dnsruby 1.58.0 → 1.59.0

data/demo/mx.rb

@@ -1,3 +1,5 @@
+#! /usr/bin/env ruby
+
 # --
 # Copyright 2007 Nominet UK
 # 
@@ -34,16 +36,24 @@ require 'dnsruby'
 # (Ruby port AlexD, Nominet UK)
 # 
 
-if ARGV.length == 1
-  dname = ARGV[0]
-  res   = Dnsruby::DNS.new
-  begin
-    res.each_resource(dname, 'MX') { |rr|
-      print rr.preference, "\t", rr.exchange, "\n"
-    }
-  rescue Exception => e
-    print "Can't find MX hosts for #{dname}: ", e, "\n"
+def fatal_error(message)
+  puts message
+  exit -1
+end
+
+
+unless ARGV.length == 1
+  fatal_error("Usage: #{$0} name")
+end
+
+
+domain = ARGV[0]
+resolver = Dnsruby::DNS.new
+
+begin
+  resolver.each_resource(domain, 'MX') do |rr|
+    print rr.preference, "\t", rr.exchange, "\n"
   end
-else
-  print "Usage: #{$0} domain\n"
+rescue Exception => e
+  fatal_error("Can't find MX hosts for #{domain}: #{e}")
 end

data/demo/rubydig.rb

@@ -1,3 +1,5 @@
+#! /usr/bin/env ruby
+
 # --
 # Copyright 2007 Nominet UK
 # 
@@ -33,49 +35,56 @@
 # Michael Fuhr <mike@fuhr.org>
 # 
 
+def fatal_error(message)
+  puts message
+  exit(-1)
+end
+
+
+unless (1..3).include?(ARGV.length)
+  fatal_error("Usage: #{$0} [ @nameserver ] name [ type [ class ] ]")
+end
+
+
 require 'dnsruby'
-include Dnsruby
 
-res = Dnsruby::Resolver.new
-zt=Dnsruby::ZoneTransfer.new
 
-if (ARGV && (ARGV[0] =~ /^@/))
+resolver = Dnsruby::Resolver.new
+zone_transfer = Dnsruby::ZoneTransfer.new
+
+
+if ARGV[0] =~ /^@/
   nameserver = ARGV.shift
-  if (nameserver == "@auth")
-    res = Dnsruby::Recursor.new
+  if nameserver == '@auth'
+    resolver = Dnsruby::Recursor.new
   else
-  print "Setting nameserver : #{nameserver}\n"
-  res.nameserver=(nameserver.sub(/^@/, ""))
-  print "nameservers = #{res.config.nameserver}\n"
-  zt.server=(nameserver.sub(/^@/, ""))
+    puts "Setting nameserver : #{nameserver}"
+    resolver.nameserver = (nameserver.sub(/^@/, ''))
+    puts "nameservers = #{resolver.config.nameserver}"
+    zone_transfer.server = (nameserver.sub(/^@/, ''))
   end
 end
 
-raise RuntimeError, "Usage: #{$0} [ \@nameserver ] name [ type [ class ] ]\n" unless (ARGV.length >= 1) && (ARGV.length <= 3)
-
 name, type, klass = ARGV
-type  ||= "A"
-klass ||= "IN"
+type  ||= 'A'
+klass ||= 'IN'
 
-if (type.upcase == "AXFR")
-  rrs = zt.transfer(name) # , klass)
+if type.upcase == 'AXFR'
+  rrs = zone_transfer.transfer(name) # , klass)
 
-  if (rrs)
-    rrs.each do |rr|
-      print rr.to_s + "\n"
-    end
+  if rrs
+    rrs.each { |rr| puts rr }
   else
-    raise RuntimeError, "zone transfer failed: ", res.errorstring, "\n"
+    fatal_error("Zone transfer failed: #{resolver.errorstring}")
   end
 
 else
 
 #    Dnsruby::TheLog.level=Logger::DEBUG
   begin
-    answer = nil
-    answer = res.query(name, type, klass)
-    print answer
+    answer = resolver.query(name, type, klass)
+    puts answer
   rescue Exception => e
-    print "query failed: #{e}\n"
+    fatal_error("Query failed: #{e}")
   end
 end

