/Dnsruby/RR/LOC.src/M000376.html +0 -32
  365. data/doc/classes/Dnsruby/RR/LOC.src/M000377.html +0 -23
  366. data/doc/classes/Dnsruby/RR/LOC.src/M000378.html +0 -25
  367. data/doc/classes/Dnsruby/RR/LOC.src/M000379.html +0 -21
  368. data/doc/classes/Dnsruby/RR/LOC.src/M000380.html +0 -20
  369. data/doc/classes/Dnsruby/RR/LOC.src/M000381.html +0 -23
  370. data/doc/classes/Dnsruby/RR/MB.html +0 -150
  371. data/doc/classes/Dnsruby/RR/MG.html +0 -150
  372. data/doc/classes/Dnsruby/RR/MINFO.html +0 -156
  373. data/doc/classes/Dnsruby/RR/MR.html +0 -150
  374. data/doc/classes/Dnsruby/RR/MX.html +0 -155
  375. data/doc/classes/Dnsruby/RR/NAPTR.html +0 -190
  376. data/doc/classes/Dnsruby/RR/NS.html +0 -151
  377. data/doc/classes/Dnsruby/RR/NSAP.html +0 -293
  378. data/doc/classes/Dnsruby/RR/NSAP.src/M000446.html +0 -19
  379. data/doc/classes/Dnsruby/RR/NSAP.src/M000447.html +0 -19
  380. data/doc/classes/Dnsruby/RR/NSAP.src/M000448.html +0 -22
  381. data/doc/classes/Dnsruby/RR/NSAP.src/M000449.html +0 -31
  382. data/doc/classes/Dnsruby/RR/NSEC.html +0 -301
  383. data/doc/classes/Dnsruby/RR/NSEC.src/M000382.html +0 -19
  384. data/doc/classes/Dnsruby/RR/NSEC.src/M000383.html +0 -18
  385. data/doc/classes/Dnsruby/RR/NSEC.src/M000384.html +0 -34
  386. data/doc/classes/Dnsruby/RR/NSEC.src/M000385.html +0 -18
  387. data/doc/classes/Dnsruby/RR/NSEC.src/M000386.html +0 -75
  388. data/doc/classes/Dnsruby/RR/NSEC.src/M000387.html +0 -18
  389. data/doc/classes/Dnsruby/RR/NSEC.src/M000388.html +0 -92
  390. data/doc/classes/Dnsruby/RR/NSEC.src/M000389.html +0 -23
  391. data/doc/classes/Dnsruby/RR/NSEC3.html +0 -366
  392. data/doc/classes/Dnsruby/RR/NSEC3.src/M000438.html +0 -28
  393. data/doc/classes/Dnsruby/RR/NSEC3.src/M000439.html +0 -18
  394. data/doc/classes/Dnsruby/RR/NSEC3.src/M000440.html +0 -18
  395. data/doc/classes/Dnsruby/RR/NSEC3.src/M000441.html +0 -22
  396. data/doc/classes/Dnsruby/RR/NSEC3.src/M000442.html +0 -18
  397. data/doc/classes/Dnsruby/RR/NSEC3.src/M000443.html +0 -21
  398. data/doc/classes/Dnsruby/RR/NSEC3.src/M000444.html +0 -21
  399. data/doc/classes/Dnsruby/RR/NSEC3.src/M000445.html +0 -29
  400. data/doc/classes/Dnsruby/RR/NSEC3PARAM.html +0 -279
  401. data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000430.html +0 -28
  402. data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000431.html +0 -18
  403. data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000432.html +0 -22
  404. data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000433.html +0 -21
  405. data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000434.html +0 -25
  406. data/doc/classes/Dnsruby/RR/PTR.html +0 -132
  407. data/doc/classes/Dnsruby/RR/RP.html +0 -183
  408. data/doc/classes/Dnsruby/RR/RP.src/M000435.html +0 -19
  409. data/doc/classes/Dnsruby/RR/RRSIG.html +0 -372
  410. data/doc/classes/Dnsruby/RR/RRSIG.src/M000450.html +0 -26
  411. data/doc/classes/Dnsruby/RR/RRSIG.src/M000451.html +0 -28
  412. data/doc/classes/Dnsruby/RR/RRSIG.src/M000452.html +0 -23
  413. data/doc/classes/Dnsruby/RR/RRSIG.src/M000453.html +0 -23
  414. data/doc/classes/Dnsruby/RR/RRSIG.src/M000454.html +0 -46
  415. data/doc/classes/Dnsruby/RR/RRSIG.src/M000455.html +0 -50
  416. data/doc/classes/Dnsruby/RR/RRSIG.src/M000456.html +0 -18
  417. data/doc/classes/Dnsruby/RR/RRSIG.src/M000457.html +0 -27
  418. data/doc/classes/Dnsruby/RR/RT.html +0 -155
  419. data/doc/classes/Dnsruby/RR/SOA.html +0 -233
  420. data/doc/classes/Dnsruby/RR/SOA.src/M000419.html +0 -24
  421. data/doc/classes/Dnsruby/RR/SOA.src/M000420.html +0 -27
  422. data/doc/classes/Dnsruby/RR/SPF.html +0 -138
  423. data/doc/classes/Dnsruby/RR/TKEY.html +0 -313
  424. data/doc/classes/Dnsruby/RR/TKEY.src/M000372.html +0 -19
  425. data/doc/classes/Dnsruby/RR/TKEY.src/M000373.html +0 -29
  426. data/doc/classes/Dnsruby/RR/TKEY.src/M000374.html +0 -21
  427. data/doc/classes/Dnsruby/RR/TKEY.src/M000375.html +0 -29
  428. data/doc/classes/Dnsruby/RR/TSIG.html +0 -524
  429. data/doc/classes/Dnsruby/RR/TSIG.src/M000421.html +0 -24
  430. data/doc/classes/Dnsruby/RR/TSIG.src/M000422.html +0 -32
  431. data/doc/classes/Dnsruby/RR/TSIG.src/M000423.html +0 -54
  432. data/doc/classes/Dnsruby/RR/TSIG.src/M000424.html +0 -121
  433. data/doc/classes/Dnsruby/RR/TSIG.src/M000425.html +0 -33
  434. data/doc/classes/Dnsruby/RR/TSIG.src/M000426.html +0 -25
  435. data/doc/classes/Dnsruby/RR/TSIG.src/M000427.html +0 -36
  436. data/doc/classes/Dnsruby/RR/TSIG.src/M000428.html +0 -22
  437. data/doc/classes/Dnsruby/RR/TSIG.src/M000429.html +0 -29
  438. data/doc/classes/Dnsruby/RR/TXT.html +0 -233
  439. data/doc/classes/Dnsruby/RR/TXT.src/M000414.html +0 -18
  440. data/doc/classes/Dnsruby/RR/TXT.src/M000415.html +0 -18
  441. data/doc/classes/Dnsruby/RR/TXT.src/M000416.html +0 -20
  442. data/doc/classes/Dnsruby/RR/TXT.src/M000417.html +0 -27
  443. data/doc/classes/Dnsruby/RR/TXT.src/M000418.html +0 -25
  444. data/doc/classes/Dnsruby/RR/X25.html +0 -203
  445. data/doc/classes/Dnsruby/RR/X25.src/M000411.html +0 -18
  446. data/doc/classes/Dnsruby/RR/X25.src/M000412.html +0 -18
  447. data/doc/classes/Dnsruby/RR/X25.src/M000413.html +0 -22
  448. data/doc/classes/Dnsruby/RRSet.html +0 -400
  449. data/doc/classes/Dnsruby/RRSet.src/M000575.html +0 -23
  450. data/doc/classes/Dnsruby/RRSet.src/M000576.html +0 -18
  451. data/doc/classes/Dnsruby/RRSet.src/M000577.html +0 -18
  452. data/doc/classes/Dnsruby/RRSet.src/M000578.html +0 -47
  453. data/doc/classes/Dnsruby/RRSet.src/M000579.html +0 -32
  454. data/doc/classes/Dnsruby/RRSet.src/M000580.html +0 -18
  455. data/doc/classes/Dnsruby/RRSet.src/M000581.html +0 -20
  456. data/doc/classes/Dnsruby/RRSet.src/M000582.html +0 -18
  457. data/doc/classes/Dnsruby/RRSet.src/M000583.html +0 -18
  458. data/doc/classes/Dnsruby/RRSet.src/M000584.html +0 -18
  459. data/doc/classes/Dnsruby/RRSet.src/M000585.html +0 -18
  460. data/doc/classes/Dnsruby/RRSet.src/M000586.html +0 -22
  461. data/doc/classes/Dnsruby/RRSet.src/M000587.html +0 -18
  462. data/doc/classes/Dnsruby/RRSet.src/M000588.html +0 -22
  463. data/doc/classes/Dnsruby/RRSet.src/M000589.html +0 -18
  464. data/doc/classes/Dnsruby/Recursor.html +0 -744
  465. data/doc/classes/Dnsruby/Recursor.src/M000639.html +0 -19
  466. data/doc/classes/Dnsruby/Recursor.src/M000640.html +0 -97
  467. data/doc/classes/Dnsruby/Recursor.src/M000641.html +0 -20
  468. data/doc/classes/Dnsruby/Recursor.src/M000642.html +0 -18
  469. data/doc/classes/Dnsruby/Recursor.src/M000643.html +0 -31
  470. data/doc/classes/Dnsruby/Recursor.src/M000644.html +0 -231
  471. data/doc/classes/Dnsruby/Refused.html +0 -119
  472. data/doc/classes/Dnsruby/Resolv.html +0 -401
  473. data/doc/classes/Dnsruby/Resolv.src/M000516.html +0 -18
  474. data/doc/classes/Dnsruby/Resolv.src/M000517.html +0 -18
  475. data/doc/classes/Dnsruby/Resolv.src/M000518.html +0 -18
  476. data/doc/classes/Dnsruby/Resolv.src/M000519.html +0 -18
  477. data/doc/classes/Dnsruby/Resolv.src/M000520.html +0 -18
  478. data/doc/classes/Dnsruby/Resolv.src/M000521.html +0 -18
  479. data/doc/classes/Dnsruby/Resolv.src/M000522.html +0 -18
  480. data/doc/classes/Dnsruby/Resolv.src/M000523.html +0 -19
  481. data/doc/classes/Dnsruby/Resolv.src/M000524.html +0 -20
  482. data/doc/classes/Dnsruby/Resolv.src/M000525.html +0 -29
  483. data/doc/classes/Dnsruby/Resolv.src/M000526.html +0 -19
  484. data/doc/classes/Dnsruby/Resolv.src/M000527.html +0 -20
  485. data/doc/classes/Dnsruby/Resolv.src/M000528.html +0 -25
  486. data/doc/classes/Dnsruby/ResolvError.html +0 -117
  487. data/doc/classes/Dnsruby/ResolvTimeout.html +0 -117
  488. data/doc/classes/Dnsruby/Resolver.html +0 -1114
  489. data/doc/classes/Dnsruby/Resolver.src/M000658.html +0 -24
  490. data/doc/classes/Dnsruby/Resolver.src/M000659.html +0 -27
  491. data/doc/classes/Dnsruby/Resolver.src/M000660.html +0 -28
  492. data/doc/classes/Dnsruby/Resolver.src/M000661.html +0 -18
  493. data/doc/classes/Dnsruby/Resolver.src/M000662.html +0 -51
  494. data/doc/classes/Dnsruby/Resolver.src/M000663.html +0 -25
  495. data/doc/classes/Dnsruby/Resolver.src/M000664.html +0 -22
  496. data/doc/classes/Dnsruby/Resolver.src/M000665.html +0 -18
  497. data/doc/classes/Dnsruby/Resolver.src/M000666.html +0 -20
  498. data/doc/classes/Dnsruby/Resolver.src/M000667.html +0 -19
  499. data/doc/classes/Dnsruby/Resolver.src/M000668.html +0 -21
  500. data/doc/classes/Dnsruby/Resolver.src/M000669.html +0 -21
  501. data/doc/classes/Dnsruby/Resolver.src/M000670.html +0 -27
  502. data/doc/classes/Dnsruby/Resolver.src/M000671.html +0 -19
  503. data/doc/classes/Dnsruby/Resolver.src/M000672.html +0 -19
  504. data/doc/classes/Dnsruby/Resolver.src/M000673.html +0 -19
  505. data/doc/classes/Dnsruby/Resolver.src/M000674.html +0 -19
  506. data/doc/classes/Dnsruby/Resolver.src/M000675.html +0 -19
  507. data/doc/classes/Dnsruby/Resolver.src/M000676.html +0 -19
  508. data/doc/classes/Dnsruby/Resolver.src/M000677.html +0 -19
  509. data/doc/classes/Dnsruby/Resolver.src/M000678.html +0 -19
  510. data/doc/classes/Dnsruby/Resolver.src/M000679.html +0 -19
  511. data/doc/classes/Dnsruby/Resolver.src/M000680.html +0 -19
  512. data/doc/classes/Dnsruby/Resolver.src/M000681.html +0 -26
  513. data/doc/classes/Dnsruby/Resolver.src/M000682.html +0 -18
  514. data/doc/classes/Dnsruby/Resolver.src/M000683.html +0 -23
  515. data/doc/classes/Dnsruby/Resolver.src/M000684.html +0 -18
  516. data/doc/classes/Dnsruby/ServFail.html +0 -119
  517. data/doc/classes/Dnsruby/SingleResolver.html +0 -801
  518. data/doc/classes/Dnsruby/SingleResolver.src/M000529.html +0 -18
  519. data/doc/classes/Dnsruby/SingleResolver.src/M000530.html +0 -24
  520. data/doc/classes/Dnsruby/SingleResolver.src/M000531.html +0 -36
  521. data/doc/classes/Dnsruby/SingleResolver.src/M000532.html +0 -18
  522. data/doc/classes/Dnsruby/SingleResolver.src/M000533.html +0 -19
  523. data/doc/classes/Dnsruby/SingleResolver.src/M000534.html +0 -58
  524. data/doc/classes/Dnsruby/SingleResolver.src/M000535.html +0 -19
  525. data/doc/classes/Dnsruby/SingleResolver.src/M000536.html +0 -19
