dnsruby 1.26 → 1.30
Sign up to get free protection for your applications and to get access to all the features.
- data/DNSSEC +19 -0
- data/EVENTMACHINE +1 -64
- data/EXAMPLES +124 -0
- data/README +2 -6
- data/demo/axfr.rb +2 -2
- data/demo/check_soa.rb +1 -1
- data/demo/check_zone.rb +2 -2
- data/demo/digdlv.rb +65 -0
- data/demo/digitar.rb +62 -0
- data/demo/mresolv.rb +1 -1
- data/demo/mx.rb +1 -1
- data/demo/rubydig.rb +8 -1
- data/demo/trace_dns.rb +28 -14
- data/html/created.rid +1 -0
- data/{doc → html}/fr_class_index.html +118 -172
- data/{doc → html}/fr_file_index.html +81 -130
- data/html/fr_method_index.html +371 -0
- data/{doc → html}/index.html +23 -23
- data/lib/Dnsruby/Cache.rb +129 -22
- data/lib/Dnsruby/Config.rb +72 -11
- data/lib/Dnsruby/DNS.rb +3 -0
- data/lib/Dnsruby/PacketSender.rb +565 -0
- data/lib/Dnsruby/Recursor.rb +337 -156
- data/lib/Dnsruby/Resolver.rb +508 -447
- data/lib/Dnsruby/SingleResolver.rb +151 -629
- data/lib/Dnsruby/code_mapper.rb +4 -2
- data/lib/Dnsruby/dnssec.rb +212 -518
- data/lib/Dnsruby/event_machine_interface.rb +266 -265
- data/lib/Dnsruby/iana_ports.rb +5206 -5196
- data/lib/Dnsruby/key_cache.rb +85 -0
- data/lib/Dnsruby/message.rb +207 -72
- data/lib/Dnsruby/name.rb +42 -4
- data/lib/Dnsruby/resource/CERT.rb +1 -1
- data/lib/Dnsruby/resource/DNSKEY.rb +66 -25
- data/lib/Dnsruby/resource/DS.rb +7 -2
- data/lib/Dnsruby/resource/NAPTR.rb +2 -2
- data/lib/Dnsruby/resource/NSEC.rb +31 -2
- data/lib/Dnsruby/resource/NSEC3.rb +86 -8
- data/lib/Dnsruby/resource/OPT.rb +9 -6
- data/lib/Dnsruby/resource/PX.rb +1 -1
- data/lib/Dnsruby/resource/RT.rb +1 -1
- data/lib/Dnsruby/resource/SRV.rb +3 -3
- data/lib/Dnsruby/resource/resource.rb +30 -36
- data/lib/Dnsruby/select_thread.rb +160 -23
- data/lib/Dnsruby/single_verifier.rb +1289 -0
- data/lib/Dnsruby/validator_thread.rb +108 -0
- data/lib/Dnsruby/zone_transfer.rb +5 -2
- data/lib/dnsruby.rb +33 -18
- data/test/tc_cache.rb +88 -0
- data/test/tc_dlv.rb +55 -0
- data/test/tc_dns.rb +3 -1
- data/test/tc_dnskey.rb +21 -5
- data/test/tc_ds.rb +1 -7
- data/test/tc_itar.rb +76 -0
- data/test/tc_name.rb +21 -0
- data/test/tc_nsec.rb +169 -0
- data/test/tc_nsec3.rb +18 -1
- data/test/tc_packet.rb +97 -6
- data/test/tc_queue.rb +7 -5
- data/test/tc_recur.rb +6 -1
- data/test/tc_res_config.rb +1 -3
- data/test/tc_res_opt.rb +1 -5
- data/test/tc_resolver.rb +27 -8
- data/test/tc_rr-opt.rb +1 -0
- data/test/tc_rr.rb +6 -0
- data/test/tc_rrset.rb +60 -0
- data/test/tc_single_resolver.rb +55 -2
- data/test/tc_tsig.rb +29 -13
- data/test/tc_update.rb +6 -0
- data/test/tc_validator.rb +56 -0
- data/test/{tc_dnssec.rb → tc_verifier.rb} +106 -92
- data/test/ts_online.rb +19 -16
- metadata +27 -1053
- data/doc/classes/Cache.html +0 -179
- data/doc/classes/Cache.src/M000212.html +0 -19
- data/doc/classes/Cache.src/M000213.html +0 -18
- data/doc/classes/Cache.src/M000214.html +0 -23
- data/doc/classes/ConfigTable.html +0 -500
- data/doc/classes/ConfigTable.src/M000019.html +0 -25
- data/doc/classes/ConfigTable.src/M000020.html +0 -18
- data/doc/classes/ConfigTable.src/M000021.html +0 -18
- data/doc/classes/ConfigTable.src/M000022.html +0 -18
- data/doc/classes/ConfigTable.src/M000023.html +0 -18
- data/doc/classes/ConfigTable.src/M000024.html +0 -18
- data/doc/classes/ConfigTable.src/M000025.html +0 -18
- data/doc/classes/ConfigTable.src/M000026.html +0 -18
- data/doc/classes/ConfigTable.src/M000027.html +0 -18
- data/doc/classes/ConfigTable.src/M000028.html +0 -19
- data/doc/classes/ConfigTable.src/M000029.html +0 -21
- data/doc/classes/ConfigTable.src/M000030.html +0 -20
- data/doc/classes/ConfigTable.src/M000031.html +0 -18
- data/doc/classes/ConfigTable.src/M000032.html +0 -25
- data/doc/classes/ConfigTable.src/M000033.html +0 -23
- data/doc/classes/ConfigTable.src/M000034.html +0 -20
- data/doc/classes/ConfigTable.src/M000035.html +0 -20
- data/doc/classes/ConfigTable.src/M000036.html +0 -23
- data/doc/classes/ConfigTable.src/M000037.html +0 -19
- data/doc/classes/ConfigTable.src/M000038.html +0 -18
- data/doc/classes/ConfigTable.src/M000039.html +0 -18
- data/doc/classes/ConfigTable/BoolItem.html +0 -154
- data/doc/classes/ConfigTable/BoolItem.src/M000040.html +0 -18
- data/doc/classes/ConfigTable/BoolItem.src/M000041.html +0 -18
- data/doc/classes/ConfigTable/ExecItem.html +0 -201
- data/doc/classes/ConfigTable/ExecItem.src/M000059.html +0 -20
- data/doc/classes/ConfigTable/ExecItem.src/M000060.html +0 -18
- data/doc/classes/ConfigTable/ExecItem.src/M000061.html +0 -18
- data/doc/classes/ConfigTable/ExecItem.src/M000062.html +0 -18
- data/doc/classes/ConfigTable/ExecItem.src/M000063.html +0 -22
- data/doc/classes/ConfigTable/Item.html +0 -250
- data/doc/classes/ConfigTable/Item.src/M000066.html +0 -22
- data/doc/classes/ConfigTable/Item.src/M000067.html +0 -18
- data/doc/classes/ConfigTable/Item.src/M000068.html +0 -18
- data/doc/classes/ConfigTable/Item.src/M000069.html +0 -18
- data/doc/classes/ConfigTable/Item.src/M000070.html +0 -18
- data/doc/classes/ConfigTable/Item.src/M000071.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.html +0 -325
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000046.html +0 -19
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000047.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000048.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000049.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000050.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000051.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000052.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000053.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000054.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000055.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000056.html +0 -18
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000057.html +0 -19
- data/doc/classes/ConfigTable/MetaConfigEnvironment.src/M000058.html +0 -19
- data/doc/classes/ConfigTable/PackageSelectionItem.html +0 -169
- data/doc/classes/ConfigTable/PackageSelectionItem.src/M000044.html +0 -19
- data/doc/classes/ConfigTable/PackageSelectionItem.src/M000045.html +0 -18
- data/doc/classes/ConfigTable/PathItem.html +0 -139
- data/doc/classes/ConfigTable/PathItem.src/M000043.html +0 -18
- data/doc/classes/ConfigTable/ProgramItem.html +0 -139
- data/doc/classes/ConfigTable/ProgramItem.src/M000042.html +0 -18
- data/doc/classes/ConfigTable/SelectItem.html +0 -156
- data/doc/classes/ConfigTable/SelectItem.src/M000064.html +0 -19
- data/doc/classes/ConfigTable/SelectItem.src/M000065.html +0 -18
- data/doc/classes/DnskeyTest.html +0 -180
- data/doc/classes/DnskeyTest.src/M000016.html +0 -26
- data/doc/classes/DnskeyTest.src/M000017.html +0 -24
- data/doc/classes/DnskeyTest.src/M000018.html +0 -33
- data/doc/classes/Dnsruby.html +0 -504
- data/doc/classes/Dnsruby.src/M000351.html +0 -18
- data/doc/classes/Dnsruby/Algorithms.html +0 -173
- data/doc/classes/Dnsruby/Classes.html +0 -197
- data/doc/classes/Dnsruby/Classes.src/M000573.html +0 -23
- data/doc/classes/Dnsruby/Classes.src/M000574.html +0 -19
- data/doc/classes/Dnsruby/CodeMapper.html +0 -375
- data/doc/classes/Dnsruby/CodeMapper.src/M000550.html +0 -18
- data/doc/classes/Dnsruby/CodeMapper.src/M000551.html +0 -33
- data/doc/classes/Dnsruby/CodeMapper.src/M000552.html +0 -21
- data/doc/classes/Dnsruby/CodeMapper.src/M000553.html +0 -19
- data/doc/classes/Dnsruby/CodeMapper.src/M000554.html +0 -19
- data/doc/classes/Dnsruby/CodeMapper.src/M000555.html +0 -18
- data/doc/classes/Dnsruby/CodeMapper.src/M000556.html +0 -22
- data/doc/classes/Dnsruby/CodeMapper.src/M000557.html +0 -22
- data/doc/classes/Dnsruby/CodeMapper.src/M000558.html +0 -22
- data/doc/classes/Dnsruby/CodeMapper.src/M000559.html +0 -31
- data/doc/classes/Dnsruby/CodeMapper.src/M000560.html +0 -19
- data/doc/classes/Dnsruby/Config.html +0 -413
- data/doc/classes/Dnsruby/Config.src/M000505.html +0 -18
- data/doc/classes/Dnsruby/Config.src/M000506.html +0 -19
- data/doc/classes/Dnsruby/Config.src/M000507.html +0 -19
- data/doc/classes/Dnsruby/Config.src/M000508.html +0 -25
- data/doc/classes/Dnsruby/Config.src/M000509.html +0 -21
- data/doc/classes/Dnsruby/Config.src/M000510.html +0 -38
- data/doc/classes/Dnsruby/Config.src/M000511.html +0 -26
- data/doc/classes/Dnsruby/Config.src/M000512.html +0 -22
- data/doc/classes/Dnsruby/Config.src/M000513.html +0 -27
- data/doc/classes/Dnsruby/Config.src/M000514.html +0 -22
- data/doc/classes/Dnsruby/Config.src/M000515.html +0 -21
- data/doc/classes/Dnsruby/DNS.html +0 -571
- data/doc/classes/Dnsruby/DNS.src/M000645.html +0 -24
- data/doc/classes/Dnsruby/DNS.src/M000646.html +0 -18
- data/doc/classes/Dnsruby/DNS.src/M000647.html +0 -18
- data/doc/classes/Dnsruby/DNS.src/M000648.html +0 -20
- data/doc/classes/Dnsruby/DNS.src/M000649.html +0 -19
- data/doc/classes/Dnsruby/DNS.src/M000650.html +0 -20
- data/doc/classes/Dnsruby/DNS.src/M000651.html +0 -18
- data/doc/classes/Dnsruby/DNS.src/M000652.html +0 -19
- data/doc/classes/Dnsruby/DNS.src/M000653.html +0 -20
- data/doc/classes/Dnsruby/DNS.src/M000654.html +0 -30
- data/doc/classes/Dnsruby/DNS.src/M000655.html +0 -19
- data/doc/classes/Dnsruby/DNS.src/M000656.html +0 -20
- data/doc/classes/Dnsruby/DNS.src/M000657.html +0 -31
- data/doc/classes/Dnsruby/DecodeError.html +0 -120
- data/doc/classes/Dnsruby/Dnssec.html +0 -536
- data/doc/classes/Dnsruby/Dnssec.src/M000615.html +0 -21
- data/doc/classes/Dnsruby/Dnssec.src/M000616.html +0 -18
- data/doc/classes/Dnsruby/Dnssec.src/M000617.html +0 -18
- data/doc/classes/Dnsruby/Dnssec.src/M000618.html +0 -19
- data/doc/classes/Dnsruby/Dnssec.src/M000619.html +0 -18
- data/doc/classes/Dnsruby/Dnssec.src/M000620.html +0 -18
- data/doc/classes/Dnsruby/Dnssec.src/M000621.html +0 -18
- data/doc/classes/Dnsruby/Dnssec.src/M000622.html +0 -18
- data/doc/classes/Dnsruby/Dnssec.src/M000623.html +0 -19
- data/doc/classes/Dnsruby/Dnssec.src/M000624.html +0 -18
- data/doc/classes/Dnsruby/Dnssec.src/M000625.html +0 -20
- data/doc/classes/Dnsruby/Dnssec.src/M000626.html +0 -46
- data/doc/classes/Dnsruby/Dnssec.src/M000627.html +0 -23
- data/doc/classes/Dnsruby/Dnssec.src/M000628.html +0 -22
- data/doc/classes/Dnsruby/Dnssec.src/M000629.html +0 -19
- data/doc/classes/Dnsruby/Dnssec.src/M000630.html +0 -116
- data/doc/classes/Dnsruby/Dnssec.src/M000631.html +0 -33
- data/doc/classes/Dnsruby/Dnssec.src/M000632.html +0 -28
- data/doc/classes/Dnsruby/Dnssec.src/M000633.html +0 -92
- data/doc/classes/Dnsruby/Dnssec/ValidationPolicy.html +0 -167
- data/doc/classes/Dnsruby/EncodeError.html +0 -120
- data/doc/classes/Dnsruby/FormErr.html +0 -119
- data/doc/classes/Dnsruby/Header.html +0 -531
- data/doc/classes/Dnsruby/Header.src/M000595.html +0 -18
- data/doc/classes/Dnsruby/Header.src/M000596.html +0 -35
- data/doc/classes/Dnsruby/Header.src/M000597.html +0 -18
- data/doc/classes/Dnsruby/Header.src/M000598.html +0 -18
- data/doc/classes/Dnsruby/Header.src/M000599.html +0 -21
- data/doc/classes/Dnsruby/Header.src/M000600.html +0 -20
- data/doc/classes/Dnsruby/Header.src/M000601.html +0 -32
- data/doc/classes/Dnsruby/Header.src/M000602.html +0 -27
- data/doc/classes/Dnsruby/Header.src/M000603.html +0 -26
- data/doc/classes/Dnsruby/Header.src/M000604.html +0 -18
- data/doc/classes/Dnsruby/Header.src/M000605.html +0 -47
- data/doc/classes/Dnsruby/Header.src/M000606.html +0 -28
- data/doc/classes/Dnsruby/Header.src/M000607.html +0 -30
- data/doc/classes/Dnsruby/Hosts.html +0 -316
- data/doc/classes/Dnsruby/Hosts.src/M000561.html +0 -20
- data/doc/classes/Dnsruby/Hosts.src/M000562.html +0 -19
- data/doc/classes/Dnsruby/Hosts.src/M000563.html +0 -20
- data/doc/classes/Dnsruby/Hosts.src/M000564.html +0 -21
- data/doc/classes/Dnsruby/Hosts.src/M000565.html +0 -19
- data/doc/classes/Dnsruby/Hosts.src/M000566.html +0 -20
- data/doc/classes/Dnsruby/Hosts.src/M000567.html +0 -21
- data/doc/classes/Dnsruby/IPv4.html +0 -233
- data/doc/classes/Dnsruby/IPv4.src/M000568.html +0 -32
- data/doc/classes/Dnsruby/IPv4.src/M000569.html +0 -19
- data/doc/classes/Dnsruby/IPv4.src/M000570.html +0 -18
- data/doc/classes/Dnsruby/IPv4.src/M000571.html +0 -18
- data/doc/classes/Dnsruby/IPv4.src/M000572.html +0 -18
- data/doc/classes/Dnsruby/IPv6.html +0 -281
- data/doc/classes/Dnsruby/IPv6.src/M000608.html +0 -60
- data/doc/classes/Dnsruby/IPv6.src/M000609.html +0 -22
- data/doc/classes/Dnsruby/IPv6.src/M000610.html +0 -20
- data/doc/classes/Dnsruby/IPv6.src/M000611.html +0 -18
- data/doc/classes/Dnsruby/Message.html +0 -861
- data/doc/classes/Dnsruby/Message.src/M000473.html +0 -39
- data/doc/classes/Dnsruby/Message.src/M000474.html +0 -26
- data/doc/classes/Dnsruby/Message.src/M000475.html +0 -23
- data/doc/classes/Dnsruby/Message.src/M000476.html +0 -22
- data/doc/classes/Dnsruby/Message.src/M000477.html +0 -22
- data/doc/classes/Dnsruby/Message.src/M000478.html +0 -20
- data/doc/classes/Dnsruby/Message.src/M000479.html +0 -20
- data/doc/classes/Dnsruby/Message.src/M000480.html +0 -20
- data/doc/classes/Dnsruby/Message.src/M000481.html +0 -20
- data/doc/classes/Dnsruby/Message.src/M000482.html +0 -18
- data/doc/classes/Dnsruby/Message.src/M000483.html +0 -20
- data/doc/classes/Dnsruby/Message.src/M000484.html +0 -23
- data/doc/classes/Dnsruby/Message.src/M000485.html +0 -30
- data/doc/classes/Dnsruby/Message.src/M000486.html +0 -20
- data/doc/classes/Dnsruby/Message.src/M000487.html +0 -18
- data/doc/classes/Dnsruby/Message.src/M000488.html +0 -23
- data/doc/classes/Dnsruby/Message.src/M000489.html +0 -24
- data/doc/classes/Dnsruby/Message.src/M000490.html +0 -73
- data/doc/classes/Dnsruby/Message.src/M000491.html +0 -35
- data/doc/classes/Dnsruby/Message.src/M000492.html +0 -46
- data/doc/classes/Dnsruby/Message/Section.html +0 -160
- data/doc/classes/Dnsruby/Message/Section.src/M000498.html +0 -29
- data/doc/classes/Dnsruby/Message/Section.src/M000499.html +0 -30
- data/doc/classes/Dnsruby/MetaTypes.html +0 -136
- data/doc/classes/Dnsruby/Modes.html +0 -171
- data/doc/classes/Dnsruby/NXDomain.html +0 -119
- data/doc/classes/Dnsruby/Name.html +0 -330
- data/doc/classes/Dnsruby/Name.src/M000458.html +0 -35
- data/doc/classes/Dnsruby/Name.src/M000459.html +0 -20
- data/doc/classes/Dnsruby/Name.src/M000460.html +0 -18
- data/doc/classes/Dnsruby/Name.src/M000461.html +0 -21