data/demo/trace_dns.rb

@@ -1,3 +1,5 @@
+#! /usr/bin/env ruby
+
 # --
 # Copyright 2007 Nominet UK
 # 
@@ -15,32 +17,36 @@
 # ++
 
 require 'dnsruby'
-include Dnsruby
 
 # e.g. ruby trace_dns.rb example.com
 
+unless (1..2).include?(ARGV.length)
+  puts "Usage: #{$0} domain [type]"
+  exit(-1)
+end
+
+
 # Load DLV key
-dlv_key = RR.create("dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh")
-Dnssec.add_dlv_key(dlv_key)
+dlv_key = Dnsruby::RR.create("dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh")
+Dnsruby::Dnssec.add_dlv_key(dlv_key)
 
-res = Dnsruby::Recursor.new
+resolver = Dnsruby::Recursor.new
 # TheLog.level = Logger::DEBUG
 
 
-res.recursion_callback=(Proc.new { |packet|
+resolver.recursion_callback = Proc.new do |packet|
+    packet.additional.each { |a| puts a }
+    puts(";; Received #{packet.answersize} bytes from #{packet.answerfrom}. Security Level = #{packet.security_level.string}\n")
+    puts "\n#{'-' * 79}\n"
+end
 
-    packet.additional.each { |a| print a.to_s + "\n" }
 
-    print(";; Received #{packet.answersize} bytes from #{packet.answerfrom}. Security Level = #{packet.security_level.string}\n\n")
-  })
+domain = ARGV[0]
+type = ARGV[1] || Types.A
 
-type = ARGV[1]
-if (type == nil)
-  type = Types.A
-end
 begin
-  ret = res.query(ARGV[0], type)
-  print "\nRESPONSE : #{ret}\n"
-rescue NXDomain
-  print "Domain doesn't exist\n"
+  response = resolver.query(domain, type)
+  puts "\nRESPONSE : #{response}"
+rescue Dnsruby::NXDomain
+  puts "Domain '#{domain}' doesn't exist"
 end

data/lib/dnsruby/cache.rb

@@ -31,6 +31,7 @@ module Dnsruby
   class Cache # :nodoc: all
     def initialize()
     @cache = Hash.new
+    @@max_size = 16*1024 # Get this right...
     @mutex = Mutex.new
     end
     def cache
@@ -44,6 +45,9 @@ module Dnsruby
     def length
       return @cache.length
     end
+    def Cache.max_size=(length)
+       @@max_size = length
+    end
     def add(message)
       q = message.question[0]
       key = CacheKey.new(q.qname, q.qtype, q.qclass).to_s
@@ -55,6 +59,10 @@ module Dnsruby
           TheLog.debug("CACHE ADD : #{q.qname}, #{q.qtype}\n")
         end
         @cache[key] = data
+
+        while @cache.size > @@max_size # keep the cache size reasonable
+          @cache.shift
+        end
       }
     end
     #  This method "fixes up" the response, so that the header and ttls are OK

data/lib/dnsruby/config.rb

@@ -290,7 +290,7 @@ module Dnsruby
             end
           rescue Exception => e
             Dnsruby.log.error{"Can't make sense of nameserver : #{server}, exception : #{e}"}
-            #             raise ArgumentError.new("Can't make sense of nameserver : #{server}, exception : #{e}")
+                         raise ArgumentError.new("Can't make sense of nameserver : #{server}, exception : #{e}")
             return nil
           end
         end

data/lib/dnsruby/dnssec.rb

@@ -66,7 +66,7 @@ module Dnsruby
     @@validation_policy = ValidationPolicy::LOCAL_ANCHORS_THEN_ROOT
 
     def Dnssec.validation_policy=(p)
-      if ((p >= ALWAYS_ROOT_ONY) && (p <= ALWAYS_LOCAL_ANCHORS))
+      if ((p >= ValidationPolicy::ALWAYS_ROOT_ONLY) && (p <= ValidationPolicy::ALWAYS_LOCAL_ANCHORS_ONLY))
         @@validation_policy = p
         #  @TODO@ Should we be clearing the trusted keys now?
       end
@@ -203,6 +203,7 @@ module Dnsruby
           end
         rescue VerifyError => e
           msg.security_error = e
+          msg.security_level = Message::SecurityLevel.BOGUS
         end
       end
 