  526. data/doc/classes/Dnsruby/SingleResolver.src/M000537.html +0 -25
  527. data/doc/classes/Dnsruby/SingleResolver.src/M000538.html +0 -57
  528. data/doc/classes/Dnsruby/SingleResolver.src/M000539.html +0 -21
  529. data/doc/classes/Dnsruby/SingleResolver.src/M000540.html +0 -19
  530. data/doc/classes/Dnsruby/SingleResolver.src/M000541.html +0 -26
  531. data/doc/classes/Dnsruby/SingleResolver.src/M000542.html +0 -26
  532. data/doc/classes/Dnsruby/SingleResolver.src/M000543.html +0 -36
  533. data/doc/classes/Dnsruby/SingleResolver.src/M000544.html +0 -21
  534. data/doc/classes/Dnsruby/SingleResolver.src/M000545.html +0 -31
  535. data/doc/classes/Dnsruby/SingleResolver.src/M000546.html +0 -47
  536. data/doc/classes/Dnsruby/SingleResolver.src/M000547.html +0 -35
  537. data/doc/classes/Dnsruby/SingleResolver.src/M000548.html +0 -24
  538. data/doc/classes/Dnsruby/SingleResolver.src/M000549.html +0 -21
  539. data/doc/classes/Dnsruby/TheLog.html +0 -188
  540. data/doc/classes/Dnsruby/TheLog.src/M000612.html +0 -18
  541. data/doc/classes/Dnsruby/TheLog.src/M000613.html +0 -18
  542. data/doc/classes/Dnsruby/TheLog.src/M000614.html +0 -18
  543. data/doc/classes/Dnsruby/Types.html +0 -441
  544. data/doc/classes/Dnsruby/Update.html +0 -368
  545. data/doc/classes/Dnsruby/Update.src/M000634.html +0 -32
  546. data/doc/classes/Dnsruby/Update.src/M000635.html +0 -36
  547. data/doc/classes/Dnsruby/Update.src/M000636.html +0 -32
  548. data/doc/classes/Dnsruby/Update.src/M000637.html +0 -41
  549. data/doc/classes/Dnsruby/Update.src/M000638.html +0 -34
  550. data/doc/classes/Dnsruby/VerifyError.html +0 -119
  551. data/doc/classes/Dnsruby/ZoneTransfer.html +0 -300
  552. data/doc/classes/Dnsruby/ZoneTransfer.src/M000500.html +0 -18
  553. data/doc/classes/Dnsruby/ZoneTransfer.src/M000501.html +0 -24
  554. data/doc/classes/Dnsruby/ZoneTransfer.src/M000502.html +0 -35
  555. data/doc/classes/Dnsruby/ZoneTransfer/Delta.html +0 -200
  556. data/doc/classes/Dnsruby/ZoneTransfer/Delta.src/M000503.html +0 -19
  557. data/doc/classes/Dnsruby/ZoneTransfer/Delta.src/M000504.html +0 -19
  558. data/doc/classes/DnssecTest.html +0 -242
  559. data/doc/classes/DnssecTest.src/M000235.html +0 -58
  560. data/doc/classes/DnssecTest.src/M000236.html +0 -28
  561. data/doc/classes/DnssecTest.src/M000237.html +0 -28
  562. data/doc/classes/DnssecTest.src/M000238.html +0 -28
  563. data/doc/classes/DnssecTest.src/M000239.html +0 -33
  564. data/doc/classes/DnssecTest.src/M000240.html +0 -24
  565. data/doc/classes/DnssecTest.src/M000241.html +0 -47
  566. data/doc/classes/DnssecTest.src/M000242.html +0 -30
  567. data/doc/classes/DsTest.html +0 -252
  568. data/doc/classes/DsTest.src/M000190.html +0 -25
  569. data/doc/classes/DsTest.src/M000191.html +0 -24
  570. data/doc/classes/DsTest.src/M000192.html +0 -26
  571. data/doc/classes/DsTest.src/M000193.html +0 -23
  572. data/doc/classes/DsTest.src/M000194.html +0 -31
  573. data/doc/classes/DsTest.src/M000195.html +0 -25
  574. data/doc/classes/Enumerable.html +0 -118
  575. data/doc/classes/Errno.html +0 -111
  576. data/doc/classes/Errno/ENOTEMPTY.html +0 -111
  577. data/doc/classes/EventMachineTestDeferrable.html +0 -212
  578. data/doc/classes/EventMachineTestDeferrable.src/M000100.html +0 -20
  579. data/doc/classes/EventMachineTestDeferrable.src/M000101.html +0 -19
  580. data/doc/classes/EventMachineTestDeferrable.src/M000102.html +0 -28
  581. data/doc/classes/EventMachineTestDeferrable.src/M000103.html +0 -29
  582. data/doc/classes/EventMachineTestDeferrable.src/M000104.html +0 -33
  583. data/doc/classes/EventMachineTestDeferrable.src/M000105.html +0 -32
  584. data/doc/classes/EventMachineTestResolver.html +0 -324
  585. data/doc/classes/EventMachineTestResolver.src/M000177.html +0 -21
  586. data/doc/classes/EventMachineTestResolver.src/M000178.html +0 -19
  587. data/doc/classes/EventMachineTestResolver.src/M000179.html +0 -20
  588. data/doc/classes/EventMachineTestResolver.src/M000180.html +0 -20
  589. data/doc/classes/EventMachineTestResolver.src/M000181.html +0 -24
  590. data/doc/classes/EventMachineTestResolver.src/M000182.html +0 -25
  591. data/doc/classes/EventMachineTestResolver.src/M000183.html +0 -31
  592. data/doc/classes/EventMachineTestResolver.src/M000184.html +0 -24
  593. data/doc/classes/EventMachineTestResolver.src/M000185.html +0 -39
  594. data/doc/classes/EventMachineTestResolver.src/M000186.html +0 -36
  595. data/doc/classes/EventMachineTestResolver.src/M000187.html +0 -32
  596. data/doc/classes/EventMachineTestResolver.src/M000188.html +0 -30
  597. data/doc/classes/EventMachineTestResolver.src/M000189.html +0 -22
  598. data/doc/classes/EventMachineTestSingleResolver.html +0 -227
  599. data/doc/classes/EventMachineTestSingleResolver.src/M000092.html +0 -21
  600. data/doc/classes/EventMachineTestSingleResolver.src/M000093.html +0 -19
  601. data/doc/classes/EventMachineTestSingleResolver.src/M000094.html +0 -31
  602. data/doc/classes/EventMachineTestSingleResolver.src/M000095.html +0 -33
  603. data/doc/classes/EventMachineTestSingleResolver.src/M000096.html +0 -33
  604. data/doc/classes/EventMachineTestSingleResolver.src/M000097.html +0 -32
  605. data/doc/classes/EventMachineTestSingleResolver.src/M000098.html +0 -23
  606. data/doc/classes/File.html +0 -166
  607. data/doc/classes/File.src/M000336.html +0 -20
  608. data/doc/classes/File.src/M000337.html +0 -20
  609. data/doc/classes/File.src/M000338.html +0 -18
  610. data/doc/classes/FileOperations.html +0 -375
  611. data/doc/classes/FileOperations.src/M000685.html +0 -31
  612. data/doc/classes/FileOperations.src/M000686.html +0 -20
  613. data/doc/classes/FileOperations.src/M000687.html +0 -20
  614. data/doc/classes/FileOperations.src/M000688.html +0 -24
  615. data/doc/classes/FileOperations.src/M000689.html +0 -34
  616. data/doc/classes/FileOperations.src/M000690.html +0 -27
  617. data/doc/classes/FileOperations.src/M000691.html +0 -21
  618. data/doc/classes/FileOperations.src/M000692.html +0 -19
  619. data/doc/classes/FileOperations.src/M000693.html +0 -40
  620. data/doc/classes/FileOperations.src/M000694.html +0 -19
  621. data/doc/classes/FileOperations.src/M000695.html +0 -20
  622. data/doc/classes/FileOperations.src/M000696.html +0 -18
  623. data/doc/classes/FileOperations.src/M000697.html +0 -18
  624. data/doc/classes/FileOperations.src/M000698.html +0 -18
  625. data/doc/classes/FileOperations.src/M000699.html +0 -20
  626. data/doc/classes/FileOperations.src/M000700.html +0 -20
  627. data/doc/classes/HookScriptAPI.html +0 -308
  628. data/doc/classes/HookScriptAPI.src/M000339.html +0 -18
  629. data/doc/classes/HookScriptAPI.src/M000341.html +0 -18
  630. data/doc/classes/HookScriptAPI.src/M000342.html +0 -18
  631. data/doc/classes/HookScriptAPI.src/M000343.html +0 -18
  632. data/doc/classes/HookScriptAPI.src/M000344.html +0 -18
  633. data/doc/classes/HookScriptAPI.src/M000345.html +0 -18
  634. data/doc/classes/HookScriptAPI.src/M000346.html +0 -18
  635. data/doc/classes/HookScriptAPI.src/M000347.html +0 -18
  636. data/doc/classes/HookScriptAPI.src/M000348.html +0 -20
  637. data/doc/classes/HookScriptAPI.src/M000349.html +0 -20
  638. data/doc/classes/HookScriptAPI.src/M000350.html +0 -20
  639. data/doc/classes/Installer.html +0 -1148
  640. data/doc/classes/Installer.src/M000243.html +0 -21
  641. data/doc/classes/Installer.src/M000244.html +0 -18
  642. data/doc/classes/Installer.src/M000245.html +0 -17
  643. data/doc/classes/Installer.src/M000246.html +0 -18
  644. data/doc/classes/Installer.src/M000247.html +0 -18
  645. data/doc/classes/Installer.src/M000248.html +0 -18
  646. data/doc/classes/Installer.src/M000249.html +0 -18
  647. data/doc/classes/Installer.src/M000250.html +0 -18
  648. data/doc/classes/Installer.src/M000251.html +0 -23
  649. data/doc/classes/Installer.src/M000252.html +0 -18
  650. data/doc/classes/Installer.src/M000255.html +0 -18
  651. data/doc/classes/Installer.src/M000259.html +0 -18
  652. data/doc/classes/Installer.src/M000260.html +0 -18
  653. data/doc/classes/Installer.src/M000261.html +0 -20
  654. data/doc/classes/Installer.src/M000263.html +0 -18
  655. data/doc/classes/Installer.src/M000267.html +0 -36
  656. data/doc/classes/Installer.src/M000268.html +0 -25
  657. data/doc/classes/Installer.src/M000269.html +0 -24
  658. data/doc/classes/Installer.src/M000270.html +0 -19
  659. data/doc/classes/Installer.src/M000271.html +0 -18
  660. data/doc/classes/Installer.src/M000272.html +0 -18
  661. data/doc/classes/Installer.src/M000273.html +0 -21
  662. data/doc/classes/Installer.src/M000274.html +0 -18
  663. data/doc/classes/Installer.src/M000275.html +0 -20
  664. data/doc/classes/Installer.src/M000276.html +0 -18
  665. data/doc/classes/Installer.src/M000277.html +0 -21
  666. data/doc/classes/Installer.src/M000278.html +0 -18
  667. data/doc/classes/Installer.src/M000279.html +0 -22
  668. data/doc/classes/Installer.src/M000280.html +0 -18
  669. data/doc/classes/Installer.src/M000281.html +0 -23
  670. data/doc/classes/Installer.src/M000282.html +0 -18
  671. data/doc/classes/Installer.src/M000283.html +0 -20
  672. data/doc/classes/Installer.src/M000284.html +0 -19
  673. data/doc/classes/Installer.src/M000285.html +0 -19
  674. data/doc/classes/Installer.src/M000286.html +0 -20
  675. data/doc/classes/Installer.src/M000287.html +0 -30
  676. data/doc/classes/Installer.src/M000288.html +0 -20
  677. data/doc/classes/Installer.src/M000294.html +0 -19
  678. data/doc/classes/Installer.src/M000295.html +0 -20
  679. data/doc/classes/Installer.src/M000298.html +0 -19
  680. data/doc/classes/Installer.src/M000302.html +0 -26
  681. data/doc/classes/Installer.src/M000303.html +0 -25
  682. data/doc/classes/Installer.src/M000304.html +0 -29
  683. data/doc/classes/Installer.src/M000305.html +0 -26
  684. data/doc/classes/Installer/Shebang.html +0 -202
  685. data/doc/classes/Installer/Shebang.src/M000306.html +0 -23
  686. data/doc/classes/Installer/Shebang.src/M000307.html +0 -19
  687. data/doc/classes/Installer/Shebang.src/M000308.html +0 -19
  688. data/doc/classes/Installer/Shebang.src/M000309.html +0 -18
