dnsruby 1.60.2 → 1.73.0

data/lib/dnsruby/message/message.rb

@@ -408,7 +408,7 @@ module Dnsruby
     end
 
     def to_s
-      s = ''  # the output string to return
+      s = +''  # the output string to return
 
       if @answerfrom && (! @answerfrom.empty?)
         s << ";; Answer received from #{@answerfrom} (#{@answersize} bytes)\n;;\n"
@@ -457,7 +457,7 @@ module Dnsruby
 
 
     def old_to_s
-      retval = ''
+      retval = +''
 
       if (@answerfrom != nil && @answerfrom != '')
         retval = retval + ";; Answer received from #{@answerfrom} (#{@answersize} bytes)\n;;\n"

data/lib/dnsruby/name.rb

@@ -26,7 +26,8 @@ module Dnsruby
   # * Name#wild?
   # * Name#subdomain_of?(other)
   # * Name#labels
-  # 
+  #
+  require 'simpleidn'
   class Name
     include Comparable
     MaxNameLength=255
@@ -52,6 +53,7 @@ module Dnsruby
         if (arg=="")
           return Name.new([],false)
         end
+        arg = punycode(arg)
         return Name.new(split_escaped(arg), /\.\z/ =~ arg ? true : false)
         #         return Name.new(Label.split(arg), /\.\z/ =~ arg ? true : false)
       when Array
@@ -61,6 +63,20 @@ module Dnsruby
       end
     end
 
+    # Convert IDN domain from Unicode UTF-8 to ASCII punycode
+    # @param [Object|String] d Unicode domain with emoji inside
+    # @return [String] ASCII punycode domain
+    # @example
+    #   Dnsruby::Name.punycode('🏳.cf')
+    #   => "xn--en8h.cf"
+    def self.punycode(d)
+      begin
+        return SimpleIDN.to_ascii(d)
+      rescue
+        return d
+      end
+    end
+
     def self.split_escaped(arg) #:nodoc: all
       encodedlabels = name2encodedlabels(arg)
       return encodedlabels
@@ -243,7 +259,7 @@ module Dnsruby
     #  in: dName a string with a domain name in presentation format (1035
     #  sect 5.1)
     #  out: an array of labels in wire format.
-    def self.name2encodedlabels (dName) #:nodoc: all
+    def self.name2encodedlabels(dName) #:nodoc: all
       #  Check for "\" in the name  : If there, then decode properly - otherwise, cheat and split on "."
       if (dName.index("\\"))
         names=[]
@@ -317,7 +333,7 @@ module Dnsruby
       i=0;
 
       while (i < length )
-        c=presentation.unpack("x#{i}C1") [0]
+        c=presentation.unpack("x#{i}C1")[0]
         if (c == 46) # ord('.')
           endstring = presentation[i+1, presentation.length-(i+1)]
           return Label.new(wire),endstring

data/lib/dnsruby/packet_sender.rb

@@ -204,26 +204,22 @@ module Dnsruby
       @tcp_pipelining_max_queries = :infinite
       @use_counts = {}
 
-      if (arg==nil)
-        #  Get default config
-        config = Config.new
-        #         @server = config.nameserver[0]
-      elsif (arg.kind_of? String)
-        @server=arg
-      elsif (arg.kind_of? Name)
-        @server=arg
-      elsif (arg.kind_of? Hash)
+      if arg.nil?
+      elsif arg.kind_of? String
+        @server = arg
+      elsif arg.kind_of? Name
+        @server = arg
+      elsif arg.kind_of? Hash
         arg.keys.each do |attr|
           begin
-            if (((attr.to_s == "src_address")||(attr.to_s == "src_address6")) &&
-                ((arg[attr] == nil) || (arg[attr] == "")))
+            if ((attr.to_s == "src_address" || attr.to_s == "src_address6") &&
+                (arg[attr] == nil || arg[attr] == ""))
             else
-              send(attr.to_s+"=", arg[attr])
+              send(attr.to_s + "=", arg[attr])
             end
           rescue Exception => e
             Dnsruby.log.error { "PacketSender : Argument #{attr}, #{arg[attr]} not valid : #{e}\n" }
           end
-          #         end
         end
       end
       # Check server is IP
@@ -235,12 +231,12 @@ module Dnsruby
 
     def check_ipv6
       begin
-        i = IPv4.create(@server)
+        IPv4.create(@server)
         #         @src_address = '0.0.0.0'
         @ipv6=false
       rescue Exception
         begin
-          i = IPv6.create(@server)
+          IPv6.create(@server)
           #           @src_address6 = '::'
           @ipv6=true
         rescue Exception
@@ -331,7 +327,14 @@ module Dnsruby
         client_query_id = Time.now + rand(10000) # is this safe?!
       end
 
