dnsruby 1.44 → 1.45

data/demo/digdlv.rb

@@ -71,7 +71,7 @@ if (type.upcase == "AXFR")
     
 else
 
-  Dnsruby::TheLog.level=Logger::DEBUG
+#  Dnsruby::TheLog.level=Logger::DEBUG
   begin
     answer = nil
     answer = res.query(name, type, klass)

data/lib/Dnsruby/Config.rb

@@ -255,8 +255,36 @@ module Dnsruby
         rescue Exception
           begin
             # try to resolve server to address
-            addr = TCPSocket.gethostbyname(ns)[3] # @TODO@ Replace this with Dnsruby call when lookups work
-            server = addr
+            if ns == "localhost"
+              server = "127.0.0.1"
+            else
+              # Use Dnsruby to resolve the servers
+              # First, try the default resolvers
+              resolver = Resolver.new
+              found = false
+              begin
+                ret = resolver.query(ns)
+                ret.answer.each {|rr|
+                  if ([Types::A, Types::AAAA].include?rr.type)
+                    addr = rr.address.to_s
+                    server = addr
+                    found = true
+                  end
+                }
+              rescue Exception
+              end
+              if (!found)
+                # That didn't work - try recursing from the root
+                recursor = Recursor.new
+                ret = recursor.query(ns)
+                ret.answer.each {|rr|
+                  if ([Types::A, Types::AAAA].include?rr.type)
+                    addr = rr.address.to_s
+                    server = addr
+                  end
+                }
+              end
+            end
           rescue Exception => e
             Dnsruby.log.error{"Can't make sense of nameserver : #{server}, exception : #{e}"}
             #            raise ArgumentError.new("Can't make sense of nameserver : #{server}, exception : #{e}")
@@ -416,7 +444,7 @@ module Dnsruby
           if (name.length == 1)
             candidates.concat([Name.create(name.to_a)])
           end
-        end          
+        end
       end
       return candidates
     end

data/lib/Dnsruby/PacketSender.rb

@@ -14,6 +14,7 @@
 #limitations under the License.
 #++
 require 'Dnsruby/select_thread'
+require 'ipaddr'
 #require 'Dnsruby/iana_ports'
 module Dnsruby
   class PacketSender # :nodoc: all
@@ -76,7 +77,7 @@ module Dnsruby
     # The source address to send queries from
     # 
     # Defaults to localhost
-    attr_accessor :src_address
+    attr_reader :src_address
     
     # should the Recursion Desired bit be set on queries?
     # 
@@ -95,6 +96,24 @@ module Dnsruby
     # dnssec defaults to ON
     attr_reader :dnssec
     
+    # Set the source address. If the arg is nil, do nothing
+    def src_address=(arg)
+      if (not arg.nil?)
+        @src_address = arg
+      end
+      # Do some verification to make sure that the source address
+      # is of the same type as the server address
+      if (@server.nil?)
+        return
+      else
+        si = IPAddr.new(@src_address)
+        i = IPAddr.new(@server)
+        if (i.ipv4? and si.ipv6?) or (i.ipv6? and si.ipv4?)
+          raise ArgumentError.new("Invalid address specified (address family does not match)")
+        end
+      end
+    end
+
     #Sets the TSIG to sign outgoing messages with.
     #Pass in either a Dnsruby::RR::TSIG, or a key_name and key (or just a key)
     #Pass in nil to stop tsig signing.
@@ -174,6 +193,17 @@ module Dnsruby
       #Check server is IP
       @server=Config.resolve_server(@server)
 
+      begin
+        i = IPv4.create(@server)
+        @src_address = '0.0.0.0'
+      rescue Exception
+        begin
+          i = IPv6.create(@server)
+          @src_address = '::'
+        rescue Exception
+          Dnsruby.log.error{"Server is neither IPv4 or IPv6!\n"}
+        end
+      end
       #      ResolverRegister::register_single_resolver(self)
     end
     