- data/doc/classes/Dnsruby/Name.src/M000462.html +0 -22
- data/doc/classes/Dnsruby/Name.src/M000463.html +0 -18
- data/doc/classes/Dnsruby/Name/Label.html +0 -300
- data/doc/classes/Dnsruby/Name/Label.src/M000464.html +0 -21
- data/doc/classes/Dnsruby/Name/Label.src/M000465.html +0 -18
- data/doc/classes/Dnsruby/Name/Label.src/M000466.html +0 -22
- data/doc/classes/Dnsruby/Name/Label.src/M000467.html +0 -18
- data/doc/classes/Dnsruby/Name/Label.src/M000468.html +0 -18
- data/doc/classes/Dnsruby/Name/Label.src/M000469.html +0 -18
- data/doc/classes/Dnsruby/Name/Label.src/M000470.html +0 -18
- data/doc/classes/Dnsruby/Name/Label.src/M000471.html +0 -18
- data/doc/classes/Dnsruby/Name/Label.src/M000472.html +0 -18
- data/doc/classes/Dnsruby/NotImp.html +0 -119
- data/doc/classes/Dnsruby/OpCode.html +0 -146
- data/doc/classes/Dnsruby/OtherResolvError.html +0 -119
- data/doc/classes/Dnsruby/QTypes.html +0 -146
- data/doc/classes/Dnsruby/Question.html +0 -306
- data/doc/classes/Dnsruby/Question.src/M000590.html +0 -47
- data/doc/classes/Dnsruby/Question.src/M000591.html +0 -18
- data/doc/classes/Dnsruby/Question.src/M000592.html +0 -18
- data/doc/classes/Dnsruby/Question.src/M000593.html +0 -32
- data/doc/classes/Dnsruby/Question.src/M000594.html +0 -18
- data/doc/classes/Dnsruby/RCode.html +0 -211
- data/doc/classes/Dnsruby/RR.html +0 -653
- data/doc/classes/Dnsruby/RR.src/M000352.html +0 -18
- data/doc/classes/Dnsruby/RR.src/M000353.html +0 -22
- data/doc/classes/Dnsruby/RR.src/M000354.html +0 -18
- data/doc/classes/Dnsruby/RR.src/M000355.html +0 -26
- data/doc/classes/Dnsruby/RR.src/M000356.html +0 -26
- data/doc/classes/Dnsruby/RR.src/M000357.html +0 -18
- data/doc/classes/Dnsruby/RR.src/M000358.html +0 -36
- data/doc/classes/Dnsruby/RR.src/M000359.html +0 -100
- data/doc/classes/Dnsruby/RR.src/M000360.html +0 -18
- data/doc/classes/Dnsruby/RR.src/M000361.html +0 -18
- data/doc/classes/Dnsruby/RR.src/M000362.html +0 -22
- data/doc/classes/Dnsruby/RR.src/M000363.html +0 -33
- data/doc/classes/Dnsruby/RR.src/M000364.html +0 -24
- data/doc/classes/Dnsruby/RR/ANY.html +0 -133
- data/doc/classes/Dnsruby/RR/CERT.html +0 -180
- data/doc/classes/Dnsruby/RR/CERT/CertificateTypes.html +0 -169
- data/doc/classes/Dnsruby/RR/CNAME.html +0 -151
- data/doc/classes/Dnsruby/RR/DLV.html +0 -134
- data/doc/classes/Dnsruby/RR/DNAME.html +0 -150
- data/doc/classes/Dnsruby/RR/DNSKEY.html +0 -422
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000397.html +0 -20
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000398.html +0 -21
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000399.html +0 -28
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000400.html +0 -22
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000401.html +0 -18
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000402.html +0 -22
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000403.html +0 -18
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000404.html +0 -26
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000405.html +0 -38
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000406.html +0 -58
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000407.html +0 -21
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000408.html +0 -24
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000409.html +0 -39
- data/doc/classes/Dnsruby/RR/DNSKEY.src/M000410.html +0 -24
- data/doc/classes/Dnsruby/RR/DS.html +0 -329
- data/doc/classes/Dnsruby/RR/DS.src/M000390.html +0 -19
- data/doc/classes/Dnsruby/RR/DS.src/M000391.html +0 -28
- data/doc/classes/Dnsruby/RR/DS.src/M000392.html +0 -28
- data/doc/classes/Dnsruby/RR/DS.src/M000393.html +0 -38
- data/doc/classes/Dnsruby/RR/DS.src/M000394.html +0 -29
- data/doc/classes/Dnsruby/RR/DS.src/M000395.html +0 -53
- data/doc/classes/Dnsruby/RR/DS.src/M000396.html +0 -40
- data/doc/classes/Dnsruby/RR/DS/DigestTypes.html +0 -111
- data/doc/classes/Dnsruby/RR/DomainName.html +0 -175
- data/doc/classes/Dnsruby/RR/DomainName.src/M000436.html +0 -18
- data/doc/classes/Dnsruby/RR/Generic.html +0 -133
- data/doc/classes/Dnsruby/RR/HINFO.html +0 -155
- data/doc/classes/Dnsruby/RR/IN.html +0 -155
- data/doc/classes/Dnsruby/RR/IN/A.html +0 -200
- data/doc/classes/Dnsruby/RR/IN/A.src/M000368.html +0 -18
- data/doc/classes/Dnsruby/RR/IN/A.src/M000369.html +0 -18
- data/doc/classes/Dnsruby/RR/IN/A.src/M000370.html +0 -18
- data/doc/classes/Dnsruby/RR/IN/AAAA.html +0 -139
- data/doc/classes/Dnsruby/RR/IN/AFSDB.html +0 -145
- data/doc/classes/Dnsruby/RR/IN/PX.html +0 -143
- data/doc/classes/Dnsruby/RR/IN/SRV.html +0 -238
- data/doc/classes/Dnsruby/RR/IN/SRV.src/M000365.html +0 -29
- data/doc/classes/Dnsruby/RR/IN/SRV.src/M000366.html +0 -26
- data/doc/classes/Dnsruby/RR/IN/SRV.src/M000367.html +0 -22
- data/doc/classes/Dnsruby/RR/IN/WKS.html +0 -166
- data/doc/classes/Dnsruby/RR/IN/WKS.src/M000371.html +0 -20
- data/doc/classes/Dnsruby/RR/ISDN.html +0 -155
- data/doc/classes/Dnsruby/RR/LOC.html +0 -395
- data/doc/classes/Dnsruby/RR/LOC.src/M000376.html +0 -32
- data/doc/classes/Dnsruby/RR/LOC.src/M000377.html +0 -23
- data/doc/classes/Dnsruby/RR/LOC.src/M000378.html +0 -25
- data/doc/classes/Dnsruby/RR/LOC.src/M000379.html +0 -21
- data/doc/classes/Dnsruby/RR/LOC.src/M000380.html +0 -20
- data/doc/classes/Dnsruby/RR/LOC.src/M000381.html +0 -23
- data/doc/classes/Dnsruby/RR/MB.html +0 -150
- data/doc/classes/Dnsruby/RR/MG.html +0 -150
- data/doc/classes/Dnsruby/RR/MINFO.html +0 -156
- data/doc/classes/Dnsruby/RR/MR.html +0 -150
- data/doc/classes/Dnsruby/RR/MX.html +0 -155
- data/doc/classes/Dnsruby/RR/NAPTR.html +0 -190
- data/doc/classes/Dnsruby/RR/NS.html +0 -151
- data/doc/classes/Dnsruby/RR/NSAP.html +0 -293
- data/doc/classes/Dnsruby/RR/NSAP.src/M000446.html +0 -19
- data/doc/classes/Dnsruby/RR/NSAP.src/M000447.html +0 -19
- data/doc/classes/Dnsruby/RR/NSAP.src/M000448.html +0 -22
- data/doc/classes/Dnsruby/RR/NSAP.src/M000449.html +0 -31
- data/doc/classes/Dnsruby/RR/NSEC.html +0 -301
- data/doc/classes/Dnsruby/RR/NSEC.src/M000382.html +0 -19
- data/doc/classes/Dnsruby/RR/NSEC.src/M000383.html +0 -18
- data/doc/classes/Dnsruby/RR/NSEC.src/M000384.html +0 -34
- data/doc/classes/Dnsruby/RR/NSEC.src/M000385.html +0 -18
- data/doc/classes/Dnsruby/RR/NSEC.src/M000386.html +0 -75
- data/doc/classes/Dnsruby/RR/NSEC.src/M000387.html +0 -18
- data/doc/classes/Dnsruby/RR/NSEC.src/M000388.html +0 -92
- data/doc/classes/Dnsruby/RR/NSEC.src/M000389.html +0 -23
- data/doc/classes/Dnsruby/RR/NSEC3.html +0 -366
- data/doc/classes/Dnsruby/RR/NSEC3.src/M000438.html +0 -28
- data/doc/classes/Dnsruby/RR/NSEC3.src/M000439.html +0 -18
- data/doc/classes/Dnsruby/RR/NSEC3.src/M000440.html +0 -18
- data/doc/classes/Dnsruby/RR/NSEC3.src/M000441.html +0 -22
- data/doc/classes/Dnsruby/RR/NSEC3.src/M000442.html +0 -18
- data/doc/classes/Dnsruby/RR/NSEC3.src/M000443.html +0 -21
- data/doc/classes/Dnsruby/RR/NSEC3.src/M000444.html +0 -21
- data/doc/classes/Dnsruby/RR/NSEC3.src/M000445.html +0 -29
- data/doc/classes/Dnsruby/RR/NSEC3PARAM.html +0 -279
- data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000430.html +0 -28
- data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000431.html +0 -18
- data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000432.html +0 -22
- data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000433.html +0 -21
- data/doc/classes/Dnsruby/RR/NSEC3PARAM.src/M000434.html +0 -25
- data/doc/classes/Dnsruby/RR/PTR.html +0 -132
- data/doc/classes/Dnsruby/RR/RP.html +0 -183
- data/doc/classes/Dnsruby/RR/RP.src/M000435.html +0 -19
- data/doc/classes/Dnsruby/RR/RRSIG.html +0 -372
- data/doc/classes/Dnsruby/RR/RRSIG.src/M000450.html +0 -26
- data/doc/classes/Dnsruby/RR/RRSIG.src/M000451.html +0 -28
- data/doc/classes/Dnsruby/RR/RRSIG.src/M000452.html +0 -23
- data/doc/classes/Dnsruby/RR/RRSIG.src/M000453.html +0 -23
- data/doc/classes/Dnsruby/RR/RRSIG.src/M000454.html +0 -46
- data/doc/classes/Dnsruby/RR/RRSIG.src/M000455.html +0 -50
- data/doc/classes/Dnsruby/RR/RRSIG.src/M000456.html +0 -18
- data/doc/classes/Dnsruby/RR/RRSIG.src/M000457.html +0 -27
- data/doc/classes/Dnsruby/RR/RT.html +0 -155
- data/doc/classes/Dnsruby/RR/SOA.html +0 -233
- data/doc/classes/Dnsruby/RR/SOA.src/M000419.html +0 -24
- data/doc/classes/Dnsruby/RR/SOA.src/M000420.html +0 -27
- data/doc/classes/Dnsruby/RR/SPF.html +0 -138
- data/doc/classes/Dnsruby/RR/TKEY.html +0 -313
- data/doc/classes/Dnsruby/RR/TKEY.src/M000372.html +0 -19
- data/doc/classes/Dnsruby/RR/TKEY.src/M000373.html +0 -29
- data/doc/classes/Dnsruby/RR/TKEY.src/M000374.html +0 -21
- data/doc/classes/Dnsruby/RR/TKEY.src/M000375.html +0 -29
- data/doc/classes/Dnsruby/RR/TSIG.html +0 -524
- data/doc/classes/Dnsruby/RR/TSIG.src/M000421.html +0 -24
- data/doc/classes/Dnsruby/RR/TSIG.src/M000422.html +0 -32
- data/doc/classes/Dnsruby/RR/TSIG.src/M000423.html +0 -54
- data/doc/classes/Dnsruby/RR/TSIG.src/M000424.html +0 -121
- data/doc/classes/Dnsruby/RR/TSIG.src/M000425.html +0 -33
- data/doc/classes/Dnsruby/RR/TSIG.src/M000426.html +0 -25
- data/doc/classes/Dnsruby/RR/TSIG.src/M000427.html +0 -36
- data/doc/classes/Dnsruby/RR/TSIG.src/M000428.html +0 -22
- data/doc/classes/Dnsruby/RR/TSIG.src/M000429.html +0 -29
- data/doc/classes/Dnsruby/RR/TXT.html +0 -233
- data/doc/classes/Dnsruby/RR/TXT.src/M000414.html +0 -18
- data/doc/classes/Dnsruby/RR/TXT.src/M000415.html +0 -18
- data/doc/classes/Dnsruby/RR/TXT.src/M000416.html +0 -20
- data/doc/classes/Dnsruby/RR/TXT.src/M000417.html +0 -27
- data/doc/classes/Dnsruby/RR/TXT.src/M000418.html +0 -25
- data/doc/classes/Dnsruby/RR/X25.html +0 -203
- data/doc/classes/Dnsruby/RR/X25.src/M000411.html +0 -18
- data/doc/classes/Dnsruby/RR/X25.src/M000412.html +0 -18
- data/doc/classes/Dnsruby/RR/X25.src/M000413.html +0 -22
- data/doc/classes/Dnsruby/RRSet.html +0 -400
- data/doc/classes/Dnsruby/RRSet.src/M000575.html +0 -23
- data/doc/classes/Dnsruby/RRSet.src/M000576.html +0 -18
- data/doc/classes/Dnsruby/RRSet.src/M000577.html +0 -18
- data/doc/classes/Dnsruby/RRSet.src/M000578.html +0 -47
- data/doc/classes/Dnsruby/RRSet.src/M000579.html +0 -32
- data/doc/classes/Dnsruby/RRSet.src/M000580.html +0 -18
- data/doc/classes/Dnsruby/RRSet.src/M000581.html +0 -20
- data/doc/classes/Dnsruby/RRSet.src/M000582.html +0 -18
- data/doc/classes/Dnsruby/RRSet.src/M000583.html +0 -18
- data/doc/classes/Dnsruby/RRSet.src/M000584.html +0 -18
- data/doc/classes/Dnsruby/RRSet.src/M000585.html +0 -18
- data/doc/classes/Dnsruby/RRSet.src/M000586.html +0 -22
- data/doc/classes/Dnsruby/RRSet.src/M000587.html +0 -18
- data/doc/classes/Dnsruby/RRSet.src/M000588.html +0 -22
- data/doc/classes/Dnsruby/RRSet.src/M000589.html +0 -18
- data/doc/classes/Dnsruby/Recursor.html +0 -744
- data/doc/classes/Dnsruby/Recursor.src/M000639.html +0 -19
- data/doc/classes/Dnsruby/Recursor.src/M000640.html +0 -97
- data/doc/classes/Dnsruby/Recursor.src/M000641.html +0 -20
- data/doc/classes/Dnsruby/Recursor.src/M000642.html +0 -18
- data/doc/classes/Dnsruby/Recursor.src/M000643.html +0 -31
- data/doc/classes/Dnsruby/Recursor.src/M000644.html +0 -231
- data/doc/classes/Dnsruby/Refused.html +0 -119
- data/doc/classes/Dnsruby/Resolv.html +0 -401
- data/doc/classes/Dnsruby/Resolv.src/M000516.html +0 -18
- data/doc/classes/Dnsruby/Resolv.src/M000517.html +0 -18
- data/doc/classes/Dnsruby/Resolv.src/M000518.html +0 -18
- data/doc/classes/Dnsruby/Resolv.src/M000519.html +0 -18
- data/doc/classes/Dnsruby/Resolv.src/M000520.html +0 -18
- data/doc/classes/Dnsruby/Resolv.src/M000521.html +0 -18
- data/doc/classes/Dnsruby/Resolv.src/M000522.html +0 -18
- data/doc/classes/Dnsruby/Resolv.src/M000523.html +0 -19
- data/doc/classes/Dnsruby/Resolv.src/M000524.html +0 -20
- data/doc/classes/Dnsruby/Resolv.src/M000525.html +0 -29
- data/doc/classes/Dnsruby/Resolv.src/M000526.html +0 -19
- data/doc/classes/Dnsruby/Resolv.src/M000527.html +0 -20
- data/doc/classes/Dnsruby/Resolv.src/M000528.html +0 -25
- data/doc/classes/Dnsruby/ResolvError.html +0 -117
- data/doc/classes/Dnsruby/ResolvTimeout.html +0 -117
- data/doc/classes/Dnsruby/Resolver.html +0 -1114
- data/doc/classes/Dnsruby/Resolver.src/M000658.html +0 -24
- data/doc/classes/Dnsruby/Resolver.src/M000659.html +0 -27
- data/doc/classes/Dnsruby/Resolver.src/M000660.html +0 -28
- data/doc/classes/Dnsruby/Resolver.src/M000661.html +0 -18
- data/doc/classes/Dnsruby/Resolver.src/M000662.html +0 -51
- data/doc/classes/Dnsruby/Resolver.src/M000663.html +0 -25
- data/doc/classes/Dnsruby/Resolver.src/M000664.html +0 -22
- data/doc/classes/Dnsruby/Resolver.src/M000665.html +0 -18
- data/doc/classes/Dnsruby/Resolver.src/M000666.html +0 -20
- data/doc/classes/Dnsruby/Resolver.src/M000667.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000668.html +0 -21
- data/doc/classes/Dnsruby/Resolver.src/M000669.html +0 -21
- data/doc/classes/Dnsruby/Resolver.src/M000670.html +0 -27
- data/doc/classes/Dnsruby/Resolver.src/M000671.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000672.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000673.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000674.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000675.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000676.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000677.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000678.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000679.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000680.html +0 -19
- data/doc/classes/Dnsruby/Resolver.src/M000681.html +0 -26
- data/doc/classes/Dnsruby/Resolver.src/M000682.html +0 -18
- data/doc/classes/Dnsruby/Resolver.src/M000683.html +0 -23
- data/doc/classes/Dnsruby/Resolver.src/M000684.html +0 -18
- data/doc/classes/Dnsruby/ServFail.html +0 -119
- data/doc/classes/Dnsruby/SingleResolver.html +0 -801
- data/doc/classes/Dnsruby/SingleResolver.src/M000529.html +0 -18
- data/doc/classes/Dnsruby/SingleResolver.src/M000530.html +0 -24
- data/doc/classes/Dnsruby/SingleResolver.src/M000531.html +0 -36
- data/doc/classes/Dnsruby/SingleResolver.src/M000532.html +0 -18
- data/doc/classes/Dnsruby/SingleResolver.src/M000533.html +0 -19
- data/doc/classes/Dnsruby/SingleResolver.src/M000534.html +0 -58
- data/doc/classes/Dnsruby/SingleResolver.src/M000535.html +0 -19