@@ -240,13 +241,16 @@ module Dnsruby
               Proc.new{|m, q| validate_with_anchors(m, q)}, msg, query)
           end
         end
-        if (last_level != Message::SecurityLevel.SECURE)
+        if (last_level != Message::SecurityLevel.SECURE && last_level != Message::SecurityLevel.BOGUS)
           last_level, last_error, last_error_level = try_validation(last_level, last_error, last_error_level,
             Proc.new{|m, q| validate_with_dlv(m, q)}, msg, query)
         end
         #  Set the message security level!
         msg.security_level = last_level
         msg.security_error = last_error
+        if (last_error && last_error.index("ification error"))
+          msg.security_level = Message::SecurityLevel.BOGUS
+        end
         raise VerifyError.new(last_error) if (last_level < 0)
         return (msg.security_level.code > Message::SecurityLevel::UNCHECKED)
       end

data/lib/dnsruby/message/decoder.rb

@@ -154,6 +154,7 @@ class MessageDecoder #:nodoc: all
   def get_question
     name = self.get_name
     type, klass = self.get_unpack('nn')
+    klass = Classes.new(klass)
     Question.new(name, type, klass)
   end
 

data/lib/dnsruby/message/question.rb

@@ -66,7 +66,7 @@ class Question
     other.is_a?(Question) &&
         self.qname  == other.qname  &&
         self.qtype  == other.qtype  &&
-        self.qclass == other.qclass
+        self.qclass == Classes.new(other.qclass)
   end
 
   #  Returns a string representation of the question record.

data/lib/dnsruby/packet_sender.rb

@@ -59,6 +59,10 @@ module Dnsruby
       @@authoritative_cache.clear
     end
 
+    def PacketSender.recursive_cache_length
+      @@recursive_cache.length
+    end
+
     attr_accessor :packet_timeout
 
     #  The port on the resolver to send queries to.

data/lib/dnsruby/recursor.rb

@@ -318,7 +318,11 @@ module Dnsruby
         @@hints = Hash.new
         @@hints[0] = temp
       end
-      @@nameservers = @@hints.values
+      # @@nameservers = @@hints.values
+      @@nameservers=[]
+      @@hints.each {|key, value|
+        @@nameservers.push(key)
+      }
       return @@nameservers
     end
 
@@ -427,6 +431,10 @@ module Dnsruby
       if (Name === n)
         n = n.to_s # @TODO@ This is a bit crap!
       end
+      if (n == nil)
+        TheLog.error("Name is nil")
+        raise  ResolvError.new("Nameserver invalid!")
+      end
       name = n.tr("","")
       if (name[name.length-1] != ".")
         name = name + "."

data/lib/dnsruby/resource/OPT.rb

@@ -142,7 +142,7 @@ module Dnsruby
       end
 
       def payloadsize=(size)
-        self.klass=size
+        self.klass=Classes.new(size)
       end
 
       def options(args)
@@ -242,7 +242,7 @@ module Dnsruby
           @options.each do |opt|
             msg.put_pack('n', opt.code)
             msg.put_pack('n', opt.data.length)
-            msg.put_bytes(opt.data)
+            msg.put_pack('a*', opt.data)
           end
         end
       end

data/lib/dnsruby/resource/RR.rb

@@ -141,7 +141,7 @@ class RR
   def RR.new_from_hash(inhash)
     hash = inhash.clone
     type = hash[:type] || Types::ANY
-    klass = hash[:klass] || Classes::IN
+    klass = Classes.new(hash[:klass] || Classes::IN)
     ttl = hash[:ttl] || 0
     record_class = get_class(type, klass)
     record = record_class.new
@@ -151,7 +151,7 @@ class RR
     end
     record.ttl = ttl
     record.type = type
-    record.klass = klass
+    record.klass = Classes.new(klass)
     hash.delete(:name)
     hash.delete(:type)
     hash.delete(:ttl)
@@ -266,7 +266,7 @@ class RR
     record.name = Name.create(name)
     record.ttl = ttl
     record.type = rrtype
-    record.klass = rrclass
+    record.klass = Classes.new(rrclass)
     record
   end
 