@@ -320,7 +350,7 @@ module Dnsruby
               socket = UDPSocket.new()
             else
               ipv6 = @src_address =~ /:/
-              socket = UDPSocket.new(ipv6 ? Socket::AF_INET6 : Socket::AF_INET)
+              socket = UDPSocket.new(ipv6.nil? ? Socket::AF_INET : Socket::AF_INET6)
             end
             socket.bind(@src_address, src_port)
             socket.connect(@server, @port)

data/lib/Dnsruby/Recursor.rb

@@ -292,6 +292,8 @@ module Dnsruby
       Recursor.set_hints(Hash.new, resolver)
       @@zones_cache = Hash.new # key zone_name, values Hash of servers and AddressCaches
       @@zones_cache["."] = @@hints
+
+    @@authority_cache = Hash.new
     end
 
     def query_no_validation_or_recursion(name, type=Types.A, klass=Classes.IN) # :nodoc: all

data/lib/Dnsruby/Resolver.rb

@@ -460,7 +460,7 @@ module Dnsruby
       @tsig = nil
       @ignore_truncation = false
       @config = Config.new()
-      @src_address        = '0.0.0.0'
+      @src_address        = nil
       @src_port        = [0]
       @recurse = true
       @single_res_mutex.synchronize {

data/lib/Dnsruby/SingleResolver.rb

@@ -63,7 +63,7 @@ module Dnsruby
       @use_tcp = false
       @tsig = nil
       @ignore_truncation = false
-      @src_address        = '0.0.0.0'
+      @src_address        = nil
       @src_port        = [0]
       @recurse = true
       @persistent_udp = false
@@ -73,34 +73,50 @@ module Dnsruby
       @single_resolvers = []
       @configured = false
       @do_caching = true
-        @config = Config.new
+      @config = Config.new
 
       if (arg==nil)
         # Get default config
-#        @config = Config.new
-##        @server = config.nameserver[0]
+        @config = Config.new
+        @config.get_ready
+        @server = @config.nameserver[0]
       elsif (arg.kind_of?String)
         @config.get_ready
         @configured= true
-        @server=arg
+        @config.nameserver=[arg]
+        @server = @config.nameserver[0]
+        #        @server=arg
       elsif (arg.kind_of?Name)
         @config.get_ready
         @configured= true
-        @server=arg
+        @config.nameserver=arg
+        @server = @config.nameserver[0]
+        #        @server=arg
       elsif (arg.kind_of?Hash)
         arg.keys.each do |attr|
-          begin
-            send(attr.to_s+"=", arg[attr])
-          rescue Exception
-            Dnsruby.log.error{"Argument #{attr} not valid\n"}
+          if (attr == :server)
+            @config.get_ready
+            @configured= true
+            @config.nameserver=[arg[attr]]
+            @server = @config.nameserver[0]
+
+          else
+            begin
+              send(attr.to_s+"=", arg[attr])
+            rescue Exception
+              Dnsruby.log.error{"Argument #{attr} not valid\n"}
+            end
           end
-          #        end
         end
       end
-            #Check server is IP
-#            @server=Config.resolve_server(@server)
-      isr = PacketSender.new(*args)
-#      isr.server = @server
+
+      isr = PacketSender.new({:server=>@server, :dnssec=>@dnssec,
+          :use_tcp=>@use_tcp, :packet_timeout=>@packet_timeout,
+          :tsig => @tsig, :ignore_truncation=>@ignore_truncation,
+          :src_address=>@src_address, :src_port=>@src_port,
+          :do_caching=>@do_caching,
+          :recurse=>@recurse, :udp_size=>@udp_size})
+
       @single_resolvers = [isr]
 
       #      ResolverRegister::register_single_resolver(self)
@@ -109,22 +125,28 @@ module Dnsruby
     def server=(s)
       if (!@configured)
         @config.get_ready
-        add_config_nameservers
       end
-      isr = PacketSender.new(s)
-            @single_res_mutex.synchronize {
-      @single_resolvers = [isr]
-            }
+      @server = Config.resolve_server(s).to_s
+      isr = PacketSender.new({:server=>@server, :dnssec=>@dnssec,
+          :use_tcp=>@use_tcp, :packet_timeout=>@packet_timeout,
+          :tsig => @tsig, :ignore_truncation=>@ignore_truncation,
+          :src_address=>@src_address, :src_port=>@src_port,
+          :do_caching=>@do_caching,
+          :recurse=>@recurse, :udp_size=>@udp_size})
+
+      @single_res_mutex.synchronize {
+        @single_resolvers = [isr]
+      }
     end
 
