dnsruby 1.61.2 → 1.61.7

data/lib/dnsruby/recursor.rb

@@ -227,7 +227,7 @@ module Dnsruby
       #  Nice idea.
 
       #       if (!@@hints || @@hints.length == 0)
-      resolver.recurse=(1)
+      resolver.recurse = true
       packet=resolver.query_no_validation_or_recursion(".", "NS", "IN")
       hints = Hash.new
       if (packet)
@@ -264,7 +264,7 @@ module Dnsruby
               }
             }
             (hints.length * 2).times {
-              id, result, error = q.pop
+              _id, result, _error = q.pop
               if (result)
                 result.answer.each {|rr|
                   TheLog.debug(";; NS address: " + rr.inspect+"\n")
@@ -303,7 +303,7 @@ module Dnsruby
       end
 
       #  Disable recursion flag.
-      resolver.recurse=(0)
+      resolver.recurse = false
       #       end
 
       #   return $self->nameservers( map { @{ $_ } } values %{ $self->{'hints'} } );
@@ -406,7 +406,7 @@ module Dnsruby
       @@mutex.synchronize {
         self.hints=(Hash.new) unless @@hints
       }
-      @resolver.recurse=(0)
+      @resolver.recurse = false
       #  Make sure the authority cache is clean.
       #  It is only used to store A and AAAA records of
       #  the suposedly authoritative name servers.
@@ -622,6 +622,7 @@ module Dnsruby
       end
       resolver = Resolver.new({:nameserver=>nameservers})
       resolver.dnssec = @dnssec
+      resolver.recurse = false