  689. data/doc/classes/Nsec3ParamTest.html +0 -172
  690. data/doc/classes/Nsec3ParamTest.src/M000233.html +0 -26
  691. data/doc/classes/Nsec3ParamTest.src/M000234.html +0 -24
  692. data/doc/classes/Nsec3Test.html +0 -202
  693. data/doc/classes/Nsec3Test.src/M000207.html +0 -27
  694. data/doc/classes/Nsec3Test.src/M000208.html +0 -24
  695. data/doc/classes/Nsec3Test.src/M000209.html +0 -39
  696. data/doc/classes/Nsec3Test.src/M000210.html +0 -23
  697. data/doc/classes/NsecTest.html +0 -187
  698. data/doc/classes/NsecTest.src/M000333.html +0 -23
  699. data/doc/classes/NsecTest.src/M000334.html +0 -24
  700. data/doc/classes/NsecTest.src/M000335.html +0 -23
  701. data/doc/classes/RrsetTest.html +0 -137
  702. data/doc/classes/RrsetTest.src/M000310.html +0 -68
  703. data/doc/classes/RrsigTest.html +0 -150
  704. data/doc/classes/RrsigTest.src/M000099.html +0 -35
  705. data/doc/classes/SetupError.html +0 -111
  706. data/doc/classes/TestAResolverFile.html +0 -152
  707. data/doc/classes/TestAResolverFile.src/M000205.html +0 -18
  708. data/doc/classes/TestAResolverFile.src/M000206.html +0 -33
  709. data/doc/classes/TestAxfr.html +0 -137
  710. data/doc/classes/TestAxfr.src/M000106.html +0 -23
  711. data/doc/classes/TestDNS.html +0 -257
  712. data/doc/classes/TestDNS.src/M000196.html +0 -18
  713. data/doc/classes/TestDNS.src/M000197.html +0 -18
  714. data/doc/classes/TestDNS.src/M000198.html +0 -53
  715. data/doc/classes/TestDNS.src/M000199.html +0 -19
  716. data/doc/classes/TestDNS.src/M000200.html +0 -18
  717. data/doc/classes/TestDNS.src/M000201.html +0 -32
  718. data/doc/classes/TestDNS.src/M000202.html +0 -74
  719. data/doc/classes/TestDNS.src/M000203.html +0 -41
  720. data/doc/classes/TestDNS.src/M000204.html +0 -67
  721. data/doc/classes/TestDnsruby.html +0 -137
  722. data/doc/classes/TestDnsruby.src/M000211.html +0 -36
  723. data/doc/classes/TestEscapedChars.html +0 -152
  724. data/doc/classes/TestEscapedChars.src/M000014.html +0 -243
  725. data/doc/classes/TestEscapedChars.src/M000015.html +0 -248
  726. data/doc/classes/TestEventMachineSoak.html +0 -227
  727. data/doc/classes/TestEventMachineSoak.src/M000319.html +0 -19
  728. data/doc/classes/TestEventMachineSoak.src/M000320.html +0 -18
  729. data/doc/classes/TestEventMachineSoak.src/M000321.html +0 -18
  730. data/doc/classes/TestEventMachineSoak.src/M000322.html +0 -33
  731. data/doc/classes/TestEventMachineSoak.src/M000323.html +0 -34
  732. data/doc/classes/TestEventMachineSoak.src/M000324.html +0 -33
  733. data/doc/classes/TestEventMachineSoak.src/M000325.html +0 -33
  734. data/doc/classes/TestHeader.html +0 -137
  735. data/doc/classes/TestHeader.src/M000091.html +0 -98
  736. data/doc/classes/TestMisc.html +0 -167
  737. data/doc/classes/TestMisc.src/M000011.html +0 -28
  738. data/doc/classes/TestMisc.src/M000012.html +0 -50
  739. data/doc/classes/TestMisc.src/M000013.html +0 -84
  740. data/doc/classes/TestName.html +0 -182
  741. data/doc/classes/TestName.src/M000218.html +0 -24
  742. data/doc/classes/TestName.src/M000219.html +0 -23
  743. data/doc/classes/TestName.src/M000220.html +0 -21
  744. data/doc/classes/TestName.src/M000221.html +0 -21
  745. data/doc/classes/TestPacket.html +0 -182
  746. data/doc/classes/TestPacket.src/M000229.html +0 -154
  747. data/doc/classes/TestPacket.src/M000230.html +0 -25
  748. data/doc/classes/TestPacket.src/M000231.html +0 -23
  749. data/doc/classes/TestPacket.src/M000232.html +0 -32
  750. data/doc/classes/TestPacketUniquePush.html +0 -140
  751. data/doc/classes/TestPacketUniquePush.src/M000318.html +0 -81
  752. data/doc/classes/TestQuestion.html +0 -137
  753. data/doc/classes/TestQuestion.src/M000090.html +0 -45
  754. data/doc/classes/TestQueue.html +0 -137
  755. data/doc/classes/TestQueue.src/M000089.html +0 -27
  756. data/doc/classes/TestRR.html +0 -137
  757. data/doc/classes/TestRR.src/M000217.html +0 -256
  758. data/doc/classes/TestRecur.html +0 -137
  759. data/doc/classes/TestRecur.src/M000176.html +0 -20
  760. data/doc/classes/TestResOpt.html +0 -227
  761. data/doc/classes/TestResOpt.src/M000311.html +0 -37
  762. data/doc/classes/TestResOpt.src/M000312.html +0 -19
  763. data/doc/classes/TestResOpt.src/M000313.html +0 -30
  764. data/doc/classes/TestResOpt.src/M000314.html +0 -37
  765. data/doc/classes/TestResOpt.src/M000315.html +0 -45
  766. data/doc/classes/TestResOpt.src/M000316.html +0 -36
  767. data/doc/classes/TestResOpt.src/M000317.html +0 -60
  768. data/doc/classes/TestResolver.html +0 -357
  769. data/doc/classes/TestResolver.src/M000077.html +0 -18
  770. data/doc/classes/TestResolver.src/M000078.html +0 -20
  771. data/doc/classes/TestResolver.src/M000079.html +0 -20
  772. data/doc/classes/TestResolver.src/M000080.html +0 -24
  773. data/doc/classes/TestResolver.src/M000081.html +0 -25
  774. data/doc/classes/TestResolver.src/M000082.html +0 -31
  775. data/doc/classes/TestResolver.src/M000083.html +0 -24
  776. data/doc/classes/TestResolver.src/M000084.html +0 -42
  777. data/doc/classes/TestResolver.src/M000085.html +0 -38
  778. data/doc/classes/TestResolver.src/M000086.html +0 -34
  779. data/doc/classes/TestResolver.src/M000087.html +0 -30
  780. data/doc/classes/TestResolver.src/M000088.html +0 -41
  781. data/doc/classes/TestResolverConfig.html +0 -205
  782. data/doc/classes/TestResolverConfig.src/M000225.html +0 -18
  783. data/doc/classes/TestResolverConfig.src/M000226.html +0 -37
  784. data/doc/classes/TestResolverConfig.src/M000227.html +0 -23
  785. data/doc/classes/TestResolverConfig.src/M000228.html +0 -22
  786. data/doc/classes/TestResolverEnv.html +0 -141
  787. data/doc/classes/TestResolverEnv.src/M000332.html +0 -44
  788. data/doc/classes/TestRrOpt.html +0 -182
  789. data/doc/classes/TestRrOpt.src/M000007.html +0 -33
  790. data/doc/classes/TestRrOpt.src/M000008.html +0 -46
  791. data/doc/classes/TestRrOpt.src/M000009.html +0 -23
  792. data/doc/classes/TestRrOpt.src/M000010.html +0 -34
  793. data/doc/classes/TestRrTest.html +0 -155
  794. data/doc/classes/TestRrTest.src/M000224.html +0 -77
  795. data/doc/classes/TestRrUnknown.html +0 -167
  796. data/doc/classes/TestRrUnknown.src/M000074.html +0 -41
  797. data/doc/classes/TestRrUnknown.src/M000075.html +0 -39
  798. data/doc/classes/TestRrUnknown.src/M000076.html +0 -42
  799. data/doc/classes/TestSingleResolver.html +0 -293
  800. data/doc/classes/TestSingleResolver.src/M000149.html +0 -18
  801. data/doc/classes/TestSingleResolver.src/M000150.html +0 -19
  802. data/doc/classes/TestSingleResolver.src/M000151.html +0 -28
  803. data/doc/classes/TestSingleResolver.src/M000152.html +0 -30
  804. data/doc/classes/TestSingleResolver.src/M000153.html +0 -55
  805. data/doc/classes/TestSingleResolver.src/M000154.html +0 -26
  806. data/doc/classes/TestSingleResolver.src/M000155.html +0 -23
  807. data/doc/classes/TestSingleResolver.src/M000156.html +0 -27
  808. data/doc/classes/TestSingleResolver.src/M000157.html +0 -39
  809. data/doc/classes/TestSingleResolverSoak.html +0 -223
  810. data/doc/classes/TestSingleResolverSoak.src/M000326.html +0 -18
  811. data/doc/classes/TestSingleResolverSoak.src/M000327.html +0 -18
  812. data/doc/classes/TestSingleResolverSoak.src/M000328.html +0 -57
  813. data/doc/classes/TestSingleResolverSoak.src/M000329.html +0 -64
  814. data/doc/classes/TestSingleResolverSoak.src/M000330.html +0 -25
  815. data/doc/classes/TestSingleResolverSoak.src/M000331.html +0 -63
  816. data/doc/classes/TestSoakBase.html +0 -172
  817. data/doc/classes/TestSoakBase.src/M000072.html +0 -68
  818. data/doc/classes/TestSoakBase.src/M000073.html +0 -66
  819. data/doc/classes/TestTKey.html +0 -152
  820. data/doc/classes/TestTKey.src/M000215.html +0 -18
  821. data/doc/classes/TestTKey.src/M000216.html +0 -65
  822. data/doc/classes/TestTSig.html +0 -309
  823. data/doc/classes/TestTSig.src/M000138.html +0 -18
  824. data/doc/classes/TestTSig.src/M000139.html +0 -20
  825. data/doc/classes/TestTSig.src/M000140.html +0 -26
  826. data/doc/classes/TestTSig.src/M000141.html +0 -69
  827. data/doc/classes/TestTSig.src/M000142.html +0 -21
  828. data/doc/classes/TestTSig.src/M000143.html +0 -60
  829. data/doc/classes/TestTSig.src/M000144.html +0 -33
  830. data/doc/classes/TestTSig.src/M000145.html +0 -20
  831. data/doc/classes/TestTSig.src/M000146.html +0 -24
  832. data/doc/classes/TestTSig.src/M000147.html +0 -54
  833. data/doc/classes/TestTSig.src/M000148.html +0 -23
  834. data/doc/classes/TestTcp.html +0 -152
  835. data/doc/classes/TestTcp.src/M000222.html +0 -21
  836. data/doc/classes/TestTcp.src/M000223.html +0 -23
  837. data/doc/classes/TestUpdate.html +0 -152
  838. data/doc/classes/TestUpdate.src/M000174.html +0 -20
  839. data/doc/classes/TestUpdate.src/M000175.html +0 -203
  840. data/doc/classes/ToplevelInstaller.html +0 -621
  841. data/doc/classes/ToplevelInstaller.src/M000107.html +0 -23
  842. data/doc/classes/ToplevelInstaller.src/M000108.html +0 -18
  843. data/doc/classes/ToplevelInstaller.src/M000109.html +0 -25
  844. data/doc/classes/ToplevelInstaller.src/M000110.html +0 -21
  845. data/doc/classes/ToplevelInstaller.src/M000111.html +0 -18
  846. data/doc/classes/ToplevelInstaller.src/M000112.html +0 -18
  847. data/doc/classes/ToplevelInstaller.src/M000113.html +0 -38
  848. data/doc/classes/ToplevelInstaller.src/M000114.html +0 -18
  849. data/doc/classes/ToplevelInstaller.src/M000115.html +0 -18
  850. data/doc/classes/ToplevelInstaller.src/M000116.html +0 -18
  851. data/doc/classes/ToplevelInstaller.src/M000117.html +0 -18
  852. data/doc/classes/ToplevelInstaller.src/M000118.html +0 -18
  853. data/doc/classes/ToplevelInstaller.src/M000119.html +0 -40
  854. data/doc/classes/ToplevelInstaller.src/M000120.html +0 -18
  855. data/doc/classes/ToplevelInstaller.src/M000121.html +0 -18
  856. data/doc/classes/ToplevelInstaller.src/M000122.html +0 -21
  857. data/doc/classes/ToplevelInstaller.src/M000128.html +0 -40
  858. data/doc/classes/ToplevelInstaller.src/M000129.html +0 -31
  859. data/doc/classes/ToplevelInstaller.src/M000130.html +0 -52
  860. data/doc/classes/ToplevelInstaller.src/M000131.html +0 -19