- data/doc/classes/Dnsruby/SingleResolver.src/M000536.html +0 -19
- data/doc/classes/Dnsruby/SingleResolver.src/M000537.html +0 -25
- data/doc/classes/Dnsruby/SingleResolver.src/M000538.html +0 -57
- data/doc/classes/Dnsruby/SingleResolver.src/M000539.html +0 -21
- data/doc/classes/Dnsruby/SingleResolver.src/M000540.html +0 -19
- data/doc/classes/Dnsruby/SingleResolver.src/M000541.html +0 -26
- data/doc/classes/Dnsruby/SingleResolver.src/M000542.html +0 -26
- data/doc/classes/Dnsruby/SingleResolver.src/M000543.html +0 -36
- data/doc/classes/Dnsruby/SingleResolver.src/M000544.html +0 -21
- data/doc/classes/Dnsruby/SingleResolver.src/M000545.html +0 -31
- data/doc/classes/Dnsruby/SingleResolver.src/M000546.html +0 -47
- data/doc/classes/Dnsruby/SingleResolver.src/M000547.html +0 -35
- data/doc/classes/Dnsruby/SingleResolver.src/M000548.html +0 -24
- data/doc/classes/Dnsruby/SingleResolver.src/M000549.html +0 -21
- data/doc/classes/Dnsruby/TheLog.html +0 -188
- data/doc/classes/Dnsruby/TheLog.src/M000612.html +0 -18
- data/doc/classes/Dnsruby/TheLog.src/M000613.html +0 -18
- data/doc/classes/Dnsruby/TheLog.src/M000614.html +0 -18
- data/doc/classes/Dnsruby/Types.html +0 -441
- data/doc/classes/Dnsruby/Update.html +0 -368
- data/doc/classes/Dnsruby/Update.src/M000634.html +0 -32
- data/doc/classes/Dnsruby/Update.src/M000635.html +0 -36
- data/doc/classes/Dnsruby/Update.src/M000636.html +0 -32
- data/doc/classes/Dnsruby/Update.src/M000637.html +0 -41
- data/doc/classes/Dnsruby/Update.src/M000638.html +0 -34
- data/doc/classes/Dnsruby/VerifyError.html +0 -119
- data/doc/classes/Dnsruby/ZoneTransfer.html +0 -300
- data/doc/classes/Dnsruby/ZoneTransfer.src/M000500.html +0 -18
- data/doc/classes/Dnsruby/ZoneTransfer.src/M000501.html +0 -24
- data/doc/classes/Dnsruby/ZoneTransfer.src/M000502.html +0 -35
- data/doc/classes/Dnsruby/ZoneTransfer/Delta.html +0 -200
- data/doc/classes/Dnsruby/ZoneTransfer/Delta.src/M000503.html +0 -19
- data/doc/classes/Dnsruby/ZoneTransfer/Delta.src/M000504.html +0 -19
- data/doc/classes/DnssecTest.html +0 -242
- data/doc/classes/DnssecTest.src/M000235.html +0 -58
- data/doc/classes/DnssecTest.src/M000236.html +0 -28
- data/doc/classes/DnssecTest.src/M000237.html +0 -28
- data/doc/classes/DnssecTest.src/M000238.html +0 -28
- data/doc/classes/DnssecTest.src/M000239.html +0 -33
- data/doc/classes/DnssecTest.src/M000240.html +0 -24
- data/doc/classes/DnssecTest.src/M000241.html +0 -47
- data/doc/classes/DnssecTest.src/M000242.html +0 -30
- data/doc/classes/DsTest.html +0 -252
- data/doc/classes/DsTest.src/M000190.html +0 -25
- data/doc/classes/DsTest.src/M000191.html +0 -24
- data/doc/classes/DsTest.src/M000192.html +0 -26
- data/doc/classes/DsTest.src/M000193.html +0 -23
- data/doc/classes/DsTest.src/M000194.html +0 -31
- data/doc/classes/DsTest.src/M000195.html +0 -25
- data/doc/classes/Enumerable.html +0 -118
- data/doc/classes/Errno.html +0 -111
- data/doc/classes/Errno/ENOTEMPTY.html +0 -111
- data/doc/classes/EventMachineTestDeferrable.html +0 -212
- data/doc/classes/EventMachineTestDeferrable.src/M000100.html +0 -20
- data/doc/classes/EventMachineTestDeferrable.src/M000101.html +0 -19
- data/doc/classes/EventMachineTestDeferrable.src/M000102.html +0 -28
- data/doc/classes/EventMachineTestDeferrable.src/M000103.html +0 -29
- data/doc/classes/EventMachineTestDeferrable.src/M000104.html +0 -33
- data/doc/classes/EventMachineTestDeferrable.src/M000105.html +0 -32
- data/doc/classes/EventMachineTestResolver.html +0 -324
- data/doc/classes/EventMachineTestResolver.src/M000177.html +0 -21
- data/doc/classes/EventMachineTestResolver.src/M000178.html +0 -19
- data/doc/classes/EventMachineTestResolver.src/M000179.html +0 -20
- data/doc/classes/EventMachineTestResolver.src/M000180.html +0 -20
- data/doc/classes/EventMachineTestResolver.src/M000181.html +0 -24
- data/doc/classes/EventMachineTestResolver.src/M000182.html +0 -25
- data/doc/classes/EventMachineTestResolver.src/M000183.html +0 -31
- data/doc/classes/EventMachineTestResolver.src/M000184.html +0 -24
- data/doc/classes/EventMachineTestResolver.src/M000185.html +0 -39
- data/doc/classes/EventMachineTestResolver.src/M000186.html +0 -36
- data/doc/classes/EventMachineTestResolver.src/M000187.html +0 -32
- data/doc/classes/EventMachineTestResolver.src/M000188.html +0 -30
- data/doc/classes/EventMachineTestResolver.src/M000189.html +0 -22
- data/doc/classes/EventMachineTestSingleResolver.html +0 -227
- data/doc/classes/EventMachineTestSingleResolver.src/M000092.html +0 -21
- data/doc/classes/EventMachineTestSingleResolver.src/M000093.html +0 -19
- data/doc/classes/EventMachineTestSingleResolver.src/M000094.html +0 -31
- data/doc/classes/EventMachineTestSingleResolver.src/M000095.html +0 -33
- data/doc/classes/EventMachineTestSingleResolver.src/M000096.html +0 -33
- data/doc/classes/EventMachineTestSingleResolver.src/M000097.html +0 -32
- data/doc/classes/EventMachineTestSingleResolver.src/M000098.html +0 -23
- data/doc/classes/File.html +0 -166
- data/doc/classes/File.src/M000336.html +0 -20
- data/doc/classes/File.src/M000337.html +0 -20
- data/doc/classes/File.src/M000338.html +0 -18
- data/doc/classes/FileOperations.html +0 -375
- data/doc/classes/FileOperations.src/M000685.html +0 -31
- data/doc/classes/FileOperations.src/M000686.html +0 -20
- data/doc/classes/FileOperations.src/M000687.html +0 -20
- data/doc/classes/FileOperations.src/M000688.html +0 -24
- data/doc/classes/FileOperations.src/M000689.html +0 -34
- data/doc/classes/FileOperations.src/M000690.html +0 -27
- data/doc/classes/FileOperations.src/M000691.html +0 -21
- data/doc/classes/FileOperations.src/M000692.html +0 -19
- data/doc/classes/FileOperations.src/M000693.html +0 -40
- data/doc/classes/FileOperations.src/M000694.html +0 -19
- data/doc/classes/FileOperations.src/M000695.html +0 -20
- data/doc/classes/FileOperations.src/M000696.html +0 -18
- data/doc/classes/FileOperations.src/M000697.html +0 -18
- data/doc/classes/FileOperations.src/M000698.html +0 -18
- data/doc/classes/FileOperations.src/M000699.html +0 -20
- data/doc/classes/FileOperations.src/M000700.html +0 -20
- data/doc/classes/HookScriptAPI.html +0 -308
- data/doc/classes/HookScriptAPI.src/M000339.html +0 -18
- data/doc/classes/HookScriptAPI.src/M000341.html +0 -18
- data/doc/classes/HookScriptAPI.src/M000342.html +0 -18
- data/doc/classes/HookScriptAPI.src/M000343.html +0 -18
- data/doc/classes/HookScriptAPI.src/M000344.html +0 -18
- data/doc/classes/HookScriptAPI.src/M000345.html +0 -18
- data/doc/classes/HookScriptAPI.src/M000346.html +0 -18
- data/doc/classes/HookScriptAPI.src/M000347.html +0 -18
- data/doc/classes/HookScriptAPI.src/M000348.html +0 -20
- data/doc/classes/HookScriptAPI.src/M000349.html +0 -20
- data/doc/classes/HookScriptAPI.src/M000350.html +0 -20
- data/doc/classes/Installer.html +0 -1148
- data/doc/classes/Installer.src/M000243.html +0 -21
- data/doc/classes/Installer.src/M000244.html +0 -18
- data/doc/classes/Installer.src/M000245.html +0 -17
- data/doc/classes/Installer.src/M000246.html +0 -18
- data/doc/classes/Installer.src/M000247.html +0 -18
- data/doc/classes/Installer.src/M000248.html +0 -18
- data/doc/classes/Installer.src/M000249.html +0 -18
- data/doc/classes/Installer.src/M000250.html +0 -18
- data/doc/classes/Installer.src/M000251.html +0 -23
- data/doc/classes/Installer.src/M000252.html +0 -18
- data/doc/classes/Installer.src/M000255.html +0 -18
- data/doc/classes/Installer.src/M000259.html +0 -18
- data/doc/classes/Installer.src/M000260.html +0 -18
- data/doc/classes/Installer.src/M000261.html +0 -20
- data/doc/classes/Installer.src/M000263.html +0 -18
- data/doc/classes/Installer.src/M000267.html +0 -36
- data/doc/classes/Installer.src/M000268.html +0 -25
- data/doc/classes/Installer.src/M000269.html +0 -24
- data/doc/classes/Installer.src/M000270.html +0 -19
- data/doc/classes/Installer.src/M000271.html +0 -18
- data/doc/classes/Installer.src/M000272.html +0 -18
- data/doc/classes/Installer.src/M000273.html +0 -21
- data/doc/classes/Installer.src/M000274.html +0 -18
- data/doc/classes/Installer.src/M000275.html +0 -20
- data/doc/classes/Installer.src/M000276.html +0 -18
- data/doc/classes/Installer.src/M000277.html +0 -21
- data/doc/classes/Installer.src/M000278.html +0 -18
- data/doc/classes/Installer.src/M000279.html +0 -22
- data/doc/classes/Installer.src/M000280.html +0 -18
- data/doc/classes/Installer.src/M000281.html +0 -23
- data/doc/classes/Installer.src/M000282.html +0 -18
- data/doc/classes/Installer.src/M000283.html +0 -20
- data/doc/classes/Installer.src/M000284.html +0 -19
- data/doc/classes/Installer.src/M000285.html +0 -19
- data/doc/classes/Installer.src/M000286.html +0 -20
- data/doc/classes/Installer.src/M000287.html +0 -30
- data/doc/classes/Installer.src/M000288.html +0 -20
- data/doc/classes/Installer.src/M000294.html +0 -19
- data/doc/classes/Installer.src/M000295.html +0 -20
- data/doc/classes/Installer.src/M000298.html +0 -19
- data/doc/classes/Installer.src/M000302.html +0 -26
- data/doc/classes/Installer.src/M000303.html +0 -25
- data/doc/classes/Installer.src/M000304.html +0 -29
- data/doc/classes/Installer.src/M000305.html +0 -26
- data/doc/classes/Installer/Shebang.html +0 -202
- data/doc/classes/Installer/Shebang.src/M000306.html +0 -23
- data/doc/classes/Installer/Shebang.src/M000307.html +0 -19
- data/doc/classes/Installer/Shebang.src/M000308.html +0 -19
- data/doc/classes/Installer/Shebang.src/M000309.html +0 -18
- data/doc/classes/Nsec3ParamTest.html +0 -172
- data/doc/classes/Nsec3ParamTest.src/M000233.html +0 -26
- data/doc/classes/Nsec3ParamTest.src/M000234.html +0 -24
- data/doc/classes/Nsec3Test.html +0 -202
- data/doc/classes/Nsec3Test.src/M000207.html +0 -27
- data/doc/classes/Nsec3Test.src/M000208.html +0 -24
- data/doc/classes/Nsec3Test.src/M000209.html +0 -39
- data/doc/classes/Nsec3Test.src/M000210.html +0 -23
- data/doc/classes/NsecTest.html +0 -187
- data/doc/classes/NsecTest.src/M000333.html +0 -23
- data/doc/classes/NsecTest.src/M000334.html +0 -24
- data/doc/classes/NsecTest.src/M000335.html +0 -23
- data/doc/classes/RrsetTest.html +0 -137
- data/doc/classes/RrsetTest.src/M000310.html +0 -68
- data/doc/classes/RrsigTest.html +0 -150
- data/doc/classes/RrsigTest.src/M000099.html +0 -35
- data/doc/classes/SetupError.html +0 -111
- data/doc/classes/TestAResolverFile.html +0 -152
- data/doc/classes/TestAResolverFile.src/M000205.html +0 -18
- data/doc/classes/TestAResolverFile.src/M000206.html +0 -33
- data/doc/classes/TestAxfr.html +0 -137
- data/doc/classes/TestAxfr.src/M000106.html +0 -23
- data/doc/classes/TestDNS.html +0 -257
- data/doc/classes/TestDNS.src/M000196.html +0 -18
- data/doc/classes/TestDNS.src/M000197.html +0 -18
- data/doc/classes/TestDNS.src/M000198.html +0 -53
- data/doc/classes/TestDNS.src/M000199.html +0 -19
- data/doc/classes/TestDNS.src/M000200.html +0 -18
- data/doc/classes/TestDNS.src/M000201.html +0 -32
- data/doc/classes/TestDNS.src/M000202.html +0 -74
- data/doc/classes/TestDNS.src/M000203.html +0 -41
- data/doc/classes/TestDNS.src/M000204.html +0 -67
- data/doc/classes/TestDnsruby.html +0 -137
- data/doc/classes/TestDnsruby.src/M000211.html +0 -36
- data/doc/classes/TestEscapedChars.html +0 -152
- data/doc/classes/TestEscapedChars.src/M000014.html +0 -243
- data/doc/classes/TestEscapedChars.src/M000015.html +0 -248
- data/doc/classes/TestEventMachineSoak.html +0 -227
- data/doc/classes/TestEventMachineSoak.src/M000319.html +0 -19
- data/doc/classes/TestEventMachineSoak.src/M000320.html +0 -18
- data/doc/classes/TestEventMachineSoak.src/M000321.html +0 -18
- data/doc/classes/TestEventMachineSoak.src/M000322.html +0 -33
- data/doc/classes/TestEventMachineSoak.src/M000323.html +0 -34
- data/doc/classes/TestEventMachineSoak.src/M000324.html +0 -33
- data/doc/classes/TestEventMachineSoak.src/M000325.html +0 -33
- data/doc/classes/TestHeader.html +0 -137
- data/doc/classes/TestHeader.src/M000091.html +0 -98
- data/doc/classes/TestMisc.html +0 -167
- data/doc/classes/TestMisc.src/M000011.html +0 -28
- data/doc/classes/TestMisc.src/M000012.html +0 -50
- data/doc/classes/TestMisc.src/M000013.html +0 -84
- data/doc/classes/TestName.html +0 -182
- data/doc/classes/TestName.src/M000218.html +0 -24
- data/doc/classes/TestName.src/M000219.html +0 -23
- data/doc/classes/TestName.src/M000220.html +0 -21
- data/doc/classes/TestName.src/M000221.html +0 -21
- data/doc/classes/TestPacket.html +0 -182
- data/doc/classes/TestPacket.src/M000229.html +0 -154
- data/doc/classes/TestPacket.src/M000230.html +0 -25
- data/doc/classes/TestPacket.src/M000231.html +0 -23
- data/doc/classes/TestPacket.src/M000232.html +0 -32
- data/doc/classes/TestPacketUniquePush.html +0 -140
- data/doc/classes/TestPacketUniquePush.src/M000318.html +0 -81
- data/doc/classes/TestQuestion.html +0 -137
- data/doc/classes/TestQuestion.src/M000090.html +0 -45
- data/doc/classes/TestQueue.html +0 -137
- data/doc/classes/TestQueue.src/M000089.html +0 -27
- data/doc/classes/TestRR.html +0 -137
- data/doc/classes/TestRR.src/M000217.html +0 -256
- data/doc/classes/TestRecur.html +0 -137
- data/doc/classes/TestRecur.src/M000176.html +0 -20
- data/doc/classes/TestResOpt.html +0 -227
- data/doc/classes/TestResOpt.src/M000311.html +0 -37
- data/doc/classes/TestResOpt.src/M000312.html +0 -19
- data/doc/classes/TestResOpt.src/M000313.html +0 -30
- data/doc/classes/TestResOpt.src/M000314.html +0 -37
- data/doc/classes/TestResOpt.src/M000315.html +0 -45
- data/doc/classes/TestResOpt.src/M000316.html +0 -36
- data/doc/classes/TestResOpt.src/M000317.html +0 -60
- data/doc/classes/TestResolver.html +0 -357
- data/doc/classes/TestResolver.src/M000077.html +0 -18
- data/doc/classes/TestResolver.src/M000078.html +0 -20
- data/doc/classes/TestResolver.src/M000079.html +0 -20
- data/doc/classes/TestResolver.src/M000080.html +0 -24
- data/doc/classes/TestResolver.src/M000081.html +0 -25
- data/doc/classes/TestResolver.src/M000082.html +0 -31
- data/doc/classes/TestResolver.src/M000083.html +0 -24
- data/doc/classes/TestResolver.src/M000084.html +0 -42
- data/doc/classes/TestResolver.src/M000085.html +0 -38
- data/doc/classes/TestResolver.src/M000086.html +0 -34
- data/doc/classes/TestResolver.src/M000087.html +0 -30
- data/doc/classes/TestResolver.src/M000088.html +0 -41