@@ -283,7 +283,7 @@ class RR
       record.name = Name.create(name)
       record.ttl = ttl
       record.type = rrtype
-      record.klass = rrclass
+      record.klass = Classes.new(rrclass)
       return record
     end
   end

data/lib/dnsruby/select_thread.rb

@@ -712,8 +712,8 @@ module Dnsruby
         #  validate it only if it has not been validated already
         #  So, if we need to validate it, send it to the validation thread
         #  Otherwise, send VALIDATED to the requester.
-        if (((msg.security_level == Message::SecurityLevel::UNCHECKED) ||
-                (msg.security_level == Message::SecurityLevel::INDETERMINATE)) &&
+        if (((msg.security_level == Message::SecurityLevel.UNCHECKED) ||
+                (msg.security_level == Message::SecurityLevel.INDETERMINATE)) &&
               (ValidatorThread.requires_validation?(query, msg, err, res)))
           validator = ValidatorThread.new(client_id, client_queue, msg, err, query ,self, res)
           validator.run

data/lib/dnsruby/single_verifier.rb

@@ -1044,7 +1044,9 @@ module Dnsruby
               rescue VerifyError => e
                 #                 print "FAILED TO VERIFY DS RRSET FOR #{child}\n"
                 TheLog.info("FAILED TO VERIFY DS RRSET FOR #{child}")
-                return false, nil
+                # return false, nil
+                # raise ResolvError.new("FAILED TO VERIFY DS RRSET FOR #{child}")
+                raise VerifyError.new("FAILED TO VERIFY DS RRSET FOR #{child}")
               end
             end
           end
@@ -1084,7 +1086,8 @@ module Dnsruby
         rescue ResolvError => e
           #           print "Error getting DNSKEY for #{child} : #{e}\n"
           TheLog.error("Error getting DNSKEY for #{child} : #{e}")
-          return false, nil
+          # return false, nil
+          raise VerifyError.new("Error getting DNSKEY for #{child} : #{e}")
         end
         verified = true
         key_rrset = key_ret.answer.rrset(child, Types.DNSKEY)
@@ -1110,6 +1113,7 @@ module Dnsruby
               verify(key_rrset)
             rescue VerifyError =>e
               verified = false
+              raise VerifyError.new("Couldn't verify DNSKEY and DS records")
             end
           end
         end
@@ -1122,13 +1126,15 @@ module Dnsruby
         if (!verified)
           TheLog.info("Failed to verify DNSKEY for #{child}")
           return false, nil # new_res
+          # raise VerifyError.new("Failed to verify DNSKEY for #{child}")
         end
         #         Cache.add(key_ret)
         return key_rrset, new_res
       rescue VerifyError => e
         #         print "Verification error : #{e}\n"
         TheLog.info("Verification error : #{e}\n")
-        return false, nil # new_res
+        # return false, nil # new_res
+        raise VerifyError.new("Verification error : #{e}\n")
       end
     end
 
@@ -1271,6 +1277,9 @@ module Dnsruby
       msg.security_level = Message::SecurityLevel.INDETERMINATE
       qname = msg.question()[0].qname
       closest_anchor = find_closest_anchor_for(qname)
+      if (!closest_anchor)
+
+      end
       TheLog.debug("Closest anchor for #{qname} is #{closest_anchor} - trying to follow down")
       error = try_to_follow_from_anchor(closest_anchor, msg, qname)
 
@@ -1304,6 +1313,9 @@ module Dnsruby
       if (error)
         raise error
       end
+      if (msg.security_level == Message::SecurityLevel.BOGUS)
+        raise VerifyError.new("Bogus record")
+      end
       if (msg.security_level.code > Message::SecurityLevel::UNCHECKED)
         return true
       else
@@ -1315,7 +1327,15 @@ module Dnsruby
       error = nil
       if (closest_anchor)
         #  Then try to descend to the level we're interested in
-        actual_anchor = follow_chain(closest_anchor, qname)
+        actual_anchor = false
+        begin
+          actual_anchor = follow_chain(closest_anchor, qname)
+        rescue VerifyError => e
+          TheLog.debug("Broken chain from anchor : #{closest_anchor.name}")
+          msg.security_level = Message::SecurityLevel.BOGUS
+          return e
+        end
+        # @TODO@ We need to de ermine whether there was simply no DS record, or whether there was a failure
         if (!actual_anchor)
           TheLog.debug("Unable to follow chain from anchor : #{closest_anchor.name}")
           msg.security_level = Message::SecurityLevel.INSECURE