-      query_packet = make_query_packet(msg, use_tcp)
+      begin
+        query_packet = make_query_packet(msg, use_tcp)
+      rescue EncodeError => err
+        Dnsruby.log.error { "#{err}" }
+        st = SelectThread.instance
+        st.push_exception_to_select(client_query_id, client_queue, err, nil)
+        return
+      end
 
       if (msg.do_caching && (msg.class != Update))
         #  Check the cache!!
@@ -449,7 +452,7 @@ module Dnsruby
                 socket, new_socket = tcp_pipeline_socket(src_port)
                 src_port = @tcp_pipeline_local_port
               else
-                socket = TCPSocket.new(@server, @port, src_address, src_port)
+                socket = Socket.tcp(@server, @port, src_address, src_port, connect_timeout: @packet_timeout)
                 new_socket = true
               end
             rescue Errno::EBADF, Errno::ENETUNREACH => e
@@ -622,6 +625,11 @@ module Dnsruby
           #  Should send error back up to Resolver here, and then NOT QUERY AGAIN!!!
           return sig_value
         end
+        if ((response.header.get_header_rcode == RCode.FORMERR) &&
+            (query.header.arcount == 0))
+          # Raise an error
+          return true
+        end
         #  Should check that question section is same as question that was sent! RFC 5452
         #  If it's not an update...
         if (query.class == Update)

data/lib/dnsruby/recursor.rb

@@ -153,7 +153,7 @@ module Dnsruby
       end
     end
     attr_accessor :nameservers, :callback, :recurse, :ipv6_ok
-    attr_reader :hints
+    attr_reader :hints, :dnssec
     #  The resolver to use for the queries
     attr_accessor :resolver
 
@@ -164,6 +164,11 @@ module Dnsruby
     @@zones_cache = nil
     @@nameservers = nil
 
+    def dnssec=(dnssec_on)
+      @dnssec = dnssec_on
+      @resolver.dnssec = dnssec_on
+    end
+
     def initialize(res = nil)
       if (res)
         @resolver = res
@@ -174,6 +179,7 @@ module Dnsruby
           @resolver = Resolver.new
         end
       end
+      @resolver.dnssec = @dnssec
       @ipv6_ok = false
     end
     # Initialize the hint servers.  Recursive queries need a starting name
@@ -196,6 +202,7 @@ module Dnsruby
       @resolver = resolver
       if (resolver.single_resolvers.length == 0)
         resolver = Resolver.new()
+        resolver.dnssec = @dnssec
       end
       if (hints && hints.length > 0)
         resolver.nameservers=hints
@@ -220,7 +227,7 @@ module Dnsruby
       #  Nice idea.
 
       #       if (!@@hints || @@hints.length == 0)
-      resolver.recurse=(1)
+      resolver.recurse = true
       packet=resolver.query_no_validation_or_recursion(".", "NS", "IN")
       hints = Hash.new
       if (packet)
@@ -257,7 +264,7 @@ module Dnsruby
               }
             }
             (hints.length * 2).times {
-              id, result, error = q.pop
+              _id, result, _error = q.pop
               if (result)
                 result.answer.each {|rr|
                   TheLog.debug(";; NS address: " + rr.inspect+"\n")
@@ -296,7 +303,7 @@ module Dnsruby
       end
 
       #  Disable recursion flag.
-      resolver.recurse=(0)
+      resolver.recurse = false
       #       end
 
       #   return $self->nameservers( map { @{ $_ } } values %{ $self->{'hints'} } );
@@ -372,6 +379,7 @@ module Dnsruby
     end
 
     def Recursor.clear_caches(resolver = Resolver.new)
+      resolver.dnssec = @dnssec
       Recursor.set_hints(Hash.new, resolver)
       @@zones_cache = Hash.new # key zone_name, values Hash of servers and AddressCaches
       @@zones_cache["."] = @@hints
@@ -398,7 +406,7 @@ module Dnsruby
       @@mutex.synchronize {
         self.hints=(Hash.new) unless @@hints
       }
-      @resolver.recurse=(0)
+      @resolver.recurse = false
       #  Make sure the authority cache is clean.
       #  It is only used to store A and AAAA records of
       #  the suposedly authoritative name servers.
@@ -492,7 +500,7 @@ module Dnsruby
         return nil
       end
 