  861. data/doc/classes/ToplevelInstaller.src/M000132.html +0 -18
  862. data/doc/classes/ToplevelInstaller.src/M000133.html +0 -18
  863. data/doc/classes/ToplevelInstaller.src/M000134.html +0 -18
  864. data/doc/classes/ToplevelInstaller.src/M000135.html +0 -20
  865. data/doc/classes/ToplevelInstaller.src/M000136.html +0 -18
  866. data/doc/classes/ToplevelInstaller.src/M000137.html +0 -18
  867. data/doc/classes/ToplevelInstallerMulti.html +0 -398
  868. data/doc/classes/ToplevelInstallerMulti.src/M000158.html +0 -21
  869. data/doc/classes/ToplevelInstallerMulti.src/M000159.html +0 -21
  870. data/doc/classes/ToplevelInstallerMulti.src/M000160.html +0 -23
  871. data/doc/classes/ToplevelInstallerMulti.src/M000161.html +0 -29
  872. data/doc/classes/ToplevelInstallerMulti.src/M000162.html +0 -22
  873. data/doc/classes/ToplevelInstallerMulti.src/M000163.html +0 -21
  874. data/doc/classes/ToplevelInstallerMulti.src/M000164.html +0 -21
  875. data/doc/classes/ToplevelInstallerMulti.src/M000165.html +0 -20
  876. data/doc/classes/ToplevelInstallerMulti.src/M000166.html +0 -20
  877. data/doc/classes/ToplevelInstallerMulti.src/M000167.html +0 -20
  878. data/doc/classes/ToplevelInstallerMulti.src/M000168.html +0 -21
  879. data/doc/classes/ToplevelInstallerMulti.src/M000169.html +0 -21
  880. data/doc/classes/ToplevelInstallerMulti.src/M000170.html +0 -25
  881. data/doc/classes/ToplevelInstallerMulti.src/M000171.html +0 -18
  882. data/doc/classes/ToplevelInstallerMulti.src/M000172.html +0 -18
  883. data/doc/classes/ToplevelInstallerMulti.src/M000173.html +0 -18
  884. data/doc/created.rid +0 -1
  885. data/doc/files/demo/axfr_rb.html +0 -158
  886. data/doc/files/demo/check_soa_rb.html +0 -138
  887. data/doc/files/demo/check_zone_rb.html +0 -231
  888. data/doc/files/demo/check_zone_rb.src/M000001.html +0 -81
  889. data/doc/files/demo/check_zone_rb.src/M000002.html +0 -30
  890. data/doc/files/demo/check_zone_rb.src/M000003.html +0 -23
  891. data/doc/files/demo/check_zone_rb.src/M000004.html +0 -23
  892. data/doc/files/demo/check_zone_rb.src/M000005.html +0 -23
  893. data/doc/files/demo/example_recurse_rb.html +0 -115
  894. data/doc/files/demo/mresolv_rb.html +0 -130
  895. data/doc/files/demo/mx_rb.html +0 -108
  896. data/doc/files/demo/rubydig_rb.html +0 -128
  897. data/doc/files/demo/trace_dns_rb.html +0 -108
  898. data/doc/files/lib/Dnsruby/Cache_rb.html +0 -109
  899. data/doc/files/lib/Dnsruby/Config_rb.html +0 -101
  900. data/doc/files/lib/Dnsruby/DNS_rb.html +0 -110
  901. data/doc/files/lib/Dnsruby/Hosts_rb.html +0 -108
  902. data/doc/files/lib/Dnsruby/Recursor_rb.html +0 -101
  903. data/doc/files/lib/Dnsruby/Resolver_rb.html +0 -110
  904. data/doc/files/lib/Dnsruby/SingleResolver_rb.html +0 -109
  905. data/doc/files/lib/Dnsruby/TheLog_rb.html +0 -110
  906. data/doc/files/lib/Dnsruby/code_mapper_rb.html +0 -101
  907. data/doc/files/lib/Dnsruby/dnssec_rb.html +0 -107
  908. data/doc/files/lib/Dnsruby/event_machine_interface_rb.html +0 -108
  909. data/doc/files/lib/Dnsruby/iana_ports_rb.html +0 -127
  910. data/doc/files/lib/Dnsruby/ipv4_rb.html +0 -101
  911. data/doc/files/lib/Dnsruby/ipv6_rb.html +0 -101
  912. data/doc/files/lib/Dnsruby/message_rb.html +0 -109
  913. data/doc/files/lib/Dnsruby/name_rb.html +0 -101
  914. data/doc/files/lib/Dnsruby/resource/AAAA_rb.html +0 -101
  915. data/doc/files/lib/Dnsruby/resource/AFSDB_rb.html +0 -101
  916. data/doc/files/lib/Dnsruby/resource/A_rb.html +0 -101
  917. data/doc/files/lib/Dnsruby/resource/CERT_rb.html +0 -101
  918. data/doc/files/lib/Dnsruby/resource/DLV_rb.html +0 -101
  919. data/doc/files/lib/Dnsruby/resource/DNSKEY_rb.html +0 -101
  920. data/doc/files/lib/Dnsruby/resource/DS_rb.html +0 -108
  921. data/doc/files/lib/Dnsruby/resource/HINFO_rb.html +0 -101
  922. data/doc/files/lib/Dnsruby/resource/IN_rb.html +0 -112
  923. data/doc/files/lib/Dnsruby/resource/ISDN_rb.html +0 -101
  924. data/doc/files/lib/Dnsruby/resource/LOC_rb.html +0 -101
  925. data/doc/files/lib/Dnsruby/resource/MINFO_rb.html +0 -101
  926. data/doc/files/lib/Dnsruby/resource/MX_rb.html +0 -101
  927. data/doc/files/lib/Dnsruby/resource/NAPTR_rb.html +0 -101
  928. data/doc/files/lib/Dnsruby/resource/NSAP_rb.html +0 -101
  929. data/doc/files/lib/Dnsruby/resource/NSEC3PARAM_rb.html +0 -101
  930. data/doc/files/lib/Dnsruby/resource/NSEC3_rb.html +0 -101
  931. data/doc/files/lib/Dnsruby/resource/NSEC_rb.html +0 -101
  932. data/doc/files/lib/Dnsruby/resource/OPT_rb.html +0 -101
  933. data/doc/files/lib/Dnsruby/resource/PX_rb.html +0 -101
  934. data/doc/files/lib/Dnsruby/resource/RP_rb.html +0 -101
  935. data/doc/files/lib/Dnsruby/resource/RRSIG_rb.html +0 -101
  936. data/doc/files/lib/Dnsruby/resource/RT_rb.html +0 -101
  937. data/doc/files/lib/Dnsruby/resource/SOA_rb.html +0 -101
  938. data/doc/files/lib/Dnsruby/resource/SPF_rb.html +0 -101
  939. data/doc/files/lib/Dnsruby/resource/SRV_rb.html +0 -101
  940. data/doc/files/lib/Dnsruby/resource/TKEY_rb.html +0 -101
  941. data/doc/files/lib/Dnsruby/resource/TSIG_rb.html +0 -114
  942. data/doc/files/lib/Dnsruby/resource/TXT_rb.html +0 -108
  943. data/doc/files/lib/Dnsruby/resource/X25_rb.html +0 -101
  944. data/doc/files/lib/Dnsruby/resource/domain_name_rb.html +0 -101
  945. data/doc/files/lib/Dnsruby/resource/generic_rb.html +0 -132
  946. data/doc/files/lib/Dnsruby/resource/resource_rb.html +0 -110
  947. data/doc/files/lib/Dnsruby/select_thread_rb.html +0 -111
  948. data/doc/files/lib/Dnsruby/update_rb.html +0 -101
  949. data/doc/files/lib/Dnsruby/zone_transfer_rb.html +0 -101
  950. data/doc/files/lib/dnsruby_rb.html +0 -118
  951. data/doc/files/setup_rb.html +0 -148
  952. data/doc/files/setup_rb.src/M000006.html +0 -18
  953. data/doc/files/test/tc_axfr_rb.html +0 -110
  954. data/doc/files/test/tc_dns_rb.html +0 -117
  955. data/doc/files/test/tc_dnskey_rb.html +0 -109
  956. data/doc/files/test/tc_dnsruby_rb.html +0 -117
  957. data/doc/files/test/tc_dnssec_rb.html +0 -109
  958. data/doc/files/test/tc_ds_rb.html +0 -110
  959. data/doc/files/test/tc_escapedchars_rb.html +0 -117
  960. data/doc/files/test/tc_event_machine_deferrable_rb.html +0 -111
  961. data/doc/files/test/tc_event_machine_res_rb.html +0 -111
  962. data/doc/files/test/tc_event_machine_single_res_rb.html +0 -111
  963. data/doc/files/test/tc_event_machine_soak_rb.html +0 -113
  964. data/doc/files/test/tc_header_rb.html +0 -117
  965. data/doc/files/test/tc_misc_rb.html +0 -110
  966. data/doc/files/test/tc_name_rb.html +0 -117
  967. data/doc/files/test/tc_nsec3_rb.html +0 -109
  968. data/doc/files/test/tc_nsec3param_rb.html +0 -109
  969. data/doc/files/test/tc_nsec_rb.html +0 -109
  970. data/doc/files/test/tc_packet_rb.html +0 -117
  971. data/doc/files/test/tc_packet_unique_push_rb.html +0 -117
  972. data/doc/files/test/tc_question_rb.html +0 -117
  973. data/doc/files/test/tc_queue_rb.html +0 -109
  974. data/doc/files/test/tc_recur_rb.html +0 -109
  975. data/doc/files/test/tc_res_config_rb.html +0 -110
  976. data/doc/files/test/tc_res_env_rb.html +0 -117
  977. data/doc/files/test/tc_res_file_rb.html +0 -110
  978. data/doc/files/test/tc_res_opt_rb.html +0 -117
  979. data/doc/files/test/tc_resolver_rb.html +0 -117
  980. data/doc/files/test/tc_rr-opt_rb.html +0 -118
  981. data/doc/files/test/tc_rr-txt_rb.html +0 -117
  982. data/doc/files/test/tc_rr-unknown_rb.html +0 -110
  983. data/doc/files/test/tc_rr_rb.html +0 -117
  984. data/doc/files/test/tc_rrset_rb.html +0 -109
  985. data/doc/files/test/tc_rrsig_rb.html +0 -109
  986. data/doc/files/test/tc_single_resolver_rb.html +0 -117
  987. data/doc/files/test/tc_soak_base_rb.html +0 -110
  988. data/doc/files/test/tc_soak_rb.html +0 -121
  989. data/doc/files/test/tc_tcp_rb.html +0 -110
  990. data/doc/files/test/tc_tkey_rb.html +0 -111
  991. data/doc/files/test/tc_tsig_rb.html +0 -111
  992. data/doc/files/test/tc_update_rb.html +0 -117
  993. data/doc/files/test/ts_dnsruby_rb.html +0 -109
  994. data/doc/files/test/ts_offline_rb.html +0 -133
  995. data/doc/files/test/ts_online_rb.html +0 -128
  996. data/doc/fr_method_index.html +0 -726
data/lib/Dnsruby/single_verifier.rb ADDED
@@ -0,0 +1,1289 @@
1
+ # This class does verification/validation from a single point - signed root,
2
+ # DLV, trust anchors. Dnssec controls a set of these to perform validation for
3
+ # the client.
4
+ # This class should only be used by Dnsruby
5
+ module Dnsruby
6
+ class SingleVerifier # :nodoc: all
7
+ class VerifierType
8
+ ROOT = 0
9
+ ANCHOR = 1
10
+ DLV = 2
11
+ end
12
+ def initialize(vtype)
13
+ @verifier_type = vtype
14
+ @added_dlv_key = false
15
+ # The DNSKEY RRs for the signed root (when it exists)
16
+ @root_anchors = KeyCache.new
17
+ # Could add methods for interacting with root anchors - see test/tc_itar.rb
18
+ # for example of how to load ITAR trust anchors into dnsruby
19
+
20
+ # The set of trust anchors.
21
+ # If the root is unsigned, then these must be initialised with at least
22
+ # one trusted key by the client application, if verification is to be performed.
23
+ @trust_anchors = KeyCache.new
24
+
25
+ @dlv_registries = []
26
+
27
+ # The set of keys which are trusted.
28
+ @trusted_keys = KeyCache.new
29
+
30
+ # The set of keys which have been indicated by a DS RRSet which has been
31
+ # signed by a trusted key. Although we have not yet located these keys, we
32
+ # have the details (tag and digest) which can identify the keys when we
33
+ # see them. At that point, they will be added to our trusted keys.
34
+ @discovered_ds_store = []
35
+ # The configured_ds_store is the set of DS records which have been configured
36
+ # by the client as trust anchors. Use Dnssec#add_trust_anchor to add these
37
+ @configured_ds_store = []
38
+ end
39
+
40
+ def get_dlv_resolver # :nodoc:
41
+ if (Dnssec.do_validation_with_recursor?)
42
+ return Recursor.new
43
+ else
44
+ if (Dnssec.default_resolver)
45
+ return Dnssec.default_resolver
46
+ else
47
+ return Resolver.new
48
+ end
49
+ end
50
+ end
51
+ def add_dlv_key(key)
52
+ # Is this a ZSK or a KSK?
53
+ # If it is a KSK, then get the ZSK from the zone
54
+ if (key.sep_key?)