- data/doc/classes/TestResolverConfig.html +0 -205
- data/doc/classes/TestResolverConfig.src/M000225.html +0 -18
- data/doc/classes/TestResolverConfig.src/M000226.html +0 -37
- data/doc/classes/TestResolverConfig.src/M000227.html +0 -23
- data/doc/classes/TestResolverConfig.src/M000228.html +0 -22
- data/doc/classes/TestResolverEnv.html +0 -141
- data/doc/classes/TestResolverEnv.src/M000332.html +0 -44
- data/doc/classes/TestRrOpt.html +0 -182
- data/doc/classes/TestRrOpt.src/M000007.html +0 -33
- data/doc/classes/TestRrOpt.src/M000008.html +0 -46
- data/doc/classes/TestRrOpt.src/M000009.html +0 -23
- data/doc/classes/TestRrOpt.src/M000010.html +0 -34
- data/doc/classes/TestRrTest.html +0 -155
- data/doc/classes/TestRrTest.src/M000224.html +0 -77
- data/doc/classes/TestRrUnknown.html +0 -167
- data/doc/classes/TestRrUnknown.src/M000074.html +0 -41
- data/doc/classes/TestRrUnknown.src/M000075.html +0 -39
- data/doc/classes/TestRrUnknown.src/M000076.html +0 -42
- data/doc/classes/TestSingleResolver.html +0 -293
- data/doc/classes/TestSingleResolver.src/M000149.html +0 -18
- data/doc/classes/TestSingleResolver.src/M000150.html +0 -19
- data/doc/classes/TestSingleResolver.src/M000151.html +0 -28
- data/doc/classes/TestSingleResolver.src/M000152.html +0 -30
- data/doc/classes/TestSingleResolver.src/M000153.html +0 -55
- data/doc/classes/TestSingleResolver.src/M000154.html +0 -26
- data/doc/classes/TestSingleResolver.src/M000155.html +0 -23
- data/doc/classes/TestSingleResolver.src/M000156.html +0 -27
- data/doc/classes/TestSingleResolver.src/M000157.html +0 -39
- data/doc/classes/TestSingleResolverSoak.html +0 -223
- data/doc/classes/TestSingleResolverSoak.src/M000326.html +0 -18
- data/doc/classes/TestSingleResolverSoak.src/M000327.html +0 -18
- data/doc/classes/TestSingleResolverSoak.src/M000328.html +0 -57
- data/doc/classes/TestSingleResolverSoak.src/M000329.html +0 -64
- data/doc/classes/TestSingleResolverSoak.src/M000330.html +0 -25
- data/doc/classes/TestSingleResolverSoak.src/M000331.html +0 -63
- data/doc/classes/TestSoakBase.html +0 -172
- data/doc/classes/TestSoakBase.src/M000072.html +0 -68
- data/doc/classes/TestSoakBase.src/M000073.html +0 -66
- data/doc/classes/TestTKey.html +0 -152
- data/doc/classes/TestTKey.src/M000215.html +0 -18
- data/doc/classes/TestTKey.src/M000216.html +0 -65
- data/doc/classes/TestTSig.html +0 -309
- data/doc/classes/TestTSig.src/M000138.html +0 -18
- data/doc/classes/TestTSig.src/M000139.html +0 -20
- data/doc/classes/TestTSig.src/M000140.html +0 -26
- data/doc/classes/TestTSig.src/M000141.html +0 -69
- data/doc/classes/TestTSig.src/M000142.html +0 -21
- data/doc/classes/TestTSig.src/M000143.html +0 -60
- data/doc/classes/TestTSig.src/M000144.html +0 -33
- data/doc/classes/TestTSig.src/M000145.html +0 -20
- data/doc/classes/TestTSig.src/M000146.html +0 -24
- data/doc/classes/TestTSig.src/M000147.html +0 -54
- data/doc/classes/TestTSig.src/M000148.html +0 -23
- data/doc/classes/TestTcp.html +0 -152
- data/doc/classes/TestTcp.src/M000222.html +0 -21
- data/doc/classes/TestTcp.src/M000223.html +0 -23
- data/doc/classes/TestUpdate.html +0 -152
- data/doc/classes/TestUpdate.src/M000174.html +0 -20
- data/doc/classes/TestUpdate.src/M000175.html +0 -203
- data/doc/classes/ToplevelInstaller.html +0 -621
- data/doc/classes/ToplevelInstaller.src/M000107.html +0 -23
- data/doc/classes/ToplevelInstaller.src/M000108.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000109.html +0 -25
- data/doc/classes/ToplevelInstaller.src/M000110.html +0 -21
- data/doc/classes/ToplevelInstaller.src/M000111.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000112.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000113.html +0 -38
- data/doc/classes/ToplevelInstaller.src/M000114.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000115.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000116.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000117.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000118.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000119.html +0 -40
- data/doc/classes/ToplevelInstaller.src/M000120.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000121.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000122.html +0 -21
- data/doc/classes/ToplevelInstaller.src/M000128.html +0 -40
- data/doc/classes/ToplevelInstaller.src/M000129.html +0 -31
- data/doc/classes/ToplevelInstaller.src/M000130.html +0 -52
- data/doc/classes/ToplevelInstaller.src/M000131.html +0 -19
- data/doc/classes/ToplevelInstaller.src/M000132.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000133.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000134.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000135.html +0 -20
- data/doc/classes/ToplevelInstaller.src/M000136.html +0 -18
- data/doc/classes/ToplevelInstaller.src/M000137.html +0 -18
- data/doc/classes/ToplevelInstallerMulti.html +0 -398
- data/doc/classes/ToplevelInstallerMulti.src/M000158.html +0 -21
- data/doc/classes/ToplevelInstallerMulti.src/M000159.html +0 -21
- data/doc/classes/ToplevelInstallerMulti.src/M000160.html +0 -23
- data/doc/classes/ToplevelInstallerMulti.src/M000161.html +0 -29
- data/doc/classes/ToplevelInstallerMulti.src/M000162.html +0 -22
- data/doc/classes/ToplevelInstallerMulti.src/M000163.html +0 -21
- data/doc/classes/ToplevelInstallerMulti.src/M000164.html +0 -21
- data/doc/classes/ToplevelInstallerMulti.src/M000165.html +0 -20
- data/doc/classes/ToplevelInstallerMulti.src/M000166.html +0 -20
- data/doc/classes/ToplevelInstallerMulti.src/M000167.html +0 -20
- data/doc/classes/ToplevelInstallerMulti.src/M000168.html +0 -21
- data/doc/classes/ToplevelInstallerMulti.src/M000169.html +0 -21
- data/doc/classes/ToplevelInstallerMulti.src/M000170.html +0 -25
- data/doc/classes/ToplevelInstallerMulti.src/M000171.html +0 -18
- data/doc/classes/ToplevelInstallerMulti.src/M000172.html +0 -18
- data/doc/classes/ToplevelInstallerMulti.src/M000173.html +0 -18
- data/doc/created.rid +0 -1
- data/doc/files/demo/axfr_rb.html +0 -158
- data/doc/files/demo/check_soa_rb.html +0 -138
- data/doc/files/demo/check_zone_rb.html +0 -231
- data/doc/files/demo/check_zone_rb.src/M000001.html +0 -81
- data/doc/files/demo/check_zone_rb.src/M000002.html +0 -30
- data/doc/files/demo/check_zone_rb.src/M000003.html +0 -23
- data/doc/files/demo/check_zone_rb.src/M000004.html +0 -23
- data/doc/files/demo/check_zone_rb.src/M000005.html +0 -23
- data/doc/files/demo/example_recurse_rb.html +0 -115
- data/doc/files/demo/mresolv_rb.html +0 -130
- data/doc/files/demo/mx_rb.html +0 -108
- data/doc/files/demo/rubydig_rb.html +0 -128
- data/doc/files/demo/trace_dns_rb.html +0 -108
- data/doc/files/lib/Dnsruby/Cache_rb.html +0 -109
- data/doc/files/lib/Dnsruby/Config_rb.html +0 -101
- data/doc/files/lib/Dnsruby/DNS_rb.html +0 -110
- data/doc/files/lib/Dnsruby/Hosts_rb.html +0 -108
- data/doc/files/lib/Dnsruby/Recursor_rb.html +0 -101
- data/doc/files/lib/Dnsruby/Resolver_rb.html +0 -110
- data/doc/files/lib/Dnsruby/SingleResolver_rb.html +0 -109
- data/doc/files/lib/Dnsruby/TheLog_rb.html +0 -110
- data/doc/files/lib/Dnsruby/code_mapper_rb.html +0 -101
- data/doc/files/lib/Dnsruby/dnssec_rb.html +0 -107
- data/doc/files/lib/Dnsruby/event_machine_interface_rb.html +0 -108
- data/doc/files/lib/Dnsruby/iana_ports_rb.html +0 -127
- data/doc/files/lib/Dnsruby/ipv4_rb.html +0 -101
- data/doc/files/lib/Dnsruby/ipv6_rb.html +0 -101
- data/doc/files/lib/Dnsruby/message_rb.html +0 -109
- data/doc/files/lib/Dnsruby/name_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/AAAA_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/AFSDB_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/A_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/CERT_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/DLV_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/DNSKEY_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/DS_rb.html +0 -108
- data/doc/files/lib/Dnsruby/resource/HINFO_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/IN_rb.html +0 -112
- data/doc/files/lib/Dnsruby/resource/ISDN_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/LOC_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/MINFO_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/MX_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/NAPTR_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/NSAP_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/NSEC3PARAM_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/NSEC3_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/NSEC_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/OPT_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/PX_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/RP_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/RRSIG_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/RT_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/SOA_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/SPF_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/SRV_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/TKEY_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/TSIG_rb.html +0 -114
- data/doc/files/lib/Dnsruby/resource/TXT_rb.html +0 -108
- data/doc/files/lib/Dnsruby/resource/X25_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/domain_name_rb.html +0 -101
- data/doc/files/lib/Dnsruby/resource/generic_rb.html +0 -132
- data/doc/files/lib/Dnsruby/resource/resource_rb.html +0 -110
- data/doc/files/lib/Dnsruby/select_thread_rb.html +0 -111
- data/doc/files/lib/Dnsruby/update_rb.html +0 -101
- data/doc/files/lib/Dnsruby/zone_transfer_rb.html +0 -101
- data/doc/files/lib/dnsruby_rb.html +0 -118
- data/doc/files/setup_rb.html +0 -148
- data/doc/files/setup_rb.src/M000006.html +0 -18
- data/doc/files/test/tc_axfr_rb.html +0 -110
- data/doc/files/test/tc_dns_rb.html +0 -117
- data/doc/files/test/tc_dnskey_rb.html +0 -109
- data/doc/files/test/tc_dnsruby_rb.html +0 -117
- data/doc/files/test/tc_dnssec_rb.html +0 -109
- data/doc/files/test/tc_ds_rb.html +0 -110
- data/doc/files/test/tc_escapedchars_rb.html +0 -117
- data/doc/files/test/tc_event_machine_deferrable_rb.html +0 -111
- data/doc/files/test/tc_event_machine_res_rb.html +0 -111
- data/doc/files/test/tc_event_machine_single_res_rb.html +0 -111
- data/doc/files/test/tc_event_machine_soak_rb.html +0 -113
- data/doc/files/test/tc_header_rb.html +0 -117
- data/doc/files/test/tc_misc_rb.html +0 -110
- data/doc/files/test/tc_name_rb.html +0 -117
- data/doc/files/test/tc_nsec3_rb.html +0 -109
- data/doc/files/test/tc_nsec3param_rb.html +0 -109
- data/doc/files/test/tc_nsec_rb.html +0 -109
- data/doc/files/test/tc_packet_rb.html +0 -117
- data/doc/files/test/tc_packet_unique_push_rb.html +0 -117
- data/doc/files/test/tc_question_rb.html +0 -117
- data/doc/files/test/tc_queue_rb.html +0 -109
- data/doc/files/test/tc_recur_rb.html +0 -109
- data/doc/files/test/tc_res_config_rb.html +0 -110
- data/doc/files/test/tc_res_env_rb.html +0 -117
- data/doc/files/test/tc_res_file_rb.html +0 -110
- data/doc/files/test/tc_res_opt_rb.html +0 -117
- data/doc/files/test/tc_resolver_rb.html +0 -117
- data/doc/files/test/tc_rr-opt_rb.html +0 -118
- data/doc/files/test/tc_rr-txt_rb.html +0 -117
- data/doc/files/test/tc_rr-unknown_rb.html +0 -110
- data/doc/files/test/tc_rr_rb.html +0 -117
- data/doc/files/test/tc_rrset_rb.html +0 -109
- data/doc/files/test/tc_rrsig_rb.html +0 -109
- data/doc/files/test/tc_single_resolver_rb.html +0 -117
- data/doc/files/test/tc_soak_base_rb.html +0 -110
- data/doc/files/test/tc_soak_rb.html +0 -121
- data/doc/files/test/tc_tcp_rb.html +0 -110
- data/doc/files/test/tc_tkey_rb.html +0 -111
- data/doc/files/test/tc_tsig_rb.html +0 -111
- data/doc/files/test/tc_update_rb.html +0 -117
- data/doc/files/test/ts_dnsruby_rb.html +0 -109
- data/doc/files/test/ts_offline_rb.html +0 -133
- data/doc/files/test/ts_online_rb.html +0 -128
- data/doc/fr_method_index.html +0 -726
|
@@ -0,0 +1,1289 @@
|
|
|
1
|
+
# This class does verification/validation from a single point - signed root,
|
|
2
|
+
# DLV, trust anchors. Dnssec controls a set of these to perform validation for
|
|
3
|
+
# the client.
|
|
4
|
+
# This class should only be used by Dnsruby
|
|
5
|
+
module Dnsruby
|
|
6
|
+
class SingleVerifier # :nodoc: all
|
|
7
|
+
class VerifierType
|
|
8
|
+
ROOT = 0
|
|
9
|
+
ANCHOR = 1
|
|
10
|
+
DLV = 2
|
|
11
|
+
end
|
|
12
|
+
def initialize(vtype)
|
|
13
|
+
@verifier_type = vtype
|
|
14
|
+
@added_dlv_key = false
|
|
15
|
+
# The DNSKEY RRs for the signed root (when it exists)
|
|
16
|
+
@root_anchors = KeyCache.new
|
|
17
|
+
# Could add methods for interacting with root anchors - see test/tc_itar.rb
|
|
18
|
+
# for example of how to load ITAR trust anchors into dnsruby
|
|
19
|
+
|
|
20
|
+
# The set of trust anchors.
|
|
21
|
+
# If the root is unsigned, then these must be initialised with at least
|
|
22
|
+
# one trusted key by the client application, if verification is to be performed.
|
|
23
|
+
@trust_anchors = KeyCache.new
|
|
24
|
+
|
|
25
|
+
@dlv_registries = []
|
|
26
|
+
|
|
27
|
+
# The set of keys which are trusted.
|
|
28
|
+
@trusted_keys = KeyCache.new
|
|
29
|
+
|
|
30
|
+
# The set of keys which have been indicated by a DS RRSet which has been
|
|
31
|
+
# signed by a trusted key. Although we have not yet located these keys, we
|
|
32
|
+
# have the details (tag and digest) which can identify the keys when we
|
|
33
|
+
# see them. At that point, they will be added to our trusted keys.
|
|
34
|
+
@discovered_ds_store = []
|
|
35
|
+
# The configured_ds_store is the set of DS records which have been configured
|
|
36
|
+
# by the client as trust anchors. Use Dnssec#add_trust_anchor to add these
|
|
37
|
+
@configured_ds_store = []
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def get_dlv_resolver # :nodoc:
|
|
41
|
+
if (Dnssec.do_validation_with_recursor?)
|
|
42
|
+
return Recursor.new
|
|
43
|
+
else
|
|
44
|
+
if (Dnssec.default_resolver)
|
|
45
|
+
return Dnssec.default_resolver
|
|
46
|
+
else
|
|
47
|
+
return Resolver.new
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
def add_dlv_key(key)
|
|
52
|
+
# Is this a ZSK or a KSK?
|
|
53
|
+
# If it is a KSK, then get the ZSK from the zone
|
|
54
|
+
if (key.sep_key?)