     def server
-#      @single_res_mutex.synchronize {
+      #      @single_res_mutex.synchronize {
       if (!@configured)
         @config.get_ready
         add_config_nameservers
       end
-        return @single_resolvers[0].server
-#      }
+      return @single_resolvers[0].server
+      #      }
     end
 
     def retry_times=(n) # :nodoc:
@@ -149,5 +171,5 @@ module Dnsruby
 
     alias :query_timeout :packet_timeout
     alias :query_timeout= :packet_timeout=
-      end
+  end
 end

data/lib/Dnsruby/dnssec.rb

@@ -19,31 +19,31 @@ require 'Dnsruby/key_cache'
 require 'Dnsruby/single_verifier'
 module Dnsruby
 
-# RFC4033, section 7
-#   "There is one more step that a security-aware stub resolver can take
-#   if, for whatever reason, it is not able to establish a useful trust
-#   relationship with the recursive name servers that it uses: it can
-#   perform its own signature validation by setting the Checking Disabled
-#   (CD) bit in its query messages.  A validating stub resolver is thus
-#   able to treat the DNSSEC signatures as trust relationships between
-#   the zone administrators and the stub resolver itself. "
-#
-# Dnsruby is configured to validate responses by default. However, it is not
-# configured with any trusted keys by default. Applications may use the
-# verify() method to perform verification with of RRSets of Messages with
-# given keys. Alternatively, trusted keys may be added to this class (either
-# directly, or by loading the IANA TAR or the DLV ISC ZSK). Validation will then
-# be performed from these keys (or the DLV registry, if configured). Negative
-# and positive responses are validation.
-#
-# Messages are tagged with the current security_level (Message::SecurityLevel).
-# UNCHECKED means Dnsruby has not attempted to validate the response.
-# BOGUS means the response has been checked, and is bogus.
-# INSECURE means the response has been validated to be insecure (e.g. in an unsigned zone)
-# SECURE means that the response has been verfied to be correct.
-#
-# Several validators are provided, with each maintaining its own cache of trusted keys.
-# If validators are added or removed, the caches of the other validators are not affected.
+  # RFC4033, section 7
+  #   "There is one more step that a security-aware stub resolver can take
+  #   if, for whatever reason, it is not able to establish a useful trust
+  #   relationship with the recursive name servers that it uses: it can
+  #   perform its own signature validation by setting the Checking Disabled
+  #   (CD) bit in its query messages.  A validating stub resolver is thus
+  #   able to treat the DNSSEC signatures as trust relationships between
+  #   the zone administrators and the stub resolver itself. "
+  #
+  # Dnsruby is configured to validate responses by default. However, it is not
+  # configured with any trusted keys by default. Applications may use the
+  # verify() method to perform verification with of RRSets of Messages with
+  # given keys. Alternatively, trusted keys may be added to this class (either
+  # directly, or by loading the IANA TAR or the DLV ISC ZSK). Validation will then
+  # be performed from these keys (or the DLV registry, if configured). Negative
+  # and positive responses are validation.
+  #
+  # Messages are tagged with the current security_level (Message::SecurityLevel).
+  # UNCHECKED means Dnsruby has not attempted to validate the response.
+  # BOGUS means the response has been checked, and is bogus.
+  # INSECURE means the response has been validated to be insecure (e.g. in an unsigned zone)
+  # SECURE means that the response has been verfied to be correct.
+  #
+  # Several validators are provided, with each maintaining its own cache of trusted keys.
+  # If validators are added or removed, the caches of the other validators are not affected.
   class Dnssec
     # A class to cache trusted keys
 