55
+ get_dlv_key(key)
56
+ end
57
+ end
58
+ def get_dlv_key(ksk) # :nodoc:
59
+ # Using the KSK, get the ZSK for the DLV registry
60
+ if (!@res && (@verifier_type == VerifierType::DLV))
61
+ @res = get_dlv_resolver
62
+ end
63
+ # print "Sending query : res.dnssec = #{@res.dnssec}"
64
+ ret = nil
65
+ begin
66
+ ret = @res.query_no_validation_or_recursion("dlv.isc.org.", Types.DNSKEY)
67
+ if (!ret)
68
+ raise ResolvError.new("Couldn't get response from Recursor")
69
+ end
70
+ rescue ResolvError => e
71
+ # print "ERROR - Couldn't find the DLV key\n"
72
+ TheLog.error("Couldn't find the DLV key\n")
73
+ return
74
+ end
75
+ key_rrset = ret.answer.rrset("dlv.isc.org", Types.DNSKEY)
76
+ begin
77
+ verify(key_rrset, ksk)
78
+ add_trusted_key(key_rrset)
79
+ # print "Successfully added DLV key\n"
80
+ TheLog.info("Successfully added DLV key")
81
+ @added_dlv_key = true
82
+ rescue VerifyError => e
83
+ # print "Error verifying DLV key : #{e}\n"
84
+ TheLog.error("Error verifying DLV key : #{e}")
85
+ end
86
+ end
87
+ def add_trust_anchor(t)
88
+ add_trust_anchor_with_expiration(t, Time.utc(2035,"jan",1,20,15,1).to_i)
89
+ end
90
+ # Add the
91
+ def add_trust_anchor_with_expiration(k, expiration)
92
+ if (k.type == Types.DNSKEY)
93
+ k.flags = k.flags | RR::IN::DNSKEY::SEP_KEY
94
+ @trust_anchors.add_key_with_expiration(k, expiration)
95
+ # print "Adding trust anchor for #{k.name}\n"
96
+ TheLog.info("Adding trust anchor for #{k.name}")
97
+ elsif ((k.type == Types.DS) || ((k.type == Types.DLV) && (@verifier_type == VerifierType::DLV)))
98
+ @configured_ds_store.push(k)
99
+ end
100
+ end
101
+
102
+ def remove_trust_anchor(t)
103
+ @trust_anchors.delete(t)
104
+ end
105
+ # Wipes the cache of trusted keys
106
+ def clear_trust_anchors
107
+ @trust_anchors = KeyCache.new
108
+ end
109
+
110
+ def trust_anchors
111
+ return @trust_anchors.keys + @configured_ds_store
112
+ end
113
+
114
+ # Check that the RRSet and RRSIG record are compatible
115
+ def check_rr_data(rrset, sigrec)#:nodoc: all
116
+ #Each RR MUST have the same owner name as the RRSIG RR;
117
+ if (rrset.name.to_s.downcase != sigrec.name.to_s.downcase)
118
+ raise VerifyError.new("RRSET should have same owner name as RRSIG for verification (rrsert=#{rrset.name}, sigrec=#{sigrec.name}")
119
+ end
120
+
121
+ #Each RR MUST have the same class as the RRSIG RR;
122
+ if (rrset.klass != sigrec.klass)
123
+ raise VerifyError.new("RRSET should have same DNS class as RRSIG for verification")
124
+ end
125
+
126
+ #Each RR in the RRset MUST have the RR type listed in the
127
+ #RRSIG RR's Type Covered field;
128
+ if (rrset.type != sigrec.type_covered)
129
+ raise VerifyError.new("RRSET should have same type as RRSIG for verification")
130
+ end
131
+
132
+ #Each RR in the RRset MUST have the TTL listed in the
133
+ #RRSIG Original TTL Field;
134
+ if (rrset.ttl != sigrec.ttl)
135
+ raise VerifyError.new("RRSET should have same ttl as RRSIG for verification")
136
+ end
137
+
138
+ # Now check that we are in the validity period for the RRSIG
139
+ now = Time.now.to_i
140
+ if ((sigrec.expiration < now) || (sigrec.inception > now))
141
+ raise VerifyError.new("Signature record not in validity period")
142
+ end
143
+ end
144
+
145
+ # Add the specified keys to the trusted key cache.
146
+ # k can be a KeyCache, or an RRSet of DNSKEYs.
147
+ def add_trusted_key(k)
148
+ @trusted_keys.add(k)
149
+ end
150
+
151
+ # Wipes the cache of trusted keys
152
+ def clear_trusted_keys
153
+ @trusted_keys = KeyCache.new
154
+ @discovered_ds_store = []
155
+ @configured_ds_store = []
156
+ end
157
+
158
+ def trusted_keys
159
+ discovered_ds = []
160
+ @discovered_ds_store.each {|rrset|
161
+ rrset.rrs.each {|rr|
162
+ discovered_ds.push(rr)
163
+ }
164
+ }
165
+ return @trusted_keys.keys + @configured_ds_store + discovered_ds
166
+ end
167
+
168
+ # Check that the key fits a signed DS record key details
169
+ # If so, then add the key to the trusted keys
170
+ def check_ds(key, ds_rrset)#:nodoc: all
171
+ expiration = 0
172
+ found = false
173
+ ds_rrset.sigs.each { |sig|
174
+ if ((sig.type_covered == Types.DS) || ((sig.type_covered == Types.DLV)&& (@verifier_type==VerifierType::DLV)))
175
+ if (sig.inception <= Time.now.to_i)
176
+ # Check sig.expiration, sig.algorithm
177
+ if (sig.expiration > expiration)
178
+ expiration = sig.expiration
179
+ end
180
+ end
181
+ end
182
+ }
183
+ if (expiration > 0)
184
+ ds_rrset.rrs.each { |ds|
185
+ if ((ds.type === Types.DS) || ((ds.type == Types.DLV) && (@verifier_type == VerifierType::DLV)))
186
+ if (ds.check_key(key))
187
+ @trusted_keys.add_key_with_expiration(key, expiration)
188
+ found = true
189
+ end
190
+ end
191
+ }
192
+ end
193
+ return found
194
+ end
195
+
196
+ # Verify the specified message (or RRSet) using the set of trusted keys.
197
+ # If keys is a DNSKEY, or an Array or RRSet of DNSKEYs, then keys
198
+ # is added to the set of trusted keys before the message (or RRSet) is
199
+ # verified.
200
+ #
201
+ # If msg is a Dnsruby::Message, then any signed DNSKEY or DS RRSets are
202
+ # processed first, and any new keys are added to the trusted key set
203
+ # before the other RRSets are checked.
204
+ #
205
+ # msg can be a Dnsruby::Message or Dnsruby::RRSet.
206
+ # keys may be nil, or a KeyCache or an RRSet of Dnsruby::RR::DNSKEY
207
+ #
208
+ # Returns true if the message verifies OK, and false otherwise.
209
+ def verify(msg, keys = nil)
210
+ if (msg.kind_of?RRSet)
211
+ if (msg.type == Types.DNSKEY)
212
+ return verify_key_rrset(msg, keys)
213
+ end
214
+ if ((msg.type == Types.DS) || (msg.type == Types.DLV))
215
+ return verify_ds_rrset(msg, keys)
216
+
217
+ end
218
+ return verify_rrset(msg, keys)
219
+ end
220
+ # Use the set of trusted keys to check any RRSets we can, ideally
221
+ # those of other DNSKEY RRSets first. Then, see if we can use any of the
222
+ # new total set of keys to check the rest of the rrsets.
223
+ # Return true if we can verify the whole message.
224
+
225
+ msg.each_section do |section|
226
+ # print "Checking section : #{section}\n"
227
+ ds_rrsets = section.rrsets(Types.DS)
228
+ if ((!ds_rrsets || ds_rrsets.length == 0) && (@verifier_type == VerifierType::DLV))
229
+ ds_rrsets = section.rrsets(Types.DLV)
230
+ end
231
+ ds_rrsets.each {|ds_rrset|
232
+ if ((ds_rrset && ds_rrset.rrs.length > 0) && !verify_ds_rrset(ds_rrset, keys, msg))
233
+ raise VerifyError.new("Failed to verify DS RRSet")
234
+ # return false
235
+ end
236
+ }
237
+
238
+ key_rrsets = section.rrsets(Types.DNSKEY)
239
+ key_rrsets.each {|key_rrset|
240
+ if ((key_rrset && key_rrset.rrs.length > 0) && !verify_key_rrset(key_rrset, keys))
241
+ raise VerifyError.new("Failed to verify DNSKEY RRSet")
242
+ # return false
243
+ end
244
+ }
245
+ end
246
+
247
+ verify_nsecs(msg)
248
+
249
+ # Then, look through all the remaining RRSets, and verify them all (unless not necessary).
250
+ msg.section_rrsets.each do |section, rrsets|
251
+ rrsets.each do |rrset|
252
+ # If delegation NS or glue AAAA/A, then don't expect RRSIG.
253
+ # Otherwise, expect RRSIG and fail verification if RRSIG is not present
254
+
255
+ if ((section == "authority") && (rrset.type == Types.NS))
256
+ # Check for delegation
257
+ dsrrset = msg.authority.rrsets('DS')[0]
258
+ if ((msg.answer.size == 0) && (!dsrrset) && (rrset.type == Types.NS)) # (isDelegation)
259
+ # Now check NSEC(3) records for absence of DS and SOA
260
+ nsec = msg.authority.rrsets('NSEC')[0]
261
+ if (nsec.length == 0)
262
+ nsec = msg.authority.rrsets('NSEC3')[0]
263
+ end
264
+ if (nsec.rrs.length > 0)
265
+ if (!(nsec.rrs()[0].types.include?'DS') || !(nsec.rrs()[0].types.include?'SOA'))
266
+ next # delegation which we expect to be unsigned - so don't verify it!
267
+ end
268
+ end
269
+ end
270
+ # If NS records delegate the name to the child's nameservers, then they MUST NOT be signed
271
+ if (rrset.type == Types.NS)
272
+ # all_delegate = true
273
+ # rrset.rrs.each {|rr|
274
+ # name = Name.create(rr.nsdname)
275
+ # name.absolute = true
276
+ # if (!(name.subdomain_of?(rr.name)))
277
+ # all_delegate = false
278
+ # end
279
+ # }
280
+ # if (all_delegate && rrset.sigs.length == 0)
281
+ # next
282
+ # end
283
+ if ((rrset.name.to_s.downcase == msg.question()[0].qname.to_s.downcase) && (rrset.sigs.length == 0))
284
+ next
285
+ end
286
+ end
287
+ end
288
+
289
+ if (section == "additional")
290
+ # check for glue
291
+ # if the ownername (in the addtional section) of the glue address is the same or longer as the ownername of the NS record, it is glue
292
+ if (msg.additional.size > 0)
293
+ arec = msg.additional.rrsets('A')[0]
294
+ if (!arec || arec.rrs.length == 0)
295
+ arec = msg.additional.rrsets('AAAA')[0]
296
+ end
297
+ ns_rrsets = msg.additional.rrsets('NS')
298
+ ns_rrsets.each {|ns_rrset|
299
+ if (ns_rrset.length > 0)
300
+ nsname = ns_rrset.rrs()[0].name
301
+ if (arec && arec.rrs().length > 0)
302
+ aname = arec.rrs()[0].name
303
+ if (nsname.subdomain_of?aname)
304
+ next
305
+ end
306
+ end
307
+ end
308
+ }
309
+ end
310
+ end
311
+ # If records are in additional, and no RRSIG, that's Ok - just don't use them!
312
+ if ((section == "additional") && (rrset.sigs.length == 0))
313
+ # @TODO@ Make sure that we don't cache these records!
314
+ next
315
+ end
316
+ # else verify RRSet
317
+ # print "About to verify #{rrset.name}, #{rrset.type}\n"
318
+ if (!verify_rrset(rrset, keys))
319
+ # print "FAILED TO VERIFY RRSET #{rrset.name}, #{rrset.type}\n"
320
+ TheLog.debug("Failed to verify rrset")
321
+ return false
322
+ end
323
+ end
324
+ end
325
+ return true
326
+ end
327
+
328
+ def verify_nsecs(msg) # :nodoc:
329
+ # NSEC(3) handling. Get NSEC(3)s in four cases : (RFC 4035, section 3.1.3)
330
+ # a) No data - <SNAME, SCLASS> matches, but no <SNAME, SCLASS, STYPE) (§3.1.3.1)
331
+ # - will expect NSEC in Authority (and associated RRSIG)
332
+ # - NOERROR returned
333
+ # b) Name error - no RRSets that match <SNAME, SCLASS> either exactly or through wildcard expansion (§3.1.3.2)
334
+ # - NSEC wil prove i) no exact match for <SNAME, SCLASS>, and ii) no RRSets that could match through wildcard expansion
335
+ # - this may be proved in one or more NSECs (and associated RRSIGs)
336
+ # - NXDOMAIN returned - should ensure we verify!
337
+ # c) Wildcard answer - No <SNAME, SCLASS> direct matches, but matches <SNAME, SCLASS, STYPE> through wildcard expansion (§3.1.3.3)
338
+ # - Answer section must include wildcard-expanded answer (and associated RRSIGs)
339
+ # - label count in answer RRSIG indicates wildcard RRSet was expanded (less labels than in owner name)
340
+ # - Authority section must include NSEC (and RRSIGs) proving that zone does not contain a closer match
341
+ # - NOERROR returned
342
+ # d) Wildcard no data - No <SNAME, SCLASS> direct. <SNAME, SCLASS> yes but <SNAME, SCLASS, STYPE> no through wildcard expansion (§3.1.3.4)
343
+ # - Authority section contains NSECs (and RRSIGs) for :
344
+ # i) NSEC proving no RRSets matching STYPE at wildcard owner name that matched <SNAME, SCLASS> via wildcard expansion
345
+ # ii) NSEC proving no RRSets in zone that would have been closer match for <SNAME, SCLASS>
346
+ # - this may be proved by one or more NSECs (and associated RRSIGs)
347
+ # - NOERROR returned
348
+ #
349
+ # Otherwise no NSECs should be returned.
350
+
351
+ # So, check for NSEC records in response, and work out what type of answer we have.
352
+ # Then, if NSECs are present, make sure that we prove what they said they would.
353
+ # What if the message *should* have no NSEC records? That can only be known by the validator.
354
+ # We will assume that the validator has checked the (non)-existence of NSEC records - we should not
355
+ # get upset if there aren't any. However, if there are, then we should verify that they say the right thing
356
+ qtype = msg.question()[0].qtype
357
+ return if (msg.rcode == RCode.NOERROR && ((qtype == Types.ANY) || (qtype == Types.NSEC) || (qtype == Types.NSEC3)))
358
+ if ((msg.rrsets('NSEC').length > 0) || (msg.rrsets('NSEC3').length > 0))
359
+ if (msg.rcode == RCode.NXDOMAIN)
360
+ # print "Checking NSECs for Name Error\n"
361
+ #Name error - NSEC wil prove i) no exact match for <SNAME, SCLASS>, and ii) no RRSets that could match through wildcard expansion
362
+ # - this may be proved in one or more NSECs (and associated RRSIGs)
363
+ check_name_in_nsecs(msg)
364
+ return check_no_wildcard_expansion(msg)
365
+ elsif (msg.rcode == RCode.NOERROR)
366
+ if (msg.answer.length > 0)
367
+ # print "Checking NSECs for wildcard expansion\n"
368
+ # wildcard expansion answer - check NSECs!
369
+ # We want to make sure that the NSEC tells us that there is no closer match for this name
370
+ # @TODO@ We need to make replace the RRSIG name with the wildcard name before we can verify it correctly.