-      known_zone.sub!(/\.*$/, ".")
+      known_zone = known_zone.sub(/\.*$/, ".")
 
       ns = [] # Array of AddressCaches (was array of array of addresses)
       @@mutex.synchronize{
@@ -613,6 +621,8 @@ module Dnsruby
         }
       end
       resolver = Resolver.new({:nameserver=>nameservers})
+      resolver.dnssec = @dnssec
+      resolver.recurse = false
       servers = []
       resolver.single_resolvers.each {|s|
         servers.push(s.server)
@@ -629,7 +639,7 @@ module Dnsruby
         packet = resolver.send_message(query)
         #  @TODO@ Now prune unrelated RRSets (RFC 5452 section 6)
         prune_rrsets_to_rfc5452(packet, known_zone)
-      rescue ResolvTimeout, IOError => e
+      rescue ResolvTimeout, IOError
         #             TheLog.debug(";; nameserver #{levelns.to_s} didn't respond")
         #             next
         TheLog.debug("No response!")

data/lib/dnsruby/resolver.rb

@@ -128,7 +128,9 @@ module Dnsruby
     #  The current Config
     attr_reader :config
 
-    #  Does this Resolver cache answers, and attempt to retrieve answer from the cache?
+    #  Defines whether we will cache responses, or pass every request to the
+    #  upstream resolver.  This is only really useful when querying authoritative
+    #  servers (as the upstream recursive resolver is likely to cache)
     attr_reader :do_caching
 
     #  The array of SingleResolvers used for sending query messages
@@ -171,11 +173,6 @@ module Dnsruby
     #  requirements.
     attr_accessor :do_validation
 
-    #  Defines whether we will cache responses, or pass every request to the
-    #  upstream resolver.  This is only really useful when querying authoritative
-    #  servers (as the upstream recursive resolver is likely to cache)
-    attr_accessor :do_caching
-
     #  --
     #  @TODO@ add load_balance? i.e. Target nameservers in a random, rather than pre-determined, order?
     #  This is best done when configuring the Resolver, as it will re-order servers based on their response times.
@@ -302,15 +299,17 @@ module Dnsruby
     #  is sent (TSIG signatures will be applied if configured on the Resolver).
     #  Retries are handled as the Resolver is configured to do.
     #  Incoming responses to the query are not cached or validated (although TCP
-    #  fallback will be performed if the TC bit is set and the (Single)Resolver has
-    #  ignore_truncation set to false).
-    #  Note that the Message is left untouched - this means that no OPT records are
-    #  added, even if the UDP transport for the server is specified at more than 512
-    #  bytes. If it is desired to use EDNS for this packet, then you should call
-    #  the Dnsruby::PacketSender#prepare_for_dnssec(msg), or
-    #  Dnsruby::PacketSender#add_opt_rr(msg)
-    #  The return value from this method is the [response, error] tuple. Either of
-    #  these values may be nil - it is up to the client to check.
+    #  fallback will be performed if the TC bit is set and the (Single)Resolver
+    #  has ignore_truncation set to false).
+    #  Note that the Message may be modified before sending: if the configured
+    #  udp_size is >512 bytes, DNSSEC is not set, and no OPT record is already
+    #  present, then an OPT record will be added automatically to support EDNS
+    #  per RFC 6891.
+    #  If it is desired to customize the OPT record or use EDNS in other cases,
+    #  then you should call the Dnsruby::PacketSender#prepare_for_dnssec(msg),
+    #  or Dnsruby::PacketSender#add_opt_rr(msg).
+    #  The return value from this method is the [response, error] tuple. Either
+    #  of these values may be nil - it is up to the client to check.
     #
     #  example :
     #
@@ -568,7 +567,7 @@ module Dnsruby
     def add_server(server)# :nodoc:
       @configured = true
       res = PacketSender.new(server)
-      log_and_raise("Can't create server #{server}", ArgumentError) unless res
+      Dnsruby.log_and_raise("Can't create server #{server}", ArgumentError) unless res
       update_internal_res(res)
       @single_res_mutex.synchronize { @single_resolvers.push(res) }
     end
@@ -644,7 +643,7 @@ module Dnsruby
         a = Resolver.get_ports_from(p)
         a.each do |x|
           if (@src_port.length > 0) && (x == 0)
-            log_and_raise("src_port of 0 only allowed as only src_port value (currently #{@src_port.length} values",
+            Dnsruby.log_and_raise("src_port of 0 only allowed as only src_port value (currently #{@src_port.length} values",
                 ArgumentError)
           end
           @src_port.push(x)
@@ -668,7 +667,7 @@ module Dnsruby
         return ! ((p == 0) && (src_port.length > 0))
       else
         Dnsruby.log.error("Illegal port (#{p})")
-        log_and_raise("Illegal port #{p}", ArgumentError)
+        Dnsruby.log_and_raise("Illegal port #{p}", ArgumentError)
       end
     end
 