|
|
55
|
+
get_dlv_key(key)
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
def get_dlv_key(ksk) # :nodoc:
|
|
59
|
+
# Using the KSK, get the ZSK for the DLV registry
|
|
60
|
+
if (!@res && (@verifier_type == VerifierType::DLV))
|
|
61
|
+
@res = get_dlv_resolver
|
|
62
|
+
end
|
|
63
|
+
# print "Sending query : res.dnssec = #{@res.dnssec}"
|
|
64
|
+
ret = nil
|
|
65
|
+
begin
|
|
66
|
+
ret = @res.query_no_validation_or_recursion("dlv.isc.org.", Types.DNSKEY)
|
|
67
|
+
if (!ret)
|
|
68
|
+
raise ResolvError.new("Couldn't get response from Recursor")
|
|
69
|
+
end
|
|
70
|
+
rescue ResolvError => e
|
|
71
|
+
# print "ERROR - Couldn't find the DLV key\n"
|
|
72
|
+
TheLog.error("Couldn't find the DLV key\n")
|
|
73
|
+
return
|
|
74
|
+
end
|
|
75
|
+
key_rrset = ret.answer.rrset("dlv.isc.org", Types.DNSKEY)
|
|
76
|
+
begin
|
|
77
|
+
verify(key_rrset, ksk)
|
|
78
|
+
add_trusted_key(key_rrset)
|
|
79
|
+
# print "Successfully added DLV key\n"
|
|
80
|
+
TheLog.info("Successfully added DLV key")
|
|
81
|
+
@added_dlv_key = true
|
|
82
|
+
rescue VerifyError => e
|
|
83
|
+
# print "Error verifying DLV key : #{e}\n"
|
|
84
|
+
TheLog.error("Error verifying DLV key : #{e}")
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
def add_trust_anchor(t)
|
|
88
|
+
add_trust_anchor_with_expiration(t, Time.utc(2035,"jan",1,20,15,1).to_i)
|
|
89
|
+
end
|
|
90
|
+
# Add the
|
|
91
|
+
def add_trust_anchor_with_expiration(k, expiration)
|
|
92
|
+
if (k.type == Types.DNSKEY)
|
|
93
|
+
k.flags = k.flags | RR::IN::DNSKEY::SEP_KEY
|
|
94
|
+
@trust_anchors.add_key_with_expiration(k, expiration)
|
|
95
|
+
# print "Adding trust anchor for #{k.name}\n"
|
|
96
|
+
TheLog.info("Adding trust anchor for #{k.name}")
|
|
97
|
+
elsif ((k.type == Types.DS) || ((k.type == Types.DLV) && (@verifier_type == VerifierType::DLV)))
|
|
98
|
+
@configured_ds_store.push(k)
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
def remove_trust_anchor(t)
|
|
103
|
+
@trust_anchors.delete(t)
|
|
104
|
+
end
|
|
105
|
+
# Wipes the cache of trusted keys
|
|
106
|
+
def clear_trust_anchors
|
|
107
|
+
@trust_anchors = KeyCache.new
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def trust_anchors
|
|
111
|
+
return @trust_anchors.keys + @configured_ds_store
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
# Check that the RRSet and RRSIG record are compatible
|
|
115
|
+
def check_rr_data(rrset, sigrec)#:nodoc: all
|
|
116
|
+
#Each RR MUST have the same owner name as the RRSIG RR;
|
|
117
|
+
if (rrset.name.to_s.downcase != sigrec.name.to_s.downcase)
|
|
118
|
+
raise VerifyError.new("RRSET should have same owner name as RRSIG for verification (rrsert=#{rrset.name}, sigrec=#{sigrec.name}")
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
#Each RR MUST have the same class as the RRSIG RR;
|
|
122
|
+
if (rrset.klass != sigrec.klass)
|
|
123
|
+
raise VerifyError.new("RRSET should have same DNS class as RRSIG for verification")
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
#Each RR in the RRset MUST have the RR type listed in the
|
|
127
|
+
#RRSIG RR's Type Covered field;
|
|
128
|
+
if (rrset.type != sigrec.type_covered)
|
|
129
|
+
raise VerifyError.new("RRSET should have same type as RRSIG for verification")
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
#Each RR in the RRset MUST have the TTL listed in the
|
|
133
|
+
#RRSIG Original TTL Field;
|
|
134
|
+
if (rrset.ttl != sigrec.ttl)
|
|
135
|
+
raise VerifyError.new("RRSET should have same ttl as RRSIG for verification")
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
# Now check that we are in the validity period for the RRSIG
|
|
139
|
+
now = Time.now.to_i
|
|
140
|
+
if ((sigrec.expiration < now) || (sigrec.inception > now))
|
|
141
|
+
raise VerifyError.new("Signature record not in validity period")
|
|
142
|
+
end
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
# Add the specified keys to the trusted key cache.
|
|
146
|
+
# k can be a KeyCache, or an RRSet of DNSKEYs.
|
|
147
|
+
def add_trusted_key(k)
|
|
148
|
+
@trusted_keys.add(k)
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
# Wipes the cache of trusted keys
|
|
152
|
+
def clear_trusted_keys
|
|
153
|
+
@trusted_keys = KeyCache.new
|
|
154
|
+
@discovered_ds_store = []
|
|
155
|
+
@configured_ds_store = []
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
def trusted_keys
|
|
159
|
+
discovered_ds = []
|
|
160
|
+
@discovered_ds_store.each {|rrset|
|
|
161
|
+
rrset.rrs.each {|rr|
|
|
162
|
+
discovered_ds.push(rr)
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
return @trusted_keys.keys + @configured_ds_store + discovered_ds
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
# Check that the key fits a signed DS record key details
|
|
169
|
+
# If so, then add the key to the trusted keys
|
|
170
|
+
def check_ds(key, ds_rrset)#:nodoc: all
|
|
171
|
+
expiration = 0
|
|
172
|
+
found = false
|
|
173
|
+
ds_rrset.sigs.each { |sig|
|
|
174
|
+
if ((sig.type_covered == Types.DS) || ((sig.type_covered == Types.DLV)&& (@verifier_type==VerifierType::DLV)))
|
|
175
|
+
if (sig.inception <= Time.now.to_i)
|
|
176
|
+
# Check sig.expiration, sig.algorithm
|
|
177
|
+
if (sig.expiration > expiration)
|
|
178
|
+
expiration = sig.expiration
|
|
179
|
+
end
|
|
180
|
+
end
|
|
181
|
+
end
|
|
182
|
+
}
|
|
183
|
+
if (expiration > 0)
|
|
184
|
+
ds_rrset.rrs.each { |ds|
|
|
185
|
+
if ((ds.type === Types.DS) || ((ds.type == Types.DLV) && (@verifier_type == VerifierType::DLV)))
|
|
186
|
+
if (ds.check_key(key))
|
|
187
|
+
@trusted_keys.add_key_with_expiration(key, expiration)
|
|
188
|
+
found = true
|
|
189
|
+
end
|
|
190
|
+
end
|
|
191
|
+
}
|
|
192
|
+
end
|
|
193
|
+
return found
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
# Verify the specified message (or RRSet) using the set of trusted keys.
|
|
197
|
+
# If keys is a DNSKEY, or an Array or RRSet of DNSKEYs, then keys
|
|
198
|
+
# is added to the set of trusted keys before the message (or RRSet) is
|
|
199
|
+
# verified.
|
|
200
|
+
#
|
|
201
|
+
# If msg is a Dnsruby::Message, then any signed DNSKEY or DS RRSets are
|
|
202
|
+
# processed first, and any new keys are added to the trusted key set
|
|
203
|
+
# before the other RRSets are checked.
|
|
204
|
+
#
|
|
205
|
+
# msg can be a Dnsruby::Message or Dnsruby::RRSet.
|
|
206
|
+
# keys may be nil, or a KeyCache or an RRSet of Dnsruby::RR::DNSKEY
|
|
207
|
+
#
|
|
208
|
+
# Returns true if the message verifies OK, and false otherwise.
|
|
209
|
+
def verify(msg, keys = nil)
|
|
210
|
+
if (msg.kind_of?RRSet)
|
|
211
|
+
if (msg.type == Types.DNSKEY)
|
|
212
|
+
return verify_key_rrset(msg, keys)
|
|
213
|
+
end
|
|
214
|
+
if ((msg.type == Types.DS) || (msg.type == Types.DLV))
|
|
215
|
+
return verify_ds_rrset(msg, keys)
|
|
216
|
+
|
|
217
|
+
end
|
|
218
|
+
return verify_rrset(msg, keys)
|
|
219
|
+
end
|
|
220
|
+
# Use the set of trusted keys to check any RRSets we can, ideally
|
|
221
|
+
# those of other DNSKEY RRSets first. Then, see if we can use any of the
|
|
222
|
+
# new total set of keys to check the rest of the rrsets.
|
|
223
|
+
# Return true if we can verify the whole message.
|
|
224
|
+
|
|
225
|
+
msg.each_section do |section|
|
|
226
|
+
# print "Checking section : #{section}\n"
|
|
227
|
+
ds_rrsets = section.rrsets(Types.DS)
|
|
228
|
+
if ((!ds_rrsets || ds_rrsets.length == 0) && (@verifier_type == VerifierType::DLV))
|
|
229
|
+
ds_rrsets = section.rrsets(Types.DLV)
|
|
230
|
+
end
|
|
231
|
+
ds_rrsets.each {|ds_rrset|
|
|
232
|
+
if ((ds_rrset && ds_rrset.rrs.length > 0) && !verify_ds_rrset(ds_rrset, keys, msg))
|
|
233
|
+
raise VerifyError.new("Failed to verify DS RRSet")
|
|
234
|
+
# return false
|
|
235
|
+
end
|
|
236
|
+
}
|
|
237
|
+
|
|
238
|
+
key_rrsets = section.rrsets(Types.DNSKEY)
|
|
239
|
+
key_rrsets.each {|key_rrset|
|
|
240
|
+
if ((key_rrset && key_rrset.rrs.length > 0) && !verify_key_rrset(key_rrset, keys))
|
|
241
|
+
raise VerifyError.new("Failed to verify DNSKEY RRSet")
|
|
242
|
+
# return false
|
|
243
|
+
end
|
|
244
|
+
}
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
verify_nsecs(msg)
|
|
248
|
+
|
|
249
|
+
# Then, look through all the remaining RRSets, and verify them all (unless not necessary).
|
|
250
|
+
msg.section_rrsets.each do |section, rrsets|
|
|
251
|
+
rrsets.each do |rrset|
|
|
252
|
+
# If delegation NS or glue AAAA/A, then don't expect RRSIG.
|
|
253
|
+
# Otherwise, expect RRSIG and fail verification if RRSIG is not present
|
|
254
|
+
|
|
255
|
+
if ((section == "authority") && (rrset.type == Types.NS))
|
|
256
|
+
# Check for delegation
|
|
257
|
+
dsrrset = msg.authority.rrsets('DS')[0]
|
|
258
|
+
if ((msg.answer.size == 0) && (!dsrrset) && (rrset.type == Types.NS)) # (isDelegation)
|
|
259
|
+
# Now check NSEC(3) records for absence of DS and SOA
|
|
260
|
+
nsec = msg.authority.rrsets('NSEC')[0]
|
|
261
|
+
if (nsec.length == 0)
|
|
262
|
+
nsec = msg.authority.rrsets('NSEC3')[0]
|
|
263
|
+
end
|
|
264
|
+
if (nsec.rrs.length > 0)
|
|
265
|
+
if (!(nsec.rrs()[0].types.include?'DS') || !(nsec.rrs()[0].types.include?'SOA'))
|
|
266
|
+
next # delegation which we expect to be unsigned - so don't verify it!
|
|
267
|
+
end
|
|
268
|
+
end
|
|
269
|
+
end
|
|
270
|
+
# If NS records delegate the name to the child's nameservers, then they MUST NOT be signed
|
|
271
|
+
if (rrset.type == Types.NS)
|
|
272
|
+
# all_delegate = true
|
|
273
|
+
# rrset.rrs.each {|rr|
|
|
274
|
+
# name = Name.create(rr.nsdname)
|
|
275
|
+
# name.absolute = true
|
|
276
|
+
# if (!(name.subdomain_of?(rr.name)))
|
|
277
|
+
# all_delegate = false
|
|
278
|
+
# end
|
|
279
|
+
# }
|
|
280
|
+
# if (all_delegate && rrset.sigs.length == 0)
|
|
281
|
+
# next
|
|
282
|
+
# end
|
|
283
|
+
if ((rrset.name.to_s.downcase == msg.question()[0].qname.to_s.downcase) && (rrset.sigs.length == 0))
|
|
284
|
+
next
|
|
285
|
+
end
|
|
286
|
+
end
|
|
287
|
+
end
|
|
288
|
+
|
|
289
|
+
if (section == "additional")
|
|
290
|
+
# check for glue
|
|
291
|
+
# if the ownername (in the addtional section) of the glue address is the same or longer as the ownername of the NS record, it is glue
|
|
292
|
+
if (msg.additional.size > 0)
|
|
293
|
+
arec = msg.additional.rrsets('A')[0]
|
|
294
|
+
if (!arec || arec.rrs.length == 0)
|
|
295
|
+
arec = msg.additional.rrsets('AAAA')[0]
|
|
296
|
+
end
|
|
297
|
+
ns_rrsets = msg.additional.rrsets('NS')
|
|
298
|
+
ns_rrsets.each {|ns_rrset|
|
|
299
|
+
if (ns_rrset.length > 0)
|
|
300
|
+
nsname = ns_rrset.rrs()[0].name
|
|
301
|
+
if (arec && arec.rrs().length > 0)
|
|
302
|
+
aname = arec.rrs()[0].name
|
|
303
|
+
if (nsname.subdomain_of?aname)
|
|
304
|
+
next
|
|
305
|
+
end
|
|
306
|
+
end
|
|
307
|
+
end
|
|
308
|
+
}
|
|
309
|
+
end
|
|
310
|
+
end
|
|
311
|
+
# If records are in additional, and no RRSIG, that's Ok - just don't use them!
|
|
312
|
+
if ((section == "additional") && (rrset.sigs.length == 0))
|
|
313
|
+
# @TODO@ Make sure that we don't cache these records!
|
|
314
|
+
next
|
|
315
|
+
end
|
|
316
|
+
# else verify RRSet
|
|
317
|
+
# print "About to verify #{rrset.name}, #{rrset.type}\n"
|
|
318
|
+
if (!verify_rrset(rrset, keys))
|
|
319
|
+
# print "FAILED TO VERIFY RRSET #{rrset.name}, #{rrset.type}\n"
|
|
320
|
+
TheLog.debug("Failed to verify rrset")
|
|
321
|
+
return false
|
|
322
|
+
end
|
|
323
|
+
end
|
|
324
|
+
end
|
|
325
|
+
return true
|
|
326
|
+
end
|
|
327
|
+
|
|
328
|
+
def verify_nsecs(msg) # :nodoc:
|
|
329
|
+
# NSEC(3) handling. Get NSEC(3)s in four cases : (RFC 4035, section 3.1.3)
|
|
330
|
+
# a) No data - <SNAME, SCLASS> matches, but no <SNAME, SCLASS, STYPE) (§3.1.3.1)
|
|
331
|
+
# - will expect NSEC in Authority (and associated RRSIG)
|
|
332
|
+
# - NOERROR returned
|
|
333
|
+
# b) Name error - no RRSets that match <SNAME, SCLASS> either exactly or through wildcard expansion (§3.1.3.2)
|
|
334
|
+
# - NSEC wil prove i) no exact match for <SNAME, SCLASS>, and ii) no RRSets that could match through wildcard expansion
|
|
335
|
+
# - this may be proved in one or more NSECs (and associated RRSIGs)
|
|
336
|
+
# - NXDOMAIN returned - should ensure we verify!
|
|
337
|
+
# c) Wildcard answer - No <SNAME, SCLASS> direct matches, but matches <SNAME, SCLASS, STYPE> through wildcard expansion (§3.1.3.3)
|
|
338
|
+
# - Answer section must include wildcard-expanded answer (and associated RRSIGs)
|
|
339
|
+
# - label count in answer RRSIG indicates wildcard RRSet was expanded (less labels than in owner name)
|
|
340
|
+
# - Authority section must include NSEC (and RRSIGs) proving that zone does not contain a closer match
|
|
341
|
+
# - NOERROR returned
|
|
342
|
+
# d) Wildcard no data - No <SNAME, SCLASS> direct. <SNAME, SCLASS> yes but <SNAME, SCLASS, STYPE> no through wildcard expansion (§3.1.3.4)
|
|
343
|
+
# - Authority section contains NSECs (and RRSIGs) for :
|
|
344
|
+
# i) NSEC proving no RRSets matching STYPE at wildcard owner name that matched <SNAME, SCLASS> via wildcard expansion
|
|
345
|
+
# ii) NSEC proving no RRSets in zone that would have been closer match for <SNAME, SCLASS>
|
|
346
|
+
# - this may be proved by one or more NSECs (and associated RRSIGs)
|
|
347
|
+
# - NOERROR returned
|
|
348
|
+
#
|
|
349
|
+
# Otherwise no NSECs should be returned.
|
|
350
|
+
|
|
351
|
+
# So, check for NSEC records in response, and work out what type of answer we have.
|
|
352
|
+
# Then, if NSECs are present, make sure that we prove what they said they would.
|
|
353
|
+
# What if the message *should* have no NSEC records? That can only be known by the validator.
|
|
354
|
+
# We will assume that the validator has checked the (non)-existence of NSEC records - we should not
|
|
355
|
+
# get upset if there aren't any. However, if there are, then we should verify that they say the right thing
|
|
356
|
+
qtype = msg.question()[0].qtype
|
|
357
|
+
return if (msg.rcode == RCode.NOERROR && ((qtype == Types.ANY) || (qtype == Types.NSEC) || (qtype == Types.NSEC3)))
|
|
358
|
+
if ((msg.rrsets('NSEC').length > 0) || (msg.rrsets('NSEC3').length > 0))
|
|
359
|
+
if (msg.rcode == RCode.NXDOMAIN)
|
|
360
|
+
# print "Checking NSECs for Name Error\n"
|
|
361
|
+
#Name error - NSEC wil prove i) no exact match for <SNAME, SCLASS>, and ii) no RRSets that could match through wildcard expansion
|
|
362
|
+
# - this may be proved in one or more NSECs (and associated RRSIGs)
|
|
363
|
+
check_name_in_nsecs(msg)
|
|
364
|
+
return check_no_wildcard_expansion(msg)
|
|
365
|
+
elsif (msg.rcode == RCode.NOERROR)
|
|
366
|
+
if (msg.answer.length > 0)