371
+ check_num_rrsig_labels(msg)
372
+ return check_name_in_nsecs(msg, msg.question()[0].qtype, true)
373
+ else
374
+ # Either no data or wildcard no data - check to see which
375
+ # Should be able to tell this by checking the number of labels in the NSEC records.
376
+ # Sort these two last cases out!
377
+ isWildcardNoData = false
378
+ [msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
379
+ nsec_rrsets.each {|nsec_rrset|
380
+ nsec_rrset.rrs.each {|nsec|
381
+ # print "Checking nsec to see if wildcard : #{nsec}\n"
382
+ if (nsec.name.wild? ||(nsec.name.labels.length < msg.question()[0].qname.labels.length))
383
+ isWildcardNoData = true
384
+ end
385
+ }
386
+ }
387
+ }
388
+
389
+ if (isWildcardNoData)
390
+ # print "Checking NSECs for wildcard no data\n"
391
+ # Check NSECs -
392
+ # i) NSEC proving no RRSets matching STYPE at wildcard owner name that matched <SNAME, SCLASS> via wildcard expansion
393
+ check_name_not_in_wildcard_nsecs(msg)
394
+ # ii) NSEC proving no RRSets in zone that would have been closer match for <SNAME, SCLASS>
395
+ return check_name_in_and_type_not_in_nsecs(msg)
396
+ else # (isNoData)
397
+ # print "Checking NSECs for No data\n"
398
+ # Check NSEC types covered to make sure this type not present.
399
+ return check_name_in_and_type_not_in_nsecs(msg)
400
+ end
401
+ end
402
+ else
403
+ # Anything we should do here?
404
+ end
405
+ end
406
+
407
+ end
408
+
409
+ def check_num_rrsig_labels(msg) # :nodoc:
410
+ # Check that the number of labels in the RRSIG is less than the number
411
+ # of labels in the answer name
412
+ answer_rrset = msg.answer.rrset(msg.question()[0].qname, msg.question()[0].qtype)
413
+ if (answer_rrset.length == 0)
414
+ raise VerifyError.new("Expected wildcard expanded answer for #{msg.question()[0].qname}")
415
+ end
416
+ rrsig = answer_rrset.sigs()[0]
417
+ if (rrsig.labels >= msg.question()[0].qname.labels.length)
418
+ raise VerifyError.new("RRSIG does not prove wildcard expansion for #{msg.question()[0].qname}")
419
+ end
420
+ end
421
+
422
+ def check_no_wildcard_expansion(msg) # :nodoc:
423
+ proven_no_wildcards = false
424
+ name = msg.question()[0].qname
425
+ [msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
426
+ nsec_rrsets.each {|nsecs|
427
+ nsecs.rrs.each {|nsec|
428
+ # print "Checking NSEC : #{nsec}\n"
429
+ next if (nsec.name.wild?)
430
+ if (check_record_proves_no_wildcard(msg, nsec))
431
+ proven_no_wildcards = true
432
+ end
433
+ }
434
+ }
435
+ }
436
+ if (!proven_no_wildcards)
437
+ # print "No proof that no RRSets could match through wildcard expansion\n"
438
+ raise VerifyError.new("No proof that no RRSets could match through wildcard expansion")
439
+ end
440
+
441
+ end
442
+
443
+ def check_record_proves_no_wildcard(msg, nsec) # :nodoc:
444
+ # Check that the NSEC goes from the SOA to a zone canonically after a wildcard
445
+ # print "Checking wildcard proof for #{nsec.name}\n"
446
+ soa_rrset = msg.authority.rrset(nsec.name, 'SOA')
447
+ if (soa_rrset.length > 0)
448
+ # print "Found SOA for #{nsec.name}\n"
449
+ wildcard_name = Name.create("*." + nsec.name.to_s)
450
+ # print "Checking #{wildcard_name}\n"
451
+ if (wildcard_name.canonically_before(nsec.next_domain))
452
+ return true
453
+ end
454
+ end
455
+ return false
456
+ end
457
+
458
+ def check_name_in_nsecs(msg, qtype=nil, expected_qtype = false) # :nodoc:
459
+ # Check these NSECs to make sure that this name cannot be in the zone
460
+ # and that no RRSets could match through wildcard expansion
461
+ name = msg.question()[0].qname
462
+ proven_name_in_nsecs = false
463
+ type_covered_checked = false
464
+ [msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
465
+ nsec_rrsets.each {|nsecs|
466
+ nsecs.rrs.each {|nsec|
467
+ # print "Checking NSEC : #{nsec}\n"
468
+ next if (nsec.name.wild?)
469
+ if nsec.check_name_in_range(name)
470
+ proven_name_in_nsecs = true
471
+ qtype_present = false
472
+ if (qtype)
473
+ if (nsec.types.include?qtype)
474
+ qtype_present = true
475
+ end
476
+ if (qtype_present != expected_qtype)
477
+ # print "#{nsec.type} record #{nsec} does #{expected_qtype ? 'not ' : ''} include #{qtype} type\n"
478
+ raise VerifyError.new("#{nsec.type} record #{nsec} does #{expected_qtype ? 'not ' : ''}include #{qtype} type")
479
+ # return false
480
+ end
481
+ type_covered_checked = true
482
+ end
483
+ end
484
+ }
485
+ }
486
+ }
487
+ if (!proven_name_in_nsecs)
488
+ # print "No proof for non-existence for #{name}\n"
489
+ raise VerifyError.new("No proof for non-existence for #{name}")
490
+ end
491
+ if (qtype && !type_covered_checked)
492
+ # print "Tyes covered wrong for #{name}\n"
493
+ raise VerifyError.new("Types covered wrong for #{name}")
494
+ end
495
+ end
496
+
497
+ def check_name_in_and_type_not_in_nsecs(msg) # :nodoc:
498
+ check_name_in_nsecs(msg, msg.question()[0].qtype, false)
499
+ end
500
+
501
+ def check_name_not_in_wildcard_nsecs(msg) # :nodoc:
502
+ name = msg.question()[0].qname
503
+ qtype = msg.question()[0].qtype
504
+ done= false
505
+ [msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
506
+ nsec_rrsets.each {|nsecs|
507
+ nsecs.rrs.each {|nsec|
508
+ # print "Checking NSEC : #{nsec}\n"
509
+ next if !nsec.name.wild?
510
+ # Check the wildcard expansion
511
+ # We want to see that the name is in the wildcard range, and that the type
512
+ # is not in the types for the NSEC
513
+ if nsec.check_name_in_wildcard_range(name)
514
+ # print "Wildcard expansion in #{nsec} includes #{name}\n"
515
+ raise VerifyError.new("Wildcard expansion in #{nsec} includes #{name}")
516
+ # return false
517
+ end
518
+ if (nsec.types.include?qtype)
519
+ # print "#{qtype} present in wildcard #{nsec}\n"
520
+ raise VerifyError.new("#{qtype} present in wildcard #{nsec}")
521
+ # return false
522
+ end
523
+ done = true
524
+ }
525
+ }
526
+ }
527
+ return if done
528
+ # print("Expected wildcard expansion in #{msg}\n")
529
+ raise VerifyError.new("Expected wildcard expansion in #{msg}")
530
+ # return false
531
+ end
532
+
533
+ def verify_ds_rrset(ds_rrset, keys = nil, msg = nil) # :nodoc:
534
+ # print "verify_ds_rrset #{ds_rrset}\n"
535
+ if (ds_rrset && ds_rrset.num_sigs > 0)
536
+ if (verify_rrset(ds_rrset, keys))
537
+ # Need to handle DS RRSets (with RRSIGs) not just DS records.
538
+ # ds_rrset.rrs.each do |ds|
539
+ # Work out which key this refers to, and add it to the trusted key store
540
+ found = false
541
+ if (msg)
542
+ msg.each_section do |section|
543
+ section.rrsets('DNSKEY').each {|rrset|
544
+ rrset.rrs.each do |rr|
545
+ if (check_ds(rr, ds_rrset))
546
+ found = true
547
+ end
548
+ end
549
+ }
550
+ end
551
+ end
552
+ get_keys_to_check().each {|key|
553
+ if (check_ds(key, ds_rrset))
554
+ found = true
555
+ end
556
+ }
557
+ # If we couldn't find the trusted key, then we should store the
558
+ # key tag and digest in a @@discovered_ds_store.
559
+ # Each time we see a new key (which has been signed) then we should
560
+ # check if it is sitting on the discovered_ds_store.
561
+ # If it is, then we should add it to the trusted_keys and remove the
562
+ # DS from the discovered_ds_store
563
+ if (!found)
564
+ @discovered_ds_store.push(ds_rrset)
565
+ end
566
+ # end
567
+ return true
568
+ else
569
+ return false
570
+ end
571
+ end
572
+ return false # no DS rrset to verify
573
+ end
574
+
575
+ def verify_key_rrset(key_rrset, keys = nil) # :nodoc:
576
+ # print "verify_key_rrset\n"
577
+ verified = false
578
+ if (key_rrset && key_rrset.num_sigs > 0)
579
+ if (verify_rrset(key_rrset, keys))
580
+ # key_rrset.rrs.each do |rr|
581
+ # print "Adding keys : "
582
+ # key_rrset.rrs.each {|rr| print "#{rr.key_tag}, "}
583
+ # print "\n"
584
+ @trusted_keys.add(key_rrset) # rr)
585
+ verified = true
586
+ end
587
+ check_ds_stores(key_rrset)
588
+ end
589
+ return verified
590
+ end
591
+
592
+ def check_ds_stores(key_rrset) # :nodoc:
593
+ # See if the keys match any of the to_be_trusted_keys
594
+ key_rrset.rrs.each do |key|
595
+ @configured_ds_store.each do |ds|
596
+ if (ds.check_key(key))
597
+ @trusted_keys.add_key_with_expiration(key, key_rrset.sigs()[0].expiration)
598
+ end
599
+ end
600
+ @discovered_ds_store.each do |tbtk|
601
+ # Check that the RRSet is still valid!!
602
+ # Should we get it out of the main cache?
603
+ if ((tbtk.sigs()[0].expiration < Time.now.to_i))
604
+ @discovered_ds_store.delete(tbtk)
605
+ else
606
+ tbtk.rrs.each {|ds|
607
+ if (ds.check_key(key))
608
+ @trusted_keys.add_key_with_expiration(key, tbtk.sigs()[0].expiration)
609
+ @discovered_ds_store.delete(tbtk)
610
+ end
611
+ }
612
+ end
613
+ end
614
+ # end
615
+ end
616
+
617
+ end
618
+
619
+ def get_keys_to_check # :nodoc:
620
+ keys_to_check = @trust_anchors.keys + @trusted_keys.keys
621
+ return keys_to_check
622
+ end
623
+
624
+ # Find the first matching DNSKEY and RRSIG record in the two sets.
625
+ def get_matching_key(keys, sigrecs)#:nodoc: all
626
+ # There can be multiple signatures in the RRSet - which one should we choose?
627
+ if ((keys == nil) || (sigrecs == nil))
628
+ return nil, nil
629
+ end
630
+ if (RR::DNSKEY === keys)
631
+ keys = [keys]
632
+ end
633
+ enumerator = keys
634
+ if (enumerator.class == RRSet)
635
+ enumerator = enumerator.rrs
636
+ end
637
+ enumerator.each {|key|
638
+ if ((key.revoked?)) # || (key.bad_flags?))
639
+ next
640
+ end
641
+
642
+ sigrecs.each {|sig|
643
+ if ((key.key_tag == sig.key_tag) && (key.algorithm == sig.algorithm))
644
+ # print "Found key #{key.key_tag}\n"
645
+ return key, sig
646
+ end
647
+ }
648
+ }
649
+ return nil, nil
650
+ end
651
+
652
+ # Verify the signature of an rrset encoded with the specified KeyCache
653
+ # or RRSet. If no signature is included, false is returned.
654
+ #
655
+ # Returns true if the RRSet verified, false otherwise.
656
+ def verify_rrset(rrset, keys = nil)
657
+ # @TODO@ Finer-grained reporting than "false".
658
+ # print "Verify_rrset #{rrset.name}, #{rrset.type}\n"
659
+ sigrecs = rrset.sigs
660
+ # return false if (rrset.num_sigs == 0)
661
+ if (rrset.rrs.length == 0)
662
+ raise VerifyError.new("No RRSet to veryify")
663
+ end
664
+ if (rrset.num_sigs == 0)
665
+ raise VerifyError.new("No signatures in the RRSet : #{rrset.name}, #{rrset.type}")
666
+ end
667
+ sigrecs.each do |sigrec|
668
+ check_rr_data(rrset, sigrec)
669
+ end
670
+
671
+ keyrec = nil
672
+ sigrec = nil
673
+ if (rrset.type == Types.DNSKEY)
674
+ if (keys && ((keys.type == Types.DS) || ((keys.type == Types.DLV) && (@verifier_type == VerifierType::DLV))))
675
+ rrset.rrs.each do |key|
676
+ keys.rrs.each do |ds|
677
+ if (ds.check_key(key))
678
+ @trusted_keys.add_key_with_expiration(key, rrset.sigs()[0].expiration)
679
+ end
680
+ end
681
+ end
682
+ else
683
+ check_ds_stores(rrset)
684
+ end
685
+ end
686
+ if ((keys.nil?) || ((keys.type == Types.DS) || ((keys.type == Types.DLV) && (@verifier_type == VerifierType::DLV))))
687
+ keyrec, sigrec = get_matching_key(get_keys_to_check, sigrecs)
688
+ else
689
+ keyrec, sigrec = get_matching_key(keys, sigrecs)
690
+ end
691
+
692
+ # return false if !keyrec
693
+ if (!keyrec)
694
+ # print "Couldn't find signing key! #{rrset.name}, #{rrset.type},\n "
695
+ raise VerifyError.new("Signing key not found")
696
+ end
697
+
698
+ # RFC 4034
699
+ #3.1.8.1. Signature Calculation
700
+
701
+ if (keyrec.sep_key? && !keyrec.zone_key?)