@@ -117,11 +117,23 @@ module Dnsruby
       }
     end
 
+    def self.reset
+      @@validation_policy = ValidationPolicy::LOCAL_ANCHORS_THEN_ROOT
+      @@root_verifier = SingleVerifier.new(SingleVerifier::VerifierType::ROOT)
+
+      @@dlv_verifier = SingleVerifier.new(SingleVerifier::VerifierType::DLV)
+
+      # @TODO@ Could add a new one of these for each anchor.
+      @@anchor_verifier = SingleVerifier.new(SingleVerifier::VerifierType::ANCHOR)
+      @@do_validation_with_recursor = true # Many nameservers don't handle DNSSEC correctly yet
+      @@default_resolver = Resolver.new
+    end
+
     def self.no_keys?
       no_keys = true
       [@@anchor_verifier, @@root_verifier, @@dlv_verifier].each {|v|
         if (v.trusted_keys.length() > 0 ||
-            v.trust_anchors.length() > 0)
+              v.trust_anchors.length() > 0)
           no_keys = false
         end
       }
@@ -143,7 +155,7 @@ module Dnsruby
           if (first.class == String)
             first = first.getbyte(0) # Ruby 1.9
           end
-#            print "Reading ITAR : #{line}, first : #{first}\n"
+          #            print "Reading ITAR : #{line}, first : #{first}\n"
           next if (first==59) # ";")
           if (line.strip=~(/^DS /) || line.strip=~(/^DNSKEY /))
             line = lastname.to_s + ((lastname.absolute?)?".":"") + " " + line

data/lib/Dnsruby/ipv4.rb

@@ -43,7 +43,7 @@ module Dnsruby
       @address = address
     end
     
-    # A String representation of thi IPv4 address.
+    # A String representation of the IPv4 address.
     attr_reader :address
     
     def to_s #:nodoc:

data/lib/Dnsruby/resource/DNSKEY.rb

@@ -47,6 +47,8 @@ module Dnsruby
       attr_reader :algorithm
       #The public key
       attr_reader :key
+      #The length (in bits) of the key - NOT key.length
+      attr_reader :key_length
       
       def init_defaults
         @make_new_key_tag = false
@@ -293,6 +295,7 @@ module Dnsruby
         key_text.gsub!(/ /, "")
         #        @key=Base64.decode64(key_text)        
         @key=key_text.unpack("m*")[0]
+        public_key
         get_new_key_tag
       end
       
@@ -311,7 +314,7 @@ module Dnsruby
         # @TODO@ Support other key encodings!
         return @public_key
       end
-      
+
       def rsa_key
         exponentLength = @key[0]
         if (exponentLength.class == String)
@@ -330,6 +333,7 @@ module Dnsruby
         pos += exponentLength
 
         modulus = RR::get_num(@key[pos, @key.length])
+        @key_length = (@key.length - pos) * 8
 
         pkey = OpenSSL::PKey::RSA.new
         pkey.e = exponent
@@ -350,6 +354,7 @@ module Dnsruby
         pos += pgy_len
         y = RR::get_num(@key[pos, pgy_len])
         pos += pgy_len
+        @key_length = (pgy_len * 8)
         
         pkey = OpenSSL::PKey::DSA.new
         pkey.p = p

data/lib/Dnsruby/select_thread.rb

@@ -401,6 +401,8 @@ module Dnsruby
             return
           end
         else
+          # @TODO@ Can we get recvfrom to stop issuing PTR queries when we already
+          # know both the FQDN and the IP address?
           if (ret = socket.recvfrom(packet_size))
             buf = ret[0]
             answerport=ret[1][1]

data/lib/Dnsruby/single_verifier.rb

@@ -55,15 +55,15 @@ module Dnsruby
     end
 
     def get_dlv_resolver # :nodoc:
-      if (Dnssec.do_validation_with_recursor?)
-        return Recursor.new
-      else
+#      if (Dnssec.do_validation_with_recursor?)
+#        return Recursor.new
+#      else
         if (Dnssec.default_resolver)
           return Dnssec.default_resolver
         else
           return Resolver.new
         end
-      end
+#      end
     end
     def add_dlv_key(key)
       # Is this a ZSK or a KSK?
@@ -168,6 +168,7 @@ module Dnsruby
     # Wipes the cache of trusted keys
     def clear_trusted_keys
       @trusted_keys = KeyCache.new
+      @res = nil
       @discovered_ds_store = []
       @configured_ds_store = []
     end
@@ -1061,7 +1062,7 @@ module Dnsruby
             if (!k.zone_key?)
               #              print "Discovered DNSKEY is not a zone key - ignoring\n"
               TheLog.debug("Discovered DNSKEY is not a zone key - ignoring")
-              return false, new_res
+              return false, child_res
             end
           }
           begin
@@ -1120,7 +1121,7 @@ module Dnsruby
 