|
|
367
|
+
# print "Checking NSECs for wildcard expansion\n"
|
|
368
|
+
# wildcard expansion answer - check NSECs!
|
|
369
|
+
# We want to make sure that the NSEC tells us that there is no closer match for this name
|
|
370
|
+
# @TODO@ We need to make replace the RRSIG name with the wildcard name before we can verify it correctly.
|
|
371
|
+
check_num_rrsig_labels(msg)
|
|
372
|
+
return check_name_in_nsecs(msg, msg.question()[0].qtype, true)
|
|
373
|
+
else
|
|
374
|
+
# Either no data or wildcard no data - check to see which
|
|
375
|
+
# Should be able to tell this by checking the number of labels in the NSEC records.
|
|
376
|
+
# Sort these two last cases out!
|
|
377
|
+
isWildcardNoData = false
|
|
378
|
+
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
|
379
|
+
nsec_rrsets.each {|nsec_rrset|
|
|
380
|
+
nsec_rrset.rrs.each {|nsec|
|
|
381
|
+
# print "Checking nsec to see if wildcard : #{nsec}\n"
|
|
382
|
+
if (nsec.name.wild? ||(nsec.name.labels.length < msg.question()[0].qname.labels.length))
|
|
383
|
+
isWildcardNoData = true
|
|
384
|
+
end
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
}
|
|
388
|
+
|
|
389
|
+
if (isWildcardNoData)
|
|
390
|
+
# print "Checking NSECs for wildcard no data\n"
|
|
391
|
+
# Check NSECs -
|
|
392
|
+
# i) NSEC proving no RRSets matching STYPE at wildcard owner name that matched <SNAME, SCLASS> via wildcard expansion
|
|
393
|
+
check_name_not_in_wildcard_nsecs(msg)
|
|
394
|
+
# ii) NSEC proving no RRSets in zone that would have been closer match for <SNAME, SCLASS>
|
|
395
|
+
return check_name_in_and_type_not_in_nsecs(msg)
|
|
396
|
+
else # (isNoData)
|
|
397
|
+
# print "Checking NSECs for No data\n"
|
|
398
|
+
# Check NSEC types covered to make sure this type not present.
|
|
399
|
+
return check_name_in_and_type_not_in_nsecs(msg)
|
|
400
|
+
end
|
|
401
|
+
end
|
|
402
|
+
else
|
|
403
|
+
# Anything we should do here?
|
|
404
|
+
end
|
|
405
|
+
end
|
|
406
|
+
|
|
407
|
+
end
|
|
408
|
+
|
|
409
|
+
def check_num_rrsig_labels(msg) # :nodoc:
|
|
410
|
+
# Check that the number of labels in the RRSIG is less than the number
|
|
411
|
+
# of labels in the answer name
|
|
412
|
+
answer_rrset = msg.answer.rrset(msg.question()[0].qname, msg.question()[0].qtype)
|
|
413
|
+
if (answer_rrset.length == 0)
|
|
414
|
+
raise VerifyError.new("Expected wildcard expanded answer for #{msg.question()[0].qname}")
|
|
415
|
+
end
|
|
416
|
+
rrsig = answer_rrset.sigs()[0]
|
|
417
|
+
if (rrsig.labels >= msg.question()[0].qname.labels.length)
|
|
418
|
+
raise VerifyError.new("RRSIG does not prove wildcard expansion for #{msg.question()[0].qname}")
|
|
419
|
+
end
|
|
420
|
+
end
|
|
421
|
+
|
|
422
|
+
def check_no_wildcard_expansion(msg) # :nodoc:
|
|
423
|
+
proven_no_wildcards = false
|
|
424
|
+
name = msg.question()[0].qname
|
|
425
|
+
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
|
426
|
+
nsec_rrsets.each {|nsecs|
|
|
427
|
+
nsecs.rrs.each {|nsec|
|
|
428
|
+
# print "Checking NSEC : #{nsec}\n"
|
|
429
|
+
next if (nsec.name.wild?)
|
|
430
|
+
if (check_record_proves_no_wildcard(msg, nsec))
|
|
431
|
+
proven_no_wildcards = true
|
|
432
|
+
end
|
|
433
|
+
}
|
|
434
|
+
}
|
|
435
|
+
}
|
|
436
|
+
if (!proven_no_wildcards)
|
|
437
|
+
# print "No proof that no RRSets could match through wildcard expansion\n"
|
|
438
|
+
raise VerifyError.new("No proof that no RRSets could match through wildcard expansion")
|
|
439
|
+
end
|
|
440
|
+
|
|
441
|
+
end
|
|
442
|
+
|
|
443
|
+
def check_record_proves_no_wildcard(msg, nsec) # :nodoc:
|
|
444
|
+
# Check that the NSEC goes from the SOA to a zone canonically after a wildcard
|
|
445
|
+
# print "Checking wildcard proof for #{nsec.name}\n"
|
|
446
|
+
soa_rrset = msg.authority.rrset(nsec.name, 'SOA')
|
|
447
|
+
if (soa_rrset.length > 0)
|
|
448
|
+
# print "Found SOA for #{nsec.name}\n"
|
|
449
|
+
wildcard_name = Name.create("*." + nsec.name.to_s)
|
|
450
|
+
# print "Checking #{wildcard_name}\n"
|
|
451
|
+
if (wildcard_name.canonically_before(nsec.next_domain))
|
|
452
|
+
return true
|
|
453
|
+
end
|
|
454
|
+
end
|
|
455
|
+
return false
|
|
456
|
+
end
|
|
457
|
+
|
|
458
|
+
def check_name_in_nsecs(msg, qtype=nil, expected_qtype = false) # :nodoc:
|
|
459
|
+
# Check these NSECs to make sure that this name cannot be in the zone
|
|
460
|
+
# and that no RRSets could match through wildcard expansion
|
|
461
|
+
name = msg.question()[0].qname
|
|
462
|
+
proven_name_in_nsecs = false
|
|
463
|
+
type_covered_checked = false
|
|
464
|
+
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
|
465
|
+
nsec_rrsets.each {|nsecs|
|
|
466
|
+
nsecs.rrs.each {|nsec|
|
|
467
|
+
# print "Checking NSEC : #{nsec}\n"
|
|
468
|
+
next if (nsec.name.wild?)
|
|
469
|
+
if nsec.check_name_in_range(name)
|
|
470
|
+
proven_name_in_nsecs = true
|
|
471
|
+
qtype_present = false
|
|
472
|
+
if (qtype)
|
|
473
|
+
if (nsec.types.include?qtype)
|
|
474
|
+
qtype_present = true
|
|
475
|
+
end
|
|
476
|
+
if (qtype_present != expected_qtype)
|
|
477
|
+
# print "#{nsec.type} record #{nsec} does #{expected_qtype ? 'not ' : ''} include #{qtype} type\n"
|
|
478
|
+
raise VerifyError.new("#{nsec.type} record #{nsec} does #{expected_qtype ? 'not ' : ''}include #{qtype} type")
|
|
479
|
+
# return false
|
|
480
|
+
end
|
|
481
|
+
type_covered_checked = true
|
|
482
|
+
end
|
|
483
|
+
end
|
|
484
|
+
}
|
|
485
|
+
}
|
|
486
|
+
}
|
|
487
|
+
if (!proven_name_in_nsecs)
|
|
488
|
+
# print "No proof for non-existence for #{name}\n"
|
|
489
|
+
raise VerifyError.new("No proof for non-existence for #{name}")
|
|
490
|
+
end
|
|
491
|
+
if (qtype && !type_covered_checked)
|
|
492
|
+
# print "Tyes covered wrong for #{name}\n"
|
|
493
|
+
raise VerifyError.new("Types covered wrong for #{name}")
|
|
494
|
+
end
|
|
495
|
+
end
|
|
496
|
+
|
|
497
|
+
def check_name_in_and_type_not_in_nsecs(msg) # :nodoc:
|
|
498
|
+
check_name_in_nsecs(msg, msg.question()[0].qtype, false)
|
|
499
|
+
end
|
|
500
|
+
|
|
501
|
+
def check_name_not_in_wildcard_nsecs(msg) # :nodoc:
|
|
502
|
+
name = msg.question()[0].qname
|
|
503
|
+
qtype = msg.question()[0].qtype
|
|
504
|
+
done= false
|
|
505
|
+
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
|
506
|
+
nsec_rrsets.each {|nsecs|
|
|
507
|
+
nsecs.rrs.each {|nsec|
|
|
508
|
+
# print "Checking NSEC : #{nsec}\n"
|
|
509
|
+
next if !nsec.name.wild?
|
|
510
|
+
# Check the wildcard expansion
|
|
511
|
+
# We want to see that the name is in the wildcard range, and that the type
|
|
512
|
+
# is not in the types for the NSEC
|
|
513
|
+
if nsec.check_name_in_wildcard_range(name)
|
|
514
|
+
# print "Wildcard expansion in #{nsec} includes #{name}\n"
|
|
515
|
+
raise VerifyError.new("Wildcard expansion in #{nsec} includes #{name}")
|
|
516
|
+
# return false
|
|
517
|
+
end
|
|
518
|
+
if (nsec.types.include?qtype)
|
|
519
|
+
# print "#{qtype} present in wildcard #{nsec}\n"
|
|
520
|
+
raise VerifyError.new("#{qtype} present in wildcard #{nsec}")
|
|
521
|
+
# return false
|
|
522
|
+
end
|
|
523
|
+
done = true
|
|
524
|
+
}
|
|
525
|
+
}
|
|
526
|
+
}
|
|
527
|
+
return if done
|
|
528
|
+
# print("Expected wildcard expansion in #{msg}\n")
|
|
529
|
+
raise VerifyError.new("Expected wildcard expansion in #{msg}")
|
|
530
|
+
# return false
|
|
531
|
+
end
|
|
532
|
+
|
|
533
|
+
def verify_ds_rrset(ds_rrset, keys = nil, msg = nil) # :nodoc:
|
|
534
|
+
# print "verify_ds_rrset #{ds_rrset}\n"
|
|
535
|
+
if (ds_rrset && ds_rrset.num_sigs > 0)
|
|
536
|
+
if (verify_rrset(ds_rrset, keys))
|
|
537
|
+
# Need to handle DS RRSets (with RRSIGs) not just DS records.
|
|
538
|
+
# ds_rrset.rrs.each do |ds|
|
|
539
|
+
# Work out which key this refers to, and add it to the trusted key store
|
|
540
|
+
found = false
|
|
541
|
+
if (msg)
|
|
542
|
+
msg.each_section do |section|
|
|
543
|
+
section.rrsets('DNSKEY').each {|rrset|
|
|
544
|
+
rrset.rrs.each do |rr|
|
|
545
|
+
if (check_ds(rr, ds_rrset))
|
|
546
|
+
found = true
|
|
547
|
+
end
|
|
548
|
+
end
|
|
549
|
+
}
|
|
550
|
+
end
|
|
551
|
+
end
|
|
552
|
+
get_keys_to_check().each {|key|
|
|
553
|
+
if (check_ds(key, ds_rrset))
|
|
554
|
+
found = true
|
|
555
|
+
end
|
|
556
|
+
}
|
|
557
|
+
# If we couldn't find the trusted key, then we should store the
|
|
558
|
+
# key tag and digest in a @@discovered_ds_store.
|
|
559
|
+
# Each time we see a new key (which has been signed) then we should
|
|
560
|
+
# check if it is sitting on the discovered_ds_store.
|
|
561
|
+
# If it is, then we should add it to the trusted_keys and remove the
|
|
562
|
+
# DS from the discovered_ds_store
|
|
563
|
+
if (!found)
|
|
564
|
+
@discovered_ds_store.push(ds_rrset)
|
|
565
|
+
end
|
|
566
|
+
# end
|
|
567
|
+
return true
|
|
568
|
+
else
|
|
569
|
+
return false
|
|
570
|
+
end
|
|
571
|
+
end
|
|
572
|
+
return false # no DS rrset to verify
|
|
573
|
+
end
|
|
574
|
+
|
|
575
|
+
def verify_key_rrset(key_rrset, keys = nil) # :nodoc:
|
|
576
|
+
# print "verify_key_rrset\n"
|
|
577
|
+
verified = false
|
|
578
|
+
if (key_rrset && key_rrset.num_sigs > 0)
|
|
579
|
+
if (verify_rrset(key_rrset, keys))
|
|
580
|
+
# key_rrset.rrs.each do |rr|
|
|
581
|
+
# print "Adding keys : "
|
|
582
|
+
# key_rrset.rrs.each {|rr| print "#{rr.key_tag}, "}
|
|
583
|
+
# print "\n"
|
|
584
|
+
@trusted_keys.add(key_rrset) # rr)
|
|
585
|
+
verified = true
|
|
586
|
+
end
|
|
587
|
+
check_ds_stores(key_rrset)
|
|
588
|
+
end
|
|
589
|
+
return verified
|
|
590
|
+
end
|
|
591
|
+
|
|
592
|
+
def check_ds_stores(key_rrset) # :nodoc:
|
|
593
|
+
# See if the keys match any of the to_be_trusted_keys
|
|
594
|
+
key_rrset.rrs.each do |key|
|
|
595
|
+
@configured_ds_store.each do |ds|
|
|
596
|
+
if (ds.check_key(key))
|
|
597
|
+
@trusted_keys.add_key_with_expiration(key, key_rrset.sigs()[0].expiration)
|
|
598
|
+
end
|
|
599
|
+
end
|
|
600
|
+
@discovered_ds_store.each do |tbtk|
|
|
601
|
+
# Check that the RRSet is still valid!!
|
|
602
|
+
# Should we get it out of the main cache?
|
|
603
|
+
if ((tbtk.sigs()[0].expiration < Time.now.to_i))
|
|
604
|
+
@discovered_ds_store.delete(tbtk)
|
|
605
|
+
else
|
|
606
|
+
tbtk.rrs.each {|ds|
|
|
607
|
+
if (ds.check_key(key))
|
|
608
|
+
@trusted_keys.add_key_with_expiration(key, tbtk.sigs()[0].expiration)
|
|
609
|
+
@discovered_ds_store.delete(tbtk)
|
|
610
|
+
end
|
|
611
|
+
}
|
|
612
|
+
end
|
|
613
|
+
end
|
|
614
|
+
# end
|
|
615
|
+
end
|
|
616
|
+
|
|
617
|
+
end
|
|
618
|
+
|
|
619
|
+
def get_keys_to_check # :nodoc:
|
|
620
|
+
keys_to_check = @trust_anchors.keys + @trusted_keys.keys
|
|
621
|
+
return keys_to_check
|
|
622
|
+
end
|
|
623
|
+
|
|
624
|
+
# Find the first matching DNSKEY and RRSIG record in the two sets.
|
|
625
|
+
def get_matching_key(keys, sigrecs)#:nodoc: all
|
|
626
|
+
# There can be multiple signatures in the RRSet - which one should we choose?
|
|
627
|
+
if ((keys == nil) || (sigrecs == nil))
|
|
628
|
+
return nil, nil
|
|
629
|
+
end
|
|
630
|
+
if (RR::DNSKEY === keys)
|
|
631
|
+
keys = [keys]
|
|
632
|
+
end
|
|
633
|
+
enumerator = keys
|
|
634
|
+
if (enumerator.class == RRSet)
|
|
635
|
+
enumerator = enumerator.rrs
|
|
636
|
+
end
|
|
637
|
+
enumerator.each {|key|
|
|
638
|
+
if ((key.revoked?)) # || (key.bad_flags?))
|
|
639
|
+
next
|
|
640
|
+
end
|
|
641
|
+
|
|
642
|
+
sigrecs.each {|sig|
|
|
643
|
+
if ((key.key_tag == sig.key_tag) && (key.algorithm == sig.algorithm))
|
|
644
|
+
# print "Found key #{key.key_tag}\n"
|
|
645
|
+
return key, sig
|
|
646
|
+
end
|
|
647
|
+
}
|
|
648
|
+
}
|
|
649
|
+
return nil, nil
|
|
650
|
+
end
|
|
651
|
+
|
|
652
|
+
# Verify the signature of an rrset encoded with the specified KeyCache
|
|
653
|
+
# or RRSet. If no signature is included, false is returned.
|
|
654
|
+
#
|
|
655
|
+
# Returns true if the RRSet verified, false otherwise.
|
|
656
|
+
def verify_rrset(rrset, keys = nil)
|
|
657
|
+
# @TODO@ Finer-grained reporting than "false".
|
|
658
|
+
# print "Verify_rrset #{rrset.name}, #{rrset.type}\n"
|
|
659
|
+
sigrecs = rrset.sigs
|
|
660
|
+
# return false if (rrset.num_sigs == 0)
|
|
661
|
+
if (rrset.rrs.length == 0)
|
|
662
|
+
raise VerifyError.new("No RRSet to veryify")
|
|
663
|
+
end
|
|
664
|
+
if (rrset.num_sigs == 0)
|
|
665
|
+
raise VerifyError.new("No signatures in the RRSet : #{rrset.name}, #{rrset.type}")
|
|
666
|
+
end
|
|
667
|
+
sigrecs.each do |sigrec|
|
|
668
|
+
check_rr_data(rrset, sigrec)
|
|
669
|
+
end
|
|
670
|
+
|
|
671
|
+
keyrec = nil
|
|
672
|
+
sigrec = nil
|
|
673
|
+
if (rrset.type == Types.DNSKEY)
|
|
674
|
+
if (keys && ((keys.type == Types.DS) || ((keys.type == Types.DLV) && (@verifier_type == VerifierType::DLV))))
|
|
675
|
+
rrset.rrs.each do |key|
|
|
676
|
+
keys.rrs.each do |ds|
|
|
677
|
+
if (ds.check_key(key))
|
|
678
|
+
@trusted_keys.add_key_with_expiration(key, rrset.sigs()[0].expiration)
|
|
679
|
+
end
|
|
680
|
+
end
|
|
681
|
+
end
|
|
682
|
+
else
|
|
683
|
+
check_ds_stores(rrset)
|
|
684
|
+
end
|
|
685
|
+
end
|
|
686
|
+
if ((keys.nil?) || ((keys.type == Types.DS) || ((keys.type == Types.DLV) && (@verifier_type == VerifierType::DLV))))
|
|
687
|
+
keyrec, sigrec = get_matching_key(get_keys_to_check, sigrecs)
|
|
688
|
+
else
|
|
689
|
+
keyrec, sigrec = get_matching_key(keys, sigrecs)
|
|
690
|
+
end
|
|
691
|
+
|
|
692
|
+
# return false if !keyrec
|
|
693
|
+
if (!keyrec)
|
|
694
|
+
# print "Couldn't find signing key! #{rrset.name}, #{rrset.type},\n "
|
|
695
|
+
raise VerifyError.new("Signing key not found")
|
|
696
|
+
end
|
|
697
|
+
|
|
698
|
+
# RFC 4034
|
|
699
|
+
#3.1.8.1. Signature Calculation
|
|
700
|
+
|
|
701
|
+
if (keyrec.sep_key? && !keyrec.zone_key?)