702
+ Dnsruby.log.error("DNSKEY with SEP flag set and Zone Key flag not set was used to verify RRSIG over RRSET - this is not allowed by RFC4034 section 2.1.1")
703
+ # return false
704
+ raise VerifyError.new("DNSKEY with SEP flag set and Zone Key flag not set")
705
+ end
706
+
707
+ #Any DNS names in the RDATA field of each RR MUST be in
708
+ #canonical form; and
709
+ #The RRset MUST be sorted in canonical order.
710
+ rrset = rrset.sort_canonical
711
+
712
+ sig_data = sigrec.sig_data
713
+
714
+ #RR(i) = owner | type | class | TTL | RDATA length | RDATA
715
+ rrset.each do |rec|
716
+ old_ttl = rec.ttl
717
+ rec.ttl = sigrec.original_ttl
718
+ data = MessageEncoder.new { |msg|
719
+ msg.put_rr(rec, true)
720
+ }.to_s # @TODO@ worry about wildcards here?
721
+ rec.ttl = old_ttl
722
+ if (RUBY_VERSION >= "1.9")
723
+ data.force_encoding("ASCII-8BIT")
724
+ end
725
+ sig_data += data
726
+ end
727
+
728
+ # Now calculate the signature
729
+ verified = false
730
+ if [Algorithms.RSASHA1,
731
+ Algorithms.RSASHA1_NSEC3_SHA1].include?(sigrec.algorithm)
732
+ verified = keyrec.public_key.verify(OpenSSL::Digest::SHA1.new, sigrec.signature, sig_data)
733
+ # elsif (sigrec.algorithm == Algorithms.RSASHA256)
734
+ # verified = keyrec.public_key.verify(Digest::SHA256.new, sigrec.signature, sig_data)
735
+ elsif [Algorithms.DSA,
736
+ Algorithms.DSA_NSEC3_SHA1].include?(sigrec.algorithm)
737
+ # we are ignoring T for now
738
+ # t = sigrec.signature[0]
739
+ # t = t.getbyte(0) if t.class == String
740
+ r = RR::get_num(sigrec.signature[1, 20])
741
+ s = RR::get_num(sigrec.signature[21, 20])
742
+ r_asn1 = OpenSSL::ASN1::Integer.new(r)
743
+ s_asn1 = OpenSSL::ASN1::Integer.new(s)
744
+
745
+ asn1 = OpenSSL::ASN1::Sequence.new([r_asn1, s_asn1]).to_der
746
+ verified = keyrec.public_key.verify(OpenSSL::Digest::DSS1.new, asn1, sig_data)
747
+ else
748
+ raise RuntimeError.new("Algorithm #{sigrec.algorithm.code} unsupported by Dnsruby")
749
+ end
750
+
751
+ if (!verified)
752
+ raise VerifyError.new("Signature failed to cryptographically verify")
753
+ end
754
+ # Sort out the TTLs - set it to the minimum valid ttl
755
+ expiration_diff = (sigrec.expiration.to_i - Time.now.to_i).abs
756
+ rrset.ttl = ([rrset.ttl, sigrec.ttl, sigrec.original_ttl,
757
+ expiration_diff].sort)[0]
758
+ # print "VERIFIED OK\n"
759
+ return true
760
+ end
761
+
762
+ def find_closest_dlv_anchor_for(name) # :nodoc:
763
+ # To find the closest anchor, query DLV.isc.org for [a.b.c.d], then [a.b.c], [a.b], etc.
764
+ # once closest anchor found, simply run follow_chain from that anchor
765
+
766
+ # @TODO@ REALLY NEED AGGRESSIVE NEGATIVE CACHING HERE!!
767
+ # i.e. don't look up zones which we *know* we don't have a DLV anchor for
768
+
769
+ n = Name.create(name)
770
+ root = Name.create(".")
771
+ while (n != root)
772
+ # Try to find name in DLV, and return it if possible
773
+ dlv_rrset = query_dlv_for(n)
774
+ if (dlv_rrset)
775
+ key_rrset = get_zone_key_from_dlv_rrset(dlv_rrset, n)
776
+ return key_rrset
777
+ end
778
+ # strip the name
779
+ n = n.strip_label
780
+ end
781
+ return false
782
+ end
783
+
784
+ def get_zone_key_from_dlv_rrset(dlv_rrset, name) # :nodoc:
785
+ # We want to return the key for the zone i.e. DS/DNSKEY for .se, NOT DLV for se.dlv.isc.org
786
+ # So, we have the DLv record. Now use it to add the zone's DNSKEYs to the trusted key set.
787
+ res = get_nameservers_for(name)
788
+ if (!res)
789
+ if (Dnssec.do_validation_with_recursor?)
790
+ res = Recursor.new
791
+ else
792
+ if(Dnssec.default_resolver)
793
+ res = Dnssec.default_resolver
794
+ else
795
+ res = Resolver.new
796
+ end
797
+ end
798
+ end
799
+ # query = Message.new(name, Types.DNSKEY)
800
+ # query.do_validation = false
801
+ ret = nil
802
+ begin
803
+ # ret = res.send_message(query)
804
+ ret = res.query_no_validation_or_recursion(name, Types.DNSKEY)
805
+ if (!ret)
806
+ raise ResolvError.new("Couldn't get DNSKEY from Recursor")
807
+ end
808
+ rescue ResolvError => e
809
+ # print "Error getting zone key from DLV RR for #{name} : #{e}\n"
810
+ TheLog.error("Error getting zone key from DLV RR for #{name} : #{e}")
811
+ return false
812
+ end
813
+ key_rrset = ret.answer.rrset(name, Types.DNSKEY)
814
+ begin
815
+ verify(key_rrset, dlv_rrset)
816
+ # Cache.add(ret)
817
+ return key_rrset
818
+ rescue VerifyError => e
819
+ # print "Can't move from DLV RR to zone DNSKEY for #{name}, error : #{e}\n"
820
+ TheLog.debug("Can't move from DLV RR to zone DNSKEY for #{name}, error : #{e}")
821
+ end
822
+ return false
823
+ end
824
+
825
+ def query_dlv_for(name) # :nodoc:
826
+ # See if there is a record for name in dlv.isc.org
827
+ if (!@res && (@verifier_type == VerifierType::DLV))
828
+ @res = get_dlv_resolver
829
+ end
830
+ begin
831
+ name_to_query = name.to_s+".dlv.isc.org"
832
+ # query = Message.new(name_to_query, Types.DLV)
833
+ # @res.single_resolvers()[0].prepare_for_dnssec(query)
834
+ # query.do_validation = false
835
+ ret = nil
836
+ begin
837
+ # ret = @res.send_message(query)
838
+ ret = @res.query_no_validation_or_recursion(name_to_query, Types.DLV)
839
+ if (!ret)
840
+ raise ResolvError.new("Couldn't get DLV record from Recursor")
841
+ end
842
+ rescue ResolvError => e
843
+ # print "Error getting DLV record for #{name} : #{e}\n"
844
+ TheLog.info("Error getting DLV record for #{name} : #{e}")
845
+ return nil
846
+ end
847
+ dlv_rrset = ret.answer.rrset(name_to_query,Types.DLV)
848
+ if (dlv_rrset.rrs.length > 0)
849
+ begin
850
+ verify(dlv_rrset)
851
+ # Cache.add(ret)
852
+ return dlv_rrset
853
+ rescue VerifyError => e
854
+ # print "Error verifying DLV records for #{name}, #{e}\n"
855
+ TheLog.info("Error verifying DLV records for #{name}, #{e}")
856
+ end
857
+ end
858
+ rescue NXDomain
859
+ # print "NXDomain for DLV lookup for #{name}\n"
860
+ return nil
861
+ end
862
+ return nil
863
+ end
864
+
865
+ def find_closest_anchor_for(name) # :nodoc:
866
+ # Check if we have an anchor for name.
867
+ # If not, strip off first label and try again
868
+ # If we get to root, then return false
869
+ n = Name.create(name)
870
+ root = Name.create(".")
871
+ while (n != root)
872
+ # Try the trusted keys first, then the DS set
873
+ (@trust_anchors.keys + @trusted_keys.keys + @configured_ds_store + @discovered_ds_store).each {|key|
874
+ return key if key.name.to_s.downcase == n.to_s.downcase
875
+ }
876
+ # strip the name
877
+ n = n.strip_label
878
+ end
879
+ return false
880
+ end
881
+
882
+ # @TODO@ Handle REVOKED keys! (RFC 5011)
883
+
884
+ def follow_chain(anchor, name) # :nodoc:
885
+ # Follow the chain from the anchor to name, returning the appropriate
886
+ # key at the end, or false.
887
+ #
888
+ # i.e. anchor = se, name = foo.example.se
889
+ # get anchor for example.se with se anchor
890
+ # get anchor for foo.example.se with example.se anchor
891
+ next_key = anchor
892
+ next_step = anchor.name
893
+ parent = next_step
894
+ # print "Follow chain from #{anchor.name} to #{name}\n"
895
+ TheLog.debug("Follow chain from #{anchor.name} to #{name}")
896
+
897
+ res = nil
898
+ # while ((next_step != name) || (next_key.type != Types.DNSKEY))
899
+ while (true)
900
+ # print "In loop for parent=#{parent}, next step = #{next_step}\n"
901
+ dont_move_on = false
902
+ if (next_key.type != Types.DNSKEY)
903
+ dont_move_on = true
904
+ end
905
+ next_key, res = get_anchor_for(next_step, parent, next_key, res)
906
+ if (next_step == name)
907
+ # print "Returning #{next_key.type} for #{next_step}, #{(next_key.type != Types.DNSKEY)}\n"
908
+ return next_key
909
+ end
910
+ return false if (!next_key)
911
+ # Add the next label on
912
+ if (!dont_move_on)
913
+ parent = next_step
914
+ next_step = Name.new(name.labels[name.labels.length-1-next_step.labels.length,1] +
915
+ next_step.labels , name.absolute?)
916
+ # print "Next parent = #{parent}, next_step = #{next_step}, next_key.type = #{next_key.type.string}\n"
917
+ end
918
+ end
919
+
920
+ # print "Returning #{next_key.type} for #{next_step}, #{(next_key.type != Types.DNSKEY)}\n"
921
+
922
+ return next_key
923
+ end
924
+
925
+ def get_anchor_for(child, parent, current_anchor, parent_res = nil) # :nodoc:
926
+ # print "Trying to discover anchor for #{child} from #{parent}\n"
927
+ TheLog.debug("Trying to discover anchor for #{child} from #{parent}")
928
+ # We wish to return a DNSKEY which the caller can use to verify name
929
+ # We are either given a key or a ds record from the parent zone
930
+ # If given a DNSKEY, then find a DS record signed by that key for the child zone
931
+ # Use the DS record to find a valid key in the child zone
932
+ # Return it
933
+
934
+ # Find NS RRSet for parent
935
+ child_res = nil
936
+ begin
937
+ if (child!=parent)
938
+ if (!parent_res)
939
+ # print "No res passed - try to get nameservers for #{parent}\n"
940
+ parent_res = get_nameservers_for(parent)
941
+ if (!parent_res)
942
+ if (Dnssec.do_validation_with_recursor?)
943
+ parent_res = Recursor.new
944
+ else
945
+ if (Dnssec.default_resolver)
946
+ parent_res = Dnssec.default_resolver
947
+ else
948
+ parent_res = Resolver.new
949
+ end
950
+ end
951
+ end
952
+ end
953
+ # Use that Resolver to query for DS record and NS for children
954
+ ds_rrset = current_anchor
955
+ if (current_anchor.type == Types.DNSKEY)
956
+ # print "Trying to find DS records for #{child} from servers for #{parent}\n"
957
+ TheLog.debug("Trying to find DS records for #{child} from servers for #{parent}")
958
+ ds_ret = nil
959
+ begin
960
+ ds_ret = parent_res.query_no_validation_or_recursion(child, Types.DS)
961
+ if (!ds_ret)
962
+ raise ResolvError.new("Couldn't get DS records from Recursor")
963
+ end
964
+ rescue ResolvError => e
965
+ # print "Error getting DS record for #{child} : #{e}\n"
966
+ TheLog.error("Error getting DS record for #{child} : #{e}")
967
+ return false, nil
968
+ end
969
+ ds_rrset = ds_ret.answer.rrset(child, Types.DS)
970
+ if (ds_rrset.rrs.length == 0)
971
+ # @TODO@ Check NSEC(3) records - still need to verify there are REALLY no ds records!
972
+ # print "NO DS RECORDS RETURNED FOR #{parent}\n"
973
+ child_res = parent_res
974
+ else
975
+ begin
976
+ if (verify(ds_rrset, current_anchor))
977
+ # Try to make the resolver from the authority/additional NS RRSets in DS response
978
+ child_res = get_nameservers_from_message(child, ds_ret)
979
+ end
980
+ rescue VerifyError => e
981
+ # print "FAILED TO VERIFY DS RRSET FOR #{child}\n"
982
+ TheLog.info("FAILED TO VERIFY DS RRSET FOR #{child}")
983
+ return false, nil
984
+ end
985
+ end
986
+ end
987
+ end
988
+ # Make Resolver using all child NSs
989
+ if (!child_res)
990
+ child_res = get_nameservers_for(child, parent_res)
991
+ end
992
+ if (!child_res)
993
+ if (Dnssec.do_validation_with_recursor?)
994
+ child_res = Recursor.new
995
+ else
996
+ if (Dnssec.default_resolver)
997
+ child_res = Dnssec.default_resolver
998
+ else
999
+ if (Dnssec.default_resolver)
1000
+ child_res = Dnssec.default_resolver
1001
+ else
1002
+ child_res = Resolver.new
1003
+ end
1004
+ end
1005
+ end
1006
+ end
1007
+ # Query for DNSKEY record, and verify against DS in parent.