@@ -837,7 +836,7 @@ module Dnsruby
             timeouts[base + offset]=[res, retry_count]
           else
             if timeouts.has_key?(base + retry_delay + offset)
-              log_and_raise('Duplicate timeout key!')
+              Dnsruby.log_and_raise('Duplicate timeout key!')
             end
             timeouts[base + retry_delay + offset]=[res, retry_count]
           end
@@ -878,7 +877,7 @@ module Dnsruby
       end
 
       unless client_queue.kind_of?(Queue)
-        log_and_raise('Wrong type for client_queue in Resolver# send_async')
+        Dnsruby.log_and_raise('Wrong type for client_queue in Resolver# send_async')
         #  @TODO@ Handle different queue tuples - push this to generic send_error method
         client_queue.push([client_query_id, ArgumentError.new('Wrong type of client_queue passed to Dnsruby::Resolver# send_async - should have been Queue, was #{client_queue.class}')])
         return
@@ -891,6 +890,21 @@ module Dnsruby
         return
       end
 
+      # According to RFC 6891, a UDP payload size >512 bytes requires an
+      # EDNS OPT RR in the message.
+      if @parent.udp_size > 512 && !msg.get_opt
+        TheLog.debug("Automatically adding EDNS OPT RR for udp_size=#{ @parent.udp_size }")
+        msg.add_additional(Dnsruby::RR::OPT.new(@parent.udp_size))
+      end
+
+      begin
+        msg.encode
+      rescue EncodeError => err
+        Dnsruby.log.error { "Can't encode " + msg.to_s + " : #{err}" }
+        client_queue.push([client_query_id, err])
+        return
+      end
+
       tick_needed = false
       #  add to our data structures
       #       @mutex.synchronize{
@@ -1051,13 +1065,13 @@ module Dnsruby
       #  @TODO@ Also, should have option to speak only to configured resolvers (not follow authoritative chain)
       #
       if queue.empty?
-        log_and_raise('Severe internal error - Queue empty in handle_queue_event')
+        Dnsruby.log_and_raise('Severe internal error - Queue empty in handle_queue_event')
       end
       event_id, event_type, response, error = queue.pop
       #  We should remove this packet from the list of outstanding packets for this query
       _resolver, _msg, client_query_id, _retry_count = id
       if id != event_id
-        log_and_raise("Serious internal error!! #{id} expected, #{event_id} received")
+        Dnsruby.log_and_raise("Serious internal error!! #{id} expected, #{event_id} received")
       end
       #       @mutex.synchronize{
       @parent.single_res_mutex.synchronize {
@@ -1070,7 +1084,7 @@ module Dnsruby
         if event_type == Resolver::EventType::RECEIVED ||
               event_type == Resolver::EventType::ERROR
           unless outstanding.include?(id)
-            log_and_raise("Query id not on outstanding list! #{outstanding.length} items. #{id} not on #{outstanding}")
+            Dnsruby.log.error("Query id not on outstanding list! #{outstanding.length} items. #{id} not on #{outstanding}")
           end
           outstanding.delete(id)
         end
@@ -1124,6 +1138,9 @@ module Dnsruby
         increment_resolver_priority(resolver) unless response.cached
         stop_querying(client_query_id)
         #  @TODO@ Does the client want notified at this point?
+      elsif error.kind_of?(EncodeError)
+        Dnsruby.log.debug{'Encode error - sending to client'}
+        send_result_and_stop_querying(client_queue, client_query_id, select_queue, response, error)
       else
         #    - if it was any other error, then remove that server from the list for that query
         #    If a Too Many Open Files error, then don't remove, but let retry work.
@@ -1197,7 +1214,7 @@ module Dnsruby
       #       @mutex.synchronize{
       _query, _client_queue, s_queue, _outstanding = @query_list[client_query_id]
       if s_queue != select_queue
-        log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
+        Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
       end
       stop_querying(client_query_id)
       #  @TODO@ Does the client want notified at this point?
@@ -1210,7 +1227,7 @@ module Dnsruby
       #       @mutex.synchronize {
       _query, client_queue, s_queue, _outstanding = @query_list[client_query_id]
       if s_queue != select_queue
-        log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
+        Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
       end
       if response.rcode == RCode.NXDOMAIN
         send_result(client_queue, client_query_id, select_queue, response, NXDomain.new)
@@ -1226,7 +1243,7 @@ module Dnsruby
       _resolver, _msg, client_query_id, _retry_count = query_id
       _query, client_queue, s_queue, _outstanding = @query_list[client_query_id]
       if s_queue != select_queue
-        log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
+        Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
       end
       #       For some errors, we immediately send result. For others, should we retry?
       #       Either :