|
|
702
|
+
Dnsruby.log.error("DNSKEY with SEP flag set and Zone Key flag not set was used to verify RRSIG over RRSET - this is not allowed by RFC4034 section 2.1.1")
|
|
703
|
+
# return false
|
|
704
|
+
raise VerifyError.new("DNSKEY with SEP flag set and Zone Key flag not set")
|
|
705
|
+
end
|
|
706
|
+
|
|
707
|
+
#Any DNS names in the RDATA field of each RR MUST be in
|
|
708
|
+
#canonical form; and
|
|
709
|
+
#The RRset MUST be sorted in canonical order.
|
|
710
|
+
rrset = rrset.sort_canonical
|
|
711
|
+
|
|
712
|
+
sig_data = sigrec.sig_data
|
|
713
|
+
|
|
714
|
+
#RR(i) = owner | type | class | TTL | RDATA length | RDATA
|
|
715
|
+
rrset.each do |rec|
|
|
716
|
+
old_ttl = rec.ttl
|
|
717
|
+
rec.ttl = sigrec.original_ttl
|
|
718
|
+
data = MessageEncoder.new { |msg|
|
|
719
|
+
msg.put_rr(rec, true)
|
|
720
|
+
}.to_s # @TODO@ worry about wildcards here?
|
|
721
|
+
rec.ttl = old_ttl
|
|
722
|
+
if (RUBY_VERSION >= "1.9")
|
|
723
|
+
data.force_encoding("ASCII-8BIT")
|
|
724
|
+
end
|
|
725
|
+
sig_data += data
|
|
726
|
+
end
|
|
727
|
+
|
|
728
|
+
# Now calculate the signature
|
|
729
|
+
verified = false
|
|
730
|
+
if [Algorithms.RSASHA1,
|
|
731
|
+
Algorithms.RSASHA1_NSEC3_SHA1].include?(sigrec.algorithm)
|
|
732
|
+
verified = keyrec.public_key.verify(OpenSSL::Digest::SHA1.new, sigrec.signature, sig_data)
|
|
733
|
+
# elsif (sigrec.algorithm == Algorithms.RSASHA256)
|
|
734
|
+
# verified = keyrec.public_key.verify(Digest::SHA256.new, sigrec.signature, sig_data)
|
|
735
|
+
elsif [Algorithms.DSA,
|
|
736
|
+
Algorithms.DSA_NSEC3_SHA1].include?(sigrec.algorithm)
|
|
737
|
+
# we are ignoring T for now
|
|
738
|
+
# t = sigrec.signature[0]
|
|
739
|
+
# t = t.getbyte(0) if t.class == String
|
|
740
|
+
r = RR::get_num(sigrec.signature[1, 20])
|
|
741
|
+
s = RR::get_num(sigrec.signature[21, 20])
|
|
742
|
+
r_asn1 = OpenSSL::ASN1::Integer.new(r)
|
|
743
|
+
s_asn1 = OpenSSL::ASN1::Integer.new(s)
|
|
744
|
+
|
|
745
|
+
asn1 = OpenSSL::ASN1::Sequence.new([r_asn1, s_asn1]).to_der
|
|
746
|
+
verified = keyrec.public_key.verify(OpenSSL::Digest::DSS1.new, asn1, sig_data)
|
|
747
|
+
else
|
|
748
|
+
raise RuntimeError.new("Algorithm #{sigrec.algorithm.code} unsupported by Dnsruby")
|
|
749
|
+
end
|
|
750
|
+
|
|
751
|
+
if (!verified)
|
|
752
|
+
raise VerifyError.new("Signature failed to cryptographically verify")
|
|
753
|
+
end
|
|
754
|
+
# Sort out the TTLs - set it to the minimum valid ttl
|
|
755
|
+
expiration_diff = (sigrec.expiration.to_i - Time.now.to_i).abs
|
|
756
|
+
rrset.ttl = ([rrset.ttl, sigrec.ttl, sigrec.original_ttl,
|
|
757
|
+
expiration_diff].sort)[0]
|
|
758
|
+
# print "VERIFIED OK\n"
|
|
759
|
+
return true
|
|
760
|
+
end
|
|
761
|
+
|
|
762
|
+
def find_closest_dlv_anchor_for(name) # :nodoc:
|
|
763
|
+
# To find the closest anchor, query DLV.isc.org for [a.b.c.d], then [a.b.c], [a.b], etc.
|
|
764
|
+
# once closest anchor found, simply run follow_chain from that anchor
|
|
765
|
+
|
|
766
|
+
# @TODO@ REALLY NEED AGGRESSIVE NEGATIVE CACHING HERE!!
|
|
767
|
+
# i.e. don't look up zones which we *know* we don't have a DLV anchor for
|
|
768
|
+
|
|
769
|
+
n = Name.create(name)
|
|
770
|
+
root = Name.create(".")
|
|
771
|
+
while (n != root)
|
|
772
|
+
# Try to find name in DLV, and return it if possible
|
|
773
|
+
dlv_rrset = query_dlv_for(n)
|
|
774
|
+
if (dlv_rrset)
|
|
775
|
+
key_rrset = get_zone_key_from_dlv_rrset(dlv_rrset, n)
|
|
776
|
+
return key_rrset
|
|
777
|
+
end
|
|
778
|
+
# strip the name
|
|
779
|
+
n = n.strip_label
|
|
780
|
+
end
|
|
781
|
+
return false
|
|
782
|
+
end
|
|
783
|
+
|
|
784
|
+
def get_zone_key_from_dlv_rrset(dlv_rrset, name) # :nodoc:
|
|
785
|
+
# We want to return the key for the zone i.e. DS/DNSKEY for .se, NOT DLV for se.dlv.isc.org
|
|
786
|
+
# So, we have the DLv record. Now use it to add the zone's DNSKEYs to the trusted key set.
|
|
787
|
+
res = get_nameservers_for(name)
|
|
788
|
+
if (!res)
|
|
789
|
+
if (Dnssec.do_validation_with_recursor?)
|
|
790
|
+
res = Recursor.new
|
|
791
|
+
else
|
|
792
|
+
if(Dnssec.default_resolver)
|
|
793
|
+
res = Dnssec.default_resolver
|
|
794
|
+
else
|
|
795
|
+
res = Resolver.new
|
|
796
|
+
end
|
|
797
|
+
end
|
|
798
|
+
end
|
|
799
|
+
# query = Message.new(name, Types.DNSKEY)
|
|
800
|
+
# query.do_validation = false
|
|
801
|
+
ret = nil
|
|
802
|
+
begin
|
|
803
|
+
# ret = res.send_message(query)
|
|
804
|
+
ret = res.query_no_validation_or_recursion(name, Types.DNSKEY)
|
|
805
|
+
if (!ret)
|
|
806
|
+
raise ResolvError.new("Couldn't get DNSKEY from Recursor")
|
|
807
|
+
end
|
|
808
|
+
rescue ResolvError => e
|
|
809
|
+
# print "Error getting zone key from DLV RR for #{name} : #{e}\n"
|
|
810
|
+
TheLog.error("Error getting zone key from DLV RR for #{name} : #{e}")
|
|
811
|
+
return false
|
|
812
|
+
end
|
|
813
|
+
key_rrset = ret.answer.rrset(name, Types.DNSKEY)
|
|
814
|
+
begin
|
|
815
|
+
verify(key_rrset, dlv_rrset)
|
|
816
|
+
# Cache.add(ret)
|
|
817
|
+
return key_rrset
|
|
818
|
+
rescue VerifyError => e
|
|
819
|
+
# print "Can't move from DLV RR to zone DNSKEY for #{name}, error : #{e}\n"
|
|
820
|
+
TheLog.debug("Can't move from DLV RR to zone DNSKEY for #{name}, error : #{e}")
|
|
821
|
+
end
|
|
822
|
+
return false
|
|
823
|
+
end
|
|
824
|
+
|
|
825
|
+
def query_dlv_for(name) # :nodoc:
|
|
826
|
+
# See if there is a record for name in dlv.isc.org
|
|
827
|
+
if (!@res && (@verifier_type == VerifierType::DLV))
|
|
828
|
+
@res = get_dlv_resolver
|
|
829
|
+
end
|
|
830
|
+
begin
|
|
831
|
+
name_to_query = name.to_s+".dlv.isc.org"
|
|
832
|
+
# query = Message.new(name_to_query, Types.DLV)
|
|
833
|
+
# @res.single_resolvers()[0].prepare_for_dnssec(query)
|
|
834
|
+
# query.do_validation = false
|
|
835
|
+
ret = nil
|
|
836
|
+
begin
|
|
837
|
+
# ret = @res.send_message(query)
|
|
838
|
+
ret = @res.query_no_validation_or_recursion(name_to_query, Types.DLV)
|
|
839
|
+
if (!ret)
|
|
840
|
+
raise ResolvError.new("Couldn't get DLV record from Recursor")
|
|
841
|
+
end
|
|
842
|
+
rescue ResolvError => e
|
|
843
|
+
# print "Error getting DLV record for #{name} : #{e}\n"
|
|
844
|
+
TheLog.info("Error getting DLV record for #{name} : #{e}")
|
|
845
|
+
return nil
|
|
846
|
+
end
|
|
847
|
+
dlv_rrset = ret.answer.rrset(name_to_query,Types.DLV)
|
|
848
|
+
if (dlv_rrset.rrs.length > 0)
|
|
849
|
+
begin
|
|
850
|
+
verify(dlv_rrset)
|
|
851
|
+
# Cache.add(ret)
|
|
852
|
+
return dlv_rrset
|
|
853
|
+
rescue VerifyError => e
|
|
854
|
+
# print "Error verifying DLV records for #{name}, #{e}\n"
|
|
855
|
+
TheLog.info("Error verifying DLV records for #{name}, #{e}")
|
|
856
|
+
end
|
|
857
|
+
end
|
|
858
|
+
rescue NXDomain
|
|
859
|
+
# print "NXDomain for DLV lookup for #{name}\n"
|
|
860
|
+
return nil
|
|
861
|
+
end
|
|
862
|
+
return nil
|
|
863
|
+
end
|
|
864
|
+
|
|
865
|
+
def find_closest_anchor_for(name) # :nodoc:
|
|
866
|
+
# Check if we have an anchor for name.
|
|
867
|
+
# If not, strip off first label and try again
|
|
868
|
+
# If we get to root, then return false
|
|
869
|
+
n = Name.create(name)
|
|
870
|
+
root = Name.create(".")
|
|
871
|
+
while (n != root)
|
|
872
|
+
# Try the trusted keys first, then the DS set
|
|
873
|
+
(@trust_anchors.keys + @trusted_keys.keys + @configured_ds_store + @discovered_ds_store).each {|key|
|
|
874
|
+
return key if key.name.to_s.downcase == n.to_s.downcase
|
|
875
|
+
}
|
|
876
|
+
# strip the name
|
|
877
|
+
n = n.strip_label
|
|
878
|
+
end
|
|
879
|
+
return false
|
|
880
|
+
end
|
|
881
|
+
|
|
882
|
+
# @TODO@ Handle REVOKED keys! (RFC 5011)
|
|
883
|
+
|
|
884
|
+
def follow_chain(anchor, name) # :nodoc:
|
|
885
|
+
# Follow the chain from the anchor to name, returning the appropriate
|
|
886
|
+
# key at the end, or false.
|
|
887
|
+
#
|
|
888
|
+
# i.e. anchor = se, name = foo.example.se
|
|
889
|
+
# get anchor for example.se with se anchor
|
|
890
|
+
# get anchor for foo.example.se with example.se anchor
|
|
891
|
+
next_key = anchor
|
|
892
|
+
next_step = anchor.name
|
|
893
|
+
parent = next_step
|
|
894
|
+
# print "Follow chain from #{anchor.name} to #{name}\n"
|
|
895
|
+
TheLog.debug("Follow chain from #{anchor.name} to #{name}")
|
|
896
|
+
|
|
897
|
+
res = nil
|
|
898
|
+
# while ((next_step != name) || (next_key.type != Types.DNSKEY))
|
|
899
|
+
while (true)
|
|
900
|
+
# print "In loop for parent=#{parent}, next step = #{next_step}\n"
|
|
901
|
+
dont_move_on = false
|
|
902
|
+
if (next_key.type != Types.DNSKEY)
|
|
903
|
+
dont_move_on = true
|
|
904
|
+
end
|
|
905
|
+
next_key, res = get_anchor_for(next_step, parent, next_key, res)
|
|
906
|
+
if (next_step == name)
|
|
907
|
+
# print "Returning #{next_key.type} for #{next_step}, #{(next_key.type != Types.DNSKEY)}\n"
|
|
908
|
+
return next_key
|
|
909
|
+
end
|
|
910
|
+
return false if (!next_key)
|
|
911
|
+
# Add the next label on
|
|
912
|
+
if (!dont_move_on)
|
|
913
|
+
parent = next_step
|
|
914
|
+
next_step = Name.new(name.labels[name.labels.length-1-next_step.labels.length,1] +
|
|
915
|
+
next_step.labels , name.absolute?)
|
|
916
|
+
# print "Next parent = #{parent}, next_step = #{next_step}, next_key.type = #{next_key.type.string}\n"
|
|
917
|
+
end
|
|
918
|
+
end
|
|
919
|
+
|
|
920
|
+
# print "Returning #{next_key.type} for #{next_step}, #{(next_key.type != Types.DNSKEY)}\n"
|
|
921
|
+
|
|
922
|
+
return next_key
|
|
923
|
+
end
|
|
924
|
+
|
|
925
|
+
def get_anchor_for(child, parent, current_anchor, parent_res = nil) # :nodoc:
|
|
926
|
+
# print "Trying to discover anchor for #{child} from #{parent}\n"
|
|
927
|
+
TheLog.debug("Trying to discover anchor for #{child} from #{parent}")
|
|
928
|
+
# We wish to return a DNSKEY which the caller can use to verify name
|
|
929
|
+
# We are either given a key or a ds record from the parent zone
|
|
930
|
+
# If given a DNSKEY, then find a DS record signed by that key for the child zone
|
|
931
|
+
# Use the DS record to find a valid key in the child zone
|
|
932
|
+
# Return it
|
|
933
|
+
|
|
934
|
+
# Find NS RRSet for parent
|
|
935
|
+
child_res = nil
|
|
936
|
+
begin
|
|
937
|
+
if (child!=parent)
|
|
938
|
+
if (!parent_res)
|
|
939
|
+
# print "No res passed - try to get nameservers for #{parent}\n"
|
|
940
|
+
parent_res = get_nameservers_for(parent)
|
|
941
|
+
if (!parent_res)
|
|
942
|
+
if (Dnssec.do_validation_with_recursor?)
|
|
943
|
+
parent_res = Recursor.new
|
|
944
|
+
else
|
|
945
|
+
if (Dnssec.default_resolver)
|
|
946
|
+
parent_res = Dnssec.default_resolver
|
|
947
|
+
else
|
|
948
|
+
parent_res = Resolver.new
|
|
949
|
+
end
|
|
950
|
+
end
|
|
951
|
+
end
|
|
952
|
+
end
|
|
953
|
+
# Use that Resolver to query for DS record and NS for children
|
|
954
|
+
ds_rrset = current_anchor
|
|
955
|
+
if (current_anchor.type == Types.DNSKEY)
|
|
956
|
+
# print "Trying to find DS records for #{child} from servers for #{parent}\n"
|
|
957
|
+
TheLog.debug("Trying to find DS records for #{child} from servers for #{parent}")
|
|
958
|
+
ds_ret = nil
|
|
959
|
+
begin
|
|
960
|
+
ds_ret = parent_res.query_no_validation_or_recursion(child, Types.DS)
|
|
961
|
+
if (!ds_ret)
|
|
962
|
+
raise ResolvError.new("Couldn't get DS records from Recursor")
|
|
963
|
+
end
|
|
964
|
+
rescue ResolvError => e
|
|
965
|
+
# print "Error getting DS record for #{child} : #{e}\n"
|
|
966
|
+
TheLog.error("Error getting DS record for #{child} : #{e}")
|
|
967
|
+
return false, nil
|
|
968
|
+
end
|
|
969
|
+
ds_rrset = ds_ret.answer.rrset(child, Types.DS)
|
|
970
|
+
if (ds_rrset.rrs.length == 0)
|
|
971
|
+
# @TODO@ Check NSEC(3) records - still need to verify there are REALLY no ds records!
|
|
972
|
+
# print "NO DS RECORDS RETURNED FOR #{parent}\n"
|
|
973
|
+
child_res = parent_res
|
|
974
|
+
else
|
|
975
|
+
begin
|
|
976
|
+
if (verify(ds_rrset, current_anchor))
|
|
977
|
+
# Try to make the resolver from the authority/additional NS RRSets in DS response
|
|
978
|
+
child_res = get_nameservers_from_message(child, ds_ret)
|
|
979
|
+
end
|
|
980
|
+
rescue VerifyError => e
|
|
981
|
+
# print "FAILED TO VERIFY DS RRSET FOR #{child}\n"
|
|
982
|
+
TheLog.info("FAILED TO VERIFY DS RRSET FOR #{child}")
|
|
983
|
+
return false, nil
|
|
984
|
+
end
|
|
985
|
+
end
|
|
986
|
+
end
|
|
987
|
+
end
|
|
988
|
+
# Make Resolver using all child NSs
|
|
989
|
+
if (!child_res)
|
|
990
|
+
child_res = get_nameservers_for(child, parent_res)
|
|
991
|
+
end
|
|
992
|
+
if (!child_res)
|
|
993
|
+
if (Dnssec.do_validation_with_recursor?)