1008
+ # Need to get resolver NOT to verify this message - we verify it afterwards
1009
+ # print "Trying to find DNSKEY records for #{child} from servers for #{child}\n"
1010
+ TheLog.info("Trying to find DNSKEY records for #{child} from servers for #{child}")
1011
+ # query = Message.new(child, Types.DNSKEY)
1012
+ # query.do_validation = false
1013
+ key_ret = nil
1014
+ begin
1015
+ # key_ret = child_res.send_message(query)
1016
+ key_ret = child_res.query_no_validation_or_recursion(child, Types.DNSKEY)
1017
+ if (!key_ret)
1018
+ raise ResolvError.new("Couldn't get info from Recursor")
1019
+ end
1020
+ rescue ResolvError => e
1021
+ # print "Error getting DNSKEY for #{child} : #{e}\n"
1022
+ TheLog.error("Error getting DNSKEY for #{child} : #{e}")
1023
+ return false, nil
1024
+ end
1025
+ verified = true
1026
+ key_rrset = key_ret.answer.rrset(child, Types.DNSKEY)
1027
+ if (key_rrset.rrs.length == 0)
1028
+ # @TODO@ Still need to check NSEC records to make *sure* no key rrs returned!
1029
+ # print "NO DNSKEY RECORDS RETURNED FOR #{child}\n"
1030
+ TheLog.debug("NO DNSKEY RECORDS RETURNED FOR #{child}")
1031
+ # end
1032
+ verified = false
1033
+ else
1034
+ # Should check that the matching key's zone flag is set (RFC 4035 section 5.2)
1035
+ key_rrset.rrs.each {|k|
1036
+ if (!k.zone_key?)
1037
+ # print "Discovered DNSKEY is not a zone key - ignoring\n"
1038
+ TheLog.debug("Discovered DNSKEY is not a zone key - ignoring")
1039
+ return false, new_res
1040
+ end
1041
+ }
1042
+ begin
1043
+ verify(key_rrset, ds_rrset)
1044
+ rescue VerifyError => e
1045
+ begin
1046
+ verify(key_rrset)
1047
+ rescue VerifyError =>e
1048
+ verified = false
1049
+ end
1050
+ end
1051
+ # if (!verify(key_rrset, ds_rrset))
1052
+ # if (!verify(key_rrset))
1053
+ # # if (!verify(key_ret))
1054
+ # verified = false
1055
+ # end
1056
+ # end
1057
+
1058
+ end
1059
+
1060
+ # Try to make the resolver from the authority/additional NS RRSets in DNSKEY response
1061
+ new_res = get_nameservers_from_message(child, key_ret) # @TODO@ ?
1062
+ if (!new_res)
1063
+ new_res = child_res
1064
+ end
1065
+ if (!verified)
1066
+ TheLog.info("Failed to verify DNSKEY for #{child}")
1067
+ return false, new_res
1068
+ end
1069
+ # Cache.add(key_ret)
1070
+ return key_rrset, new_res
1071
+ rescue VerifyError => e
1072
+ # print "Verification error : #{e}\n"
1073
+ TheLog.info("Verification error : #{e}\n")
1074
+ return false, new_res
1075
+ end
1076
+ end
1077
+
1078
+ def get_nameservers_for(name, res = nil) # :nodoc:
1079
+ # @TODO@ !!!
1080
+ if (Dnssec.do_validation_with_recursor?)
1081
+ return Recursor.new
1082
+ else
1083
+ if (Dnssec.default_resolver)
1084
+ return Dnssec.default_resolver
1085
+ else
1086
+ return Resolver.new
1087
+ end
1088
+ end
1089
+ end
1090
+
1091
+ def get_nameservers_from_message(name, ns_ret) # :nodoc:
1092
+ if (Dnssec.default_resolver)
1093
+ return Dnssec.default_resolver
1094
+ end
1095
+
1096
+ ns_rrset = ns_ret.answer.rrset(name, Types.NS)
1097
+ if (!ns_rrset || ns_rrset.length == 0)
1098
+ ns_rrset = ns_ret.authority.rrset(name, Types.NS) # @TOO@ Is ths OK?
1099
+ end
1100
+ if (!ns_rrset || ns_rrset.length == 0 || ns_rrset.name.to_s != name.to_s)
1101
+ return nil
1102
+ end
1103
+ if (ns_rrset.sigs.length > 0)
1104
+ # verify_rrset(ns_rrset) # @TODO@ ??
1105
+ end
1106
+ # Cache.add(ns_ret)
1107
+ ns_additional = []
1108
+ ns_ret.additional.each {|rr| ns_additional.push(rr) if (rr.type == Types.A) }
1109
+ nameservers = []
1110
+ add_nameservers(ns_rrset, ns_additional, nameservers) # if (ns_additional.length > 0)
1111
+ ns_additional = []
1112
+ ns_ret.additional.each {|rr| ns_additional.push(rr) if (rr.type == Types.AAAA) }
1113
+ add_nameservers(ns_rrset, ns_additional, nameservers) if (ns_additional.length > 0)
1114
+ # Make Resolver using all NSs
1115
+ if (nameservers.length == 0)
1116
+ # print "Can't find nameservers for #{ns_ret.question()[0].qname} from #{ns_rrset.rrs}\n"
1117
+ TheLog.info("Can't find nameservers for #{ns_ret.question()[0].qname} from #{ns_rrset.rrs}")
1118
+ return nil # @TODO@ Could return a recursor here?
1119
+ #return Recursor.new
1120
+ end
1121
+ res = Resolver.new()
1122
+ res.nameserver=(nameservers)
1123
+ # Set the retry_delay to be (at least) the number of nameservers
1124
+ # Otherwise, the queries will be sent at a rate of more than one a second!
1125
+ res.retry_delay = nameservers.length * 2
1126
+ res.dnssec = true
1127
+ return res
1128
+ end
1129
+
1130
+ def add_nameservers(ns_rrset, ns_additional, nameservers) # :nodoc:
1131
+ # Want to go through all of the ns_rrset NS records,
1132
+ # print "Checking #{ns_rrset.rrs.length} NS records against #{ns_additional.length} address records\n"
1133
+ ns_rrset.rrs.sort_by {rand}.each {|ns_rr|
1134
+ # and see if we can find any of the names in the A/AAAA records in ns_additional
1135
+ found_addr = false
1136
+ ns_additional.each {|addr_rr|
1137
+ if (ns_rr.nsdname.to_s == addr_rr.name.to_s)
1138
+ # print "Found address #{addr_rr.address} for #{ns_rr.nsdname}\n"
1139
+ nameservers.push(addr_rr.address.to_s)
1140
+ found_addr = true
1141
+ break
1142
+ # If we can, then we add the server A/AAAA address to nameservers
1143
+ end
1144
+ # If we can't, then we add the server NS name to nameservers
1145
+
1146
+ }
1147
+ if (!found_addr)
1148
+ # print "Couldn't find address - adding #{ns_rr.nsdname}\n"
1149
+ nameservers.push(ns_rr.nsdname)
1150
+ end
1151
+
1152
+ }
1153
+ end
1154
+
1155
+ def validate_no_rrsigs(msg) # :nodoc:
1156
+ # print "Validating unsigned response\n"
1157
+ # WHAT IF THERE ARE NO RRSIGS IN MSG?
1158
+ # Then we need to check that we do not expect any RRSIGs
1159
+ if (!msg.question()[0] && msg.answer.length == 0)
1160
+ # print "Returning Message insecure OK\n"
1161
+ msg.security_level = Message::SecurityLevel.INSECURE
1162
+ return true
1163
+ end
1164
+ qname = msg.question()[0].qname
1165
+ closest_anchor = find_closest_anchor_for(qname)
1166
+ # print "Found closest anchor :#{closest_anchor}\n"
1167
+ if (closest_anchor)
1168
+ actual_anchor = follow_chain(closest_anchor, qname)
1169
+ # print "Actual anchor : #{actual_anchor}\n"
1170
+ if (actual_anchor)
1171
+ # print("Anchor exists for #{qname}, but no signatures in #{msg}\n")
1172
+ TheLog.error("Anchor exists for #{qname}, but no signatures in #{msg}")
1173
+ msg.security_level = Message::SecurityLevel.BOGUS
1174
+ return false
1175
+ end
1176
+ end
1177
+ if ((@verifier_type == VerifierType::DLV) &&
1178
+ @added_dlv_key)
1179
+ # Remember to check DLV registry as well (if appropriate!)
1180
+ # print "Checking DLV for closest anchor\n"
1181
+ dlv_anchor = find_closest_dlv_anchor_for(qname)
1182
+ # print "Found DLV closest anchor :#{dlv_anchor}\n"
1183
+ if (dlv_anchor)
1184
+ actual_anchor = follow_chain(dlv_anchor, qname)
1185
+ # print "Actual anchor : #{actual_anchor}\n"
1186
+ if (actual_anchor)
1187
+ # print("DLV Anchor exists for #{qname}, but no signatures in #{msg}\n")
1188
+ TheLog.error("DLV Anchor exists for #{qname}, but no signatures in #{msg}")
1189
+ msg.security_level = Message::SecurityLevel.BOGUS
1190
+ return false
1191
+ end
1192
+
1193
+ end
1194
+ end
1195
+ # print "Returning Message insecure OK\n"
1196
+ msg.security_level = Message::SecurityLevel.INSECURE
1197
+ return true
1198
+ end
1199
+
1200
+ def validate(msg, query)
1201
+ if (msg.rrsets('RRSIG').length == 0)
1202
+ return validate_no_rrsigs(msg)
1203
+ end
1204
+
1205
+ # See if it is a child of any of our trust anchors.
1206
+ # If it is, then see if we have a trusted key for it
1207
+ # If we don't, then see if we can get to it from the closest
1208
+ # trust anchor
1209
+ # Otherwise, try DLV (if configured)
1210
+ #
1211
+ #
1212
+ # So - find closest existing trust anchor
1213
+ error = nil
1214
+ msg.security_level = Message::SecurityLevel.INDETERMINATE
1215
+ qname = msg.question()[0].qname
1216
+ closest_anchor = find_closest_anchor_for(qname)
1217
+ error = try_to_follow_from_anchor(closest_anchor, msg, qname)
1218
+
1219
+ if ((msg.security_level.code < Message::SecurityLevel::SECURE) &&
1220
+ (@verifier_type == VerifierType::DLV) &&
1221
+ @added_dlv_key)
1222
+ # If we can't find anything, and we're set to check DLV, then
1223
+ # check the DLV registry and work down from there.
1224
+ dlv_anchor = find_closest_dlv_anchor_for(qname)
1225
+ if (dlv_anchor)
1226
+ # print "Trying to follow DLV anchor from #{dlv_anchor.name} to #{qname}\n"
1227
+ TheLog.debug("Trying to follow DLV anchor from #{dlv_anchor.name} to #{qname}")
1228
+ error = try_to_follow_from_anchor(dlv_anchor, msg, qname)
1229
+ else
1230
+ # print "Couldn't find DLV anchor for #{qname}\n"
1231
+ TheLog.debug("Couldn't find DLV anchor for #{qname}")
1232
+ end
1233
+ end
1234
+ if (msg.security_level.code != Message::SecurityLevel::SECURE)
1235
+ begin
1236
+ # print "Trying to verify one last time\n"
1237
+
1238
+ if verify(msg) # Just make sure we haven't picked the keys up anywhere
1239
+ msg.security_level = Message::SecurityLevel.SECURE
1240
+ return true
1241
+ end
1242
+ rescue VerifyError => e
1243
+ # print "Verify failed : #{e}\n"
1244
+ end
1245
+ end
1246
+ if (error)
1247
+ raise error
1248
+ end
1249
+ if (msg.security_level.code > Message::SecurityLevel::UNCHECKED)
1250
+ return true
1251
+ else
1252
+ return false
1253
+ end
1254
+ end
1255
+
1256
+ def try_to_follow_from_anchor(closest_anchor, msg, qname) # :nodoc:
1257
+ error = nil
1258
+ if (closest_anchor)
1259
+ # Then try to descend to the level we're interested in
1260
+ actual_anchor = follow_chain(closest_anchor, qname)
1261
+ if (!actual_anchor)
1262
+ TheLog.debug("Unable to follow chain from anchor : #{closest_anchor.name}")
1263
+ msg.security_level = Message::SecurityLevel.INSECURE
1264
+ else
1265
+ actual_anchor_keys = ""
1266
+ actual_anchor.rrs.each {|rr| actual_anchor_keys += ", #{rr.key_tag}"}
1267
+ TheLog.debug("Found anchor #{actual_anchor.name}, #{actual_anchor.type} for #{qname} : #{actual_anchor_keys}")
1268
+ # print "Found anchor #{actual_anchor.name}, #{actual_anchor.type} for #{qname} : #{actual_anchor_keys}\n"
1269
+ begin
1270
+ if (verify(msg, actual_anchor))
1271
+ TheLog.debug("Validated #{qname}")
1272
+ msg.security_level = Message::SecurityLevel.SECURE
1273
+ end
1274
+ rescue VerifyError => e
1275
+ TheLog.info("BOGUS #{qname}! Error : #{e}")
1276
+ # print "BOGUS #{qname}! Error : #{e}\n"
1277
+ msg.security_level = Message::SecurityLevel.BOGUS
1278
+ error = e
1279
+ end
1280
+ end
1281
+ else
1282
+ # print "Unable to find an anchor for #{qname}\n"
1283
+ msg.security_level = Message::SecurityLevel.INSECURE
1284
+ end
1285
+ return error
1286
+ end
1287
+
1288
+ end
1289
+ end