       ns_rrset = ns_ret.answer.rrset(name, Types.NS)
       if (!ns_rrset || ns_rrset.length == 0)
-        ns_rrset = ns_ret.authority.rrset(name, Types.NS) # @TOO@ Is ths OK?
+        ns_rrset = ns_ret.authority.rrset(name, Types.NS) # @TODO@ Is ths OK?
       end
       if (!ns_rrset || ns_rrset.length == 0 || ns_rrset.name.canonical != name.canonical)
         return nil

data/lib/dnsruby.rb

@@ -104,7 +104,7 @@ require 'Dnsruby/TheLog'
 module Dnsruby
 
   # @TODO@ Remember to update version in dnsruby.gemspec!
-  VERSION = 1.44
+  VERSION = 1.45
   def Dnsruby.version
     return VERSION
   end

data/test/tc_cache.rb

@@ -90,6 +90,7 @@ class TestCache < Test::Unit::TestCase
   def test_online
     # Get the records back from the test zone
     Dnsruby::PacketSender.clear_caches
+    Dnsruby::Recursor.clear_caches
     res = SingleResolver.new("ns0.validation-test-servers.nominet.org.uk.")
     res.udp_size = 4096
     query = Message.new("overflow.dnsruby.validation-test-servers.nominet.org.uk", Types.TXT)

data/test/tc_itar.rb

@@ -20,12 +20,11 @@ include Dnsruby
 
 class TestItar < Test::Unit::TestCase
   def test_itar
-    Dnsruby::Dnssec.clear_trusted_keys
-    Dnsruby::Dnssec.clear_trust_anchors
+    Dnsruby::Dnssec.reset
     Dnsruby::PacketSender.clear_caches
+    Dnsruby::Recursor.clear_caches
     run_test_se(true)
-    Dnsruby::Dnssec.clear_trusted_keys
-    Dnsruby::Dnssec.clear_trust_anchors
+    Dnsruby::Dnssec.reset
     Dnsruby::Recursor.clear_caches
 
     # Then try to validate some records in the published zones
@@ -37,16 +36,14 @@ class TestItar < Test::Unit::TestCase
   end
 
   def test_with_no_dlv_anchor
-    Dnsruby::Dnssec.clear_trusted_keys
-    Dnsruby::Dnssec.clear_trust_anchors
+    Dnsruby::Dnssec.reset
     Dnsruby::PacketSender.clear_caches
     Dnsruby::Recursor.clear_caches
     # Make sure we don't have any other anchors configured!
     res = Dnsruby::Recursor.new
     ret = res.query("frobbit.se.", Dnsruby::Types.A)
     assert(ret.security_level == Dnsruby::Message::SecurityLevel::INSECURE, "Level = #{ret.security_level.string}")
-    Dnsruby::Dnssec.clear_trusted_keys
-    Dnsruby::Dnssec.clear_trust_anchors
+    Dnsruby::Dnssec.reset
     Dnsruby::PacketSender.clear_caches
     Dnsruby::Recursor.clear_caches
     Dnssec.load_itar

data/test/tc_single_resolver.rb

@@ -186,11 +186,11 @@ class TestSingleResolver < Test::Unit::TestCase
     
     res.server=('a.t.dnsruby.validation-test-servers.nominet.org.uk')
     ip = res.server
-    assert_equal('10.0.1.128', ip, 'nameserver() looks up IP.')
+    assert_equal('10.0.1.128', ip.to_s, 'nameserver() looks up IP.')
     
     res.server=('cname.t.dnsruby.validation-test-servers.nominet.org.uk')
     ip = res.server
-    assert_equal(ip, '10.0.1.128', 'nameserver() looks up cname.')
+    assert_equal('10.0.1.128', ip.to_s, 'nameserver() looks up cname.')
   end
   
   def test_truncated_response

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: dnsruby
 version: !ruby/object:Gem::Version 
-  version: "1.44"
+  version: "1.45"
 platform: ruby
 authors: 
 - AlexD
@@ -9,7 +9,7 @@ autorequire: dnsruby
 bindir: bin
 cert_chain: []
 
-date: 2010-03-03 00:00:00 +00:00
+date: 2010-03-17 00:00:00 +00:00
 default_executable: 
 dependencies: []