|
|
994
|
+
child_res = Recursor.new
|
|
995
|
+
else
|
|
996
|
+
if (Dnssec.default_resolver)
|
|
997
|
+
child_res = Dnssec.default_resolver
|
|
998
|
+
else
|
|
999
|
+
if (Dnssec.default_resolver)
|
|
1000
|
+
child_res = Dnssec.default_resolver
|
|
1001
|
+
else
|
|
1002
|
+
child_res = Resolver.new
|
|
1003
|
+
end
|
|
1004
|
+
end
|
|
1005
|
+
end
|
|
1006
|
+
end
|
|
1007
|
+
# Query for DNSKEY record, and verify against DS in parent.
|
|
1008
|
+
# Need to get resolver NOT to verify this message - we verify it afterwards
|
|
1009
|
+
# print "Trying to find DNSKEY records for #{child} from servers for #{child}\n"
|
|
1010
|
+
TheLog.info("Trying to find DNSKEY records for #{child} from servers for #{child}")
|
|
1011
|
+
# query = Message.new(child, Types.DNSKEY)
|
|
1012
|
+
# query.do_validation = false
|
|
1013
|
+
key_ret = nil
|
|
1014
|
+
begin
|
|
1015
|
+
# key_ret = child_res.send_message(query)
|
|
1016
|
+
key_ret = child_res.query_no_validation_or_recursion(child, Types.DNSKEY)
|
|
1017
|
+
if (!key_ret)
|
|
1018
|
+
raise ResolvError.new("Couldn't get info from Recursor")
|
|
1019
|
+
end
|
|
1020
|
+
rescue ResolvError => e
|
|
1021
|
+
# print "Error getting DNSKEY for #{child} : #{e}\n"
|
|
1022
|
+
TheLog.error("Error getting DNSKEY for #{child} : #{e}")
|
|
1023
|
+
return false, nil
|
|
1024
|
+
end
|
|
1025
|
+
verified = true
|
|
1026
|
+
key_rrset = key_ret.answer.rrset(child, Types.DNSKEY)
|
|
1027
|
+
if (key_rrset.rrs.length == 0)
|
|
1028
|
+
# @TODO@ Still need to check NSEC records to make *sure* no key rrs returned!
|
|
1029
|
+
# print "NO DNSKEY RECORDS RETURNED FOR #{child}\n"
|
|
1030
|
+
TheLog.debug("NO DNSKEY RECORDS RETURNED FOR #{child}")
|
|
1031
|
+
# end
|
|
1032
|
+
verified = false
|
|
1033
|
+
else
|
|
1034
|
+
# Should check that the matching key's zone flag is set (RFC 4035 section 5.2)
|
|
1035
|
+
key_rrset.rrs.each {|k|
|
|
1036
|
+
if (!k.zone_key?)
|
|
1037
|
+
# print "Discovered DNSKEY is not a zone key - ignoring\n"
|
|
1038
|
+
TheLog.debug("Discovered DNSKEY is not a zone key - ignoring")
|
|
1039
|
+
return false, new_res
|
|
1040
|
+
end
|
|
1041
|
+
}
|
|
1042
|
+
begin
|
|
1043
|
+
verify(key_rrset, ds_rrset)
|
|
1044
|
+
rescue VerifyError => e
|
|
1045
|
+
begin
|
|
1046
|
+
verify(key_rrset)
|
|
1047
|
+
rescue VerifyError =>e
|
|
1048
|
+
verified = false
|
|
1049
|
+
end
|
|
1050
|
+
end
|
|
1051
|
+
# if (!verify(key_rrset, ds_rrset))
|
|
1052
|
+
# if (!verify(key_rrset))
|
|
1053
|
+
# # if (!verify(key_ret))
|
|
1054
|
+
# verified = false
|
|
1055
|
+
# end
|
|
1056
|
+
# end
|
|
1057
|
+
|
|
1058
|
+
end
|
|
1059
|
+
|
|
1060
|
+
# Try to make the resolver from the authority/additional NS RRSets in DNSKEY response
|
|
1061
|
+
new_res = get_nameservers_from_message(child, key_ret) # @TODO@ ?
|
|
1062
|
+
if (!new_res)
|
|
1063
|
+
new_res = child_res
|
|
1064
|
+
end
|
|
1065
|
+
if (!verified)
|
|
1066
|
+
TheLog.info("Failed to verify DNSKEY for #{child}")
|
|
1067
|
+
return false, new_res
|
|
1068
|
+
end
|
|
1069
|
+
# Cache.add(key_ret)
|
|
1070
|
+
return key_rrset, new_res
|
|
1071
|
+
rescue VerifyError => e
|
|
1072
|
+
# print "Verification error : #{e}\n"
|
|
1073
|
+
TheLog.info("Verification error : #{e}\n")
|
|
1074
|
+
return false, new_res
|
|
1075
|
+
end
|
|
1076
|
+
end
|
|
1077
|
+
|
|
1078
|
+
def get_nameservers_for(name, res = nil) # :nodoc:
|
|
1079
|
+
# @TODO@ !!!
|
|
1080
|
+
if (Dnssec.do_validation_with_recursor?)
|
|
1081
|
+
return Recursor.new
|
|
1082
|
+
else
|
|
1083
|
+
if (Dnssec.default_resolver)
|
|
1084
|
+
return Dnssec.default_resolver
|
|
1085
|
+
else
|
|
1086
|
+
return Resolver.new
|
|
1087
|
+
end
|
|
1088
|
+
end
|
|
1089
|
+
end
|
|
1090
|
+
|
|
1091
|
+
def get_nameservers_from_message(name, ns_ret) # :nodoc:
|
|
1092
|
+
if (Dnssec.default_resolver)
|
|
1093
|
+
return Dnssec.default_resolver
|
|
1094
|
+
end
|
|
1095
|
+
|
|
1096
|
+
ns_rrset = ns_ret.answer.rrset(name, Types.NS)
|
|
1097
|
+
if (!ns_rrset || ns_rrset.length == 0)
|
|
1098
|
+
ns_rrset = ns_ret.authority.rrset(name, Types.NS) # @TOO@ Is ths OK?
|
|
1099
|
+
end
|
|
1100
|
+
if (!ns_rrset || ns_rrset.length == 0 || ns_rrset.name.to_s != name.to_s)
|
|
1101
|
+
return nil
|
|
1102
|
+
end
|
|
1103
|
+
if (ns_rrset.sigs.length > 0)
|
|
1104
|
+
# verify_rrset(ns_rrset) # @TODO@ ??
|
|
1105
|
+
end
|
|
1106
|
+
# Cache.add(ns_ret)
|
|
1107
|
+
ns_additional = []
|
|
1108
|
+
ns_ret.additional.each {|rr| ns_additional.push(rr) if (rr.type == Types.A) }
|
|
1109
|
+
nameservers = []
|
|
1110
|
+
add_nameservers(ns_rrset, ns_additional, nameservers) # if (ns_additional.length > 0)
|
|
1111
|
+
ns_additional = []
|
|
1112
|
+
ns_ret.additional.each {|rr| ns_additional.push(rr) if (rr.type == Types.AAAA) }
|
|
1113
|
+
add_nameservers(ns_rrset, ns_additional, nameservers) if (ns_additional.length > 0)
|
|
1114
|
+
# Make Resolver using all NSs
|
|
1115
|
+
if (nameservers.length == 0)
|
|
1116
|
+
# print "Can't find nameservers for #{ns_ret.question()[0].qname} from #{ns_rrset.rrs}\n"
|
|
1117
|
+
TheLog.info("Can't find nameservers for #{ns_ret.question()[0].qname} from #{ns_rrset.rrs}")
|
|
1118
|
+
return nil # @TODO@ Could return a recursor here?
|
|
1119
|
+
#return Recursor.new
|
|
1120
|
+
end
|
|
1121
|
+
res = Resolver.new()
|
|
1122
|
+
res.nameserver=(nameservers)
|
|
1123
|
+
# Set the retry_delay to be (at least) the number of nameservers
|
|
1124
|
+
# Otherwise, the queries will be sent at a rate of more than one a second!
|
|
1125
|
+
res.retry_delay = nameservers.length * 2
|
|
1126
|
+
res.dnssec = true
|
|
1127
|
+
return res
|
|
1128
|
+
end
|
|
1129
|
+
|
|
1130
|
+
def add_nameservers(ns_rrset, ns_additional, nameservers) # :nodoc:
|
|
1131
|
+
# Want to go through all of the ns_rrset NS records,
|
|
1132
|
+
# print "Checking #{ns_rrset.rrs.length} NS records against #{ns_additional.length} address records\n"
|
|
1133
|
+
ns_rrset.rrs.sort_by {rand}.each {|ns_rr|
|
|
1134
|
+
# and see if we can find any of the names in the A/AAAA records in ns_additional
|
|
1135
|
+
found_addr = false
|
|
1136
|
+
ns_additional.each {|addr_rr|
|
|
1137
|
+
if (ns_rr.nsdname.to_s == addr_rr.name.to_s)
|
|
1138
|
+
# print "Found address #{addr_rr.address} for #{ns_rr.nsdname}\n"
|
|
1139
|
+
nameservers.push(addr_rr.address.to_s)
|
|
1140
|
+
found_addr = true
|
|
1141
|
+
break
|
|
1142
|
+
# If we can, then we add the server A/AAAA address to nameservers
|
|
1143
|
+
end
|
|
1144
|
+
# If we can't, then we add the server NS name to nameservers
|
|
1145
|
+
|
|
1146
|
+
}
|
|
1147
|
+
if (!found_addr)
|
|
1148
|
+
# print "Couldn't find address - adding #{ns_rr.nsdname}\n"
|
|
1149
|
+
nameservers.push(ns_rr.nsdname)
|
|
1150
|
+
end
|
|
1151
|
+
|
|
1152
|
+
}
|
|
1153
|
+
end
|
|
1154
|
+
|
|
1155
|
+
def validate_no_rrsigs(msg) # :nodoc:
|
|
1156
|
+
# print "Validating unsigned response\n"
|
|
1157
|
+
# WHAT IF THERE ARE NO RRSIGS IN MSG?
|
|
1158
|
+
# Then we need to check that we do not expect any RRSIGs
|
|
1159
|
+
if (!msg.question()[0] && msg.answer.length == 0)
|
|
1160
|
+
# print "Returning Message insecure OK\n"
|
|
1161
|
+
msg.security_level = Message::SecurityLevel.INSECURE
|
|
1162
|
+
return true
|
|
1163
|
+
end
|
|
1164
|
+
qname = msg.question()[0].qname
|
|
1165
|
+
closest_anchor = find_closest_anchor_for(qname)
|
|
1166
|
+
# print "Found closest anchor :#{closest_anchor}\n"
|
|
1167
|
+
if (closest_anchor)
|
|
1168
|
+
actual_anchor = follow_chain(closest_anchor, qname)
|
|
1169
|
+
# print "Actual anchor : #{actual_anchor}\n"
|
|
1170
|
+
if (actual_anchor)
|
|
1171
|
+
# print("Anchor exists for #{qname}, but no signatures in #{msg}\n")
|
|
1172
|
+
TheLog.error("Anchor exists for #{qname}, but no signatures in #{msg}")
|
|
1173
|
+
msg.security_level = Message::SecurityLevel.BOGUS
|
|
1174
|
+
return false
|
|
1175
|
+
end
|
|
1176
|
+
end
|
|
1177
|
+
if ((@verifier_type == VerifierType::DLV) &&
|
|
1178
|
+
@added_dlv_key)
|
|
1179
|
+
# Remember to check DLV registry as well (if appropriate!)
|
|
1180
|
+
# print "Checking DLV for closest anchor\n"
|
|
1181
|
+
dlv_anchor = find_closest_dlv_anchor_for(qname)
|
|
1182
|
+
# print "Found DLV closest anchor :#{dlv_anchor}\n"
|
|
1183
|
+
if (dlv_anchor)
|
|
1184
|
+
actual_anchor = follow_chain(dlv_anchor, qname)
|
|
1185
|
+
# print "Actual anchor : #{actual_anchor}\n"
|
|
1186
|
+
if (actual_anchor)
|
|
1187
|
+
# print("DLV Anchor exists for #{qname}, but no signatures in #{msg}\n")
|
|
1188
|
+
TheLog.error("DLV Anchor exists for #{qname}, but no signatures in #{msg}")
|
|
1189
|
+
msg.security_level = Message::SecurityLevel.BOGUS
|
|
1190
|
+
return false
|
|
1191
|
+
end
|
|
1192
|
+
|
|
1193
|
+
end
|
|
1194
|
+
end
|
|
1195
|
+
# print "Returning Message insecure OK\n"
|
|
1196
|
+
msg.security_level = Message::SecurityLevel.INSECURE
|
|
1197
|
+
return true
|
|
1198
|
+
end
|
|
1199
|
+
|
|
1200
|
+
def validate(msg, query)
|
|
1201
|
+
if (msg.rrsets('RRSIG').length == 0)
|
|
1202
|
+
return validate_no_rrsigs(msg)
|
|
1203
|
+
end
|
|
1204
|
+
|
|
1205
|
+
# See if it is a child of any of our trust anchors.
|
|
1206
|
+
# If it is, then see if we have a trusted key for it
|
|
1207
|
+
# If we don't, then see if we can get to it from the closest
|
|
1208
|
+
# trust anchor
|
|
1209
|
+
# Otherwise, try DLV (if configured)
|
|
1210
|
+
#
|
|
1211
|
+
#
|
|
1212
|
+
# So - find closest existing trust anchor
|
|
1213
|
+
error = nil
|
|
1214
|
+
msg.security_level = Message::SecurityLevel.INDETERMINATE
|
|
1215
|
+
qname = msg.question()[0].qname
|
|
1216
|
+
closest_anchor = find_closest_anchor_for(qname)
|
|
1217
|
+
error = try_to_follow_from_anchor(closest_anchor, msg, qname)
|
|
1218
|
+
|
|
1219
|
+
if ((msg.security_level.code < Message::SecurityLevel::SECURE) &&
|
|
1220
|
+
(@verifier_type == VerifierType::DLV) &&
|
|
1221
|
+
@added_dlv_key)
|
|
1222
|
+
# If we can't find anything, and we're set to check DLV, then
|
|
1223
|
+
# check the DLV registry and work down from there.
|
|
1224
|
+
dlv_anchor = find_closest_dlv_anchor_for(qname)
|
|
1225
|
+
if (dlv_anchor)
|
|
1226
|
+
# print "Trying to follow DLV anchor from #{dlv_anchor.name} to #{qname}\n"
|
|
1227
|
+
TheLog.debug("Trying to follow DLV anchor from #{dlv_anchor.name} to #{qname}")
|
|
1228
|
+
error = try_to_follow_from_anchor(dlv_anchor, msg, qname)
|
|
1229
|
+
else
|
|
1230
|
+
# print "Couldn't find DLV anchor for #{qname}\n"
|
|
1231
|
+
TheLog.debug("Couldn't find DLV anchor for #{qname}")
|
|
1232
|
+
end
|
|
1233
|
+
end
|
|
1234
|
+
if (msg.security_level.code != Message::SecurityLevel::SECURE)
|
|
1235
|
+
begin
|
|
1236
|
+
# print "Trying to verify one last time\n"
|
|
1237
|
+
|
|
1238
|
+
if verify(msg) # Just make sure we haven't picked the keys up anywhere
|
|
1239
|
+
msg.security_level = Message::SecurityLevel.SECURE
|
|
1240
|
+
return true
|
|
1241
|
+
end
|
|
1242
|
+
rescue VerifyError => e
|
|
1243
|
+
# print "Verify failed : #{e}\n"
|
|
1244
|
+
end
|
|
1245
|
+
end
|
|
1246
|
+
if (error)
|
|
1247
|
+
raise error
|
|
1248
|
+
end
|
|
1249
|
+
if (msg.security_level.code > Message::SecurityLevel::UNCHECKED)
|
|
1250
|
+
return true
|
|
1251
|
+
else
|
|
1252
|
+
return false
|
|
1253
|
+
end
|
|
1254
|
+
end
|
|
1255
|
+
|
|
1256
|
+
def try_to_follow_from_anchor(closest_anchor, msg, qname) # :nodoc:
|
|
1257
|
+
error = nil
|
|
1258
|
+
if (closest_anchor)
|
|
1259
|
+
# Then try to descend to the level we're interested in
|
|
1260
|
+
actual_anchor = follow_chain(closest_anchor, qname)
|
|
1261
|
+
if (!actual_anchor)
|
|
1262
|
+
TheLog.debug("Unable to follow chain from anchor : #{closest_anchor.name}")
|
|
1263
|
+
msg.security_level = Message::SecurityLevel.INSECURE
|
|
1264
|
+
else
|
|
1265
|
+
actual_anchor_keys = ""
|
|
1266
|
+
actual_anchor.rrs.each {|rr| actual_anchor_keys += ", #{rr.key_tag}"}
|
|
1267
|
+
TheLog.debug("Found anchor #{actual_anchor.name}, #{actual_anchor.type} for #{qname} : #{actual_anchor_keys}")
|
|
1268
|
+
# print "Found anchor #{actual_anchor.name}, #{actual_anchor.type} for #{qname} : #{actual_anchor_keys}\n"
|
|
1269
|
+
begin
|
|
1270
|
+
if (verify(msg, actual_anchor))
|
|
1271
|
+
TheLog.debug("Validated #{qname}")
|
|
1272
|
+
msg.security_level = Message::SecurityLevel.SECURE
|
|
1273
|
+
end
|
|
1274
|
+
rescue VerifyError => e
|
|
1275
|
+
TheLog.info("BOGUS #{qname}! Error : #{e}")
|
|
1276
|
+
# print "BOGUS #{qname}! Error : #{e}\n"
|
|
1277
|
+
msg.security_level = Message::SecurityLevel.BOGUS
|
|
1278
|
+
error = e
|
|
1279
|
+
end
|
|
1280
|
+
end
|
|
1281
|
+
else
|
|
1282
|
+
# print "Unable to find an anchor for #{qname}\n"
|
|
1283
|
+
msg.security_level = Message::SecurityLevel.INSECURE
|
|
1284
|
+
end
|
|
1285
|
+
return error
|
|
1286
|
+
end
|
|
1287
|
+
|
|
1288
|
+
end
|
|
1289
|
+
end
|