data/lib/dnsruby/resource/CAA.rb

@@ -26,7 +26,7 @@ module Dnsruby
       # The value for the property_tag
       attr_accessor :property_value
       # The value for the flag
-      attr_accessor :flag
+      attr_writer :flag
 
       def from_hash(hash) #:nodoc: all
         @property_tag = hash[:property_tag]
@@ -43,7 +43,10 @@ module Dnsruby
       end
 
       def from_string(input) #:nodoc: all
-        matches = (/(\d+) (issuewild|issue|iodef) "(.+)"$/).match(input)
+        matches = (/(\d+) (issuewild|issuemail|issue|iodef|contactemail|contactphone) "(.+)"$/i).match(input)
+        if matches.nil?
+          raise DecodeError.new("Cannot parse record: #{input[0...1000]}")
+        end
         @flag = matches[1]
         @property_tag = matches[2]
         @property_value = matches[3]

data/lib/dnsruby/resource/CDNSKEY.rb

@@ -0,0 +1,17 @@
+module Dnsruby
+  class RR
+    # RFC4034, section 2
+    # DNSSEC uses public key cryptography to sign and authenticate DNS
+    # resource record sets (RRsets).  The public keys are stored in DNSKEY
+    # resource records and are used in the DNSSEC authentication process
+    # described in [RFC4035]: A zone signs its authoritative RRsets by
+    # using a private key and stores the corresponding public key in a
+    # DNSKEY RR.  A resolver can then use the public key to validate
+    # signatures covering the RRsets in the zone, and thus to authenticate
+    # them.
+    class CDNSKEY < DNSKEY
+      ClassValue = nil #:nodoc: all
+      TypeValue = Types::CDNSKEY #:nodoc: all
+    end
+  end
+end

data/lib/dnsruby/resource/CDS.rb

@@ -0,0 +1,35 @@
+# --
+# Copyright 2018 Caerketton Tech Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ++
+module Dnsruby
+  class RR
+    # RFC4034, section 4
+    # The DS Resource Record refers to a DNSKEY RR and is used in the DNS
+    # DNSKEY authentication process.  A DS RR refers to a DNSKEY RR by
+    # storing the key tag, algorithm number, and a digest of the DNSKEY RR.
+    # Note that while the digest should be sufficient to identify the
+    # public key, storing the key tag and key algorithm helps make the
+    # identification process more efficient.  By authenticating the DS
+    # record, a resolver can authenticate the DNSKEY RR to which the DS
+    # record points.  The key authentication process is described in
+    # [RFC4035].
+
+    class CDS < DS
+
+      ClassValue = nil #:nodoc: all
+      TypeValue = Types::CDS #:nodoc: all
+    end
+  end
+end

data/lib/dnsruby/resource/DNSKEY.rb

@@ -294,11 +294,11 @@ module Dnsruby
         begin
           key_text.gsub!(/\n/, "")
           key_text.gsub!(/ /, "")
-          #         @key=Base64.decode64(key_text)
-          @key=key_text.unpack("m*")[0]
+          @key=Base64.decode64(key_text)
           public_key
           get_new_key_tag
-        rescue Exception
+        rescue Exception => e
+          Dnsruby.log.error(e)
           raise ArgumentError.new("Key #{key_text} invalid")
         end
       end
@@ -313,6 +313,8 @@ module Dnsruby
           elsif [Algorithms.DSA,
               Algorithms.DSA_NSEC3_SHA1].include?(@algorithm)
             @public_key = dsa_key
+          elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(@algorithm)
+            @public_key = ec_key(Algorithms.ECDSAP256SHA256 == @algorithm ? 'prime256v1' : 'secp384r1')
           end
         end
         #  @TODO@ Support other key encodings!
@@ -339,9 +341,12 @@ module Dnsruby
         modulus = RR::get_num(@key[pos, @key.length])
         @key_length = (@key.length - pos) * 8
 
-        pkey = OpenSSL::PKey::RSA.new
-        pkey.e = exponent
-        pkey.n = modulus
+        data_sequence = OpenSSL::ASN1::Sequence([
+                                                  OpenSSL::ASN1::Integer(modulus),
+                                                  OpenSSL::ASN1::Integer(exponent)
+                                                ])
+        asn1 = OpenSSL::ASN1::Sequence(data_sequence)
+        pkey = OpenSSL::PKey::RSA.new(asn1.to_der)
         return pkey
       end
 
@@ -360,14 +365,49 @@ module Dnsruby
         pos += pgy_len
         @key_length = (pgy_len * 8)
 
-        pkey = OpenSSL::PKey::DSA.new
-        pkey.p = p
-        pkey.q = q
-        pkey.g = g
-        pkey.pub_key = y
+        asn1 = OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Sequence.new(
+              [
+                OpenSSL::ASN1::ObjectId.new('DSA'),
+                OpenSSL::ASN1::Sequence.new(
+                  [
+                    OpenSSL::ASN1::Integer.new(p),
+                    OpenSSL::ASN1::Integer.new(q),
+                    OpenSSL::ASN1::Integer.new(g)
+                  ]
+                )
+              ]
+            ),
+            OpenSSL::ASN1::BitString.new(OpenSSL::ASN1::Integer.new(y).to_der)
+          ]
+        )
+
+        OpenSSL::PKey::DSA.new(asn1.to_der)
+      end
 
-        pkey
+      # RFC6605, section 4
+      # ECDSA public keys consist of a single value, called "Q" in FIPS
+      # 186-3.  In DNSSEC keys, Q is a simple bit string that represents the
+      # uncompressed form of a curve point, "x | y".
+      def ec_key(curve = 'prime256v1')
+        group = OpenSSL::PKey::EC::Group.new(curve)
+        # DNSSEC pub does not have first octet that determines whether it's uncompressed
+        # or compressed form, but it's required by OpenSSL to parse EC point correctly
+        dnskey_bn = OpenSSL::BN.new("\x04" + @key, 2)
+        key_point = OpenSSL::PKey::EC::Point.new(group, dnskey_bn)
+        
+        asn1 = OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Sequence.new([
+              OpenSSL::ASN1::ObjectId.new("id-ecPublicKey"),
+              OpenSSL::ASN1::ObjectId.new(group.curve_name)
+            ]),
+            OpenSSL::ASN1::BitString.new(key_point.to_octet_string(:uncompressed))
+          ]
+        )
+        OpenSSL::PKey::EC.new(asn1.to_der)
       end
     end
   end
-end
+end

data/lib/dnsruby/resource/DS.rb

@@ -14,11 +14,8 @@
 # limitations under the License.
 # ++
 require 'base64'
-begin
-require 'Digest/sha2'
-rescue LoadError
-  require 'digest/sha2'
-end
+require 'digest/sha2'
+
 module Dnsruby
   class RR
     # RFC4034, section 4

data/lib/dnsruby/resource/GPOS.rb

@@ -104,7 +104,7 @@ module Dnsruby
       end
 
       def self.build_rdata(longitude, latitude, altitude)
-        binary_string = ''.force_encoding('ASCII-8BIT')
+        binary_string = ''.b
 
         binary_string << longitude.length.chr
         binary_string << longitude

data/lib/dnsruby/resource/IN.rb

@@ -19,7 +19,11 @@ module Dnsruby
       Types::NS => NS,
       Types::CNAME => CNAME,
       Types::DNAME => DNAME,
+      Types::URI => URI,
+      Types::DS => DS,
+      Types::CDS => CDS,
       Types::DNSKEY => DNSKEY,
+      Types::CDNSKEY => CDNSKEY,
       Types::SOA => SOA,
       Types::PTR => PTR,
       Types::HINFO => HINFO,
@@ -45,7 +49,6 @@ module Dnsruby
       Types::ANY => ANY,
       Types::RRSIG => RRSIG,
       Types::NSEC => NSEC,
-      Types::DS => DS,
       Types::NSEC3 => NSEC3,
       Types::NSEC3PARAM => NSEC3PARAM,
       Types::DLV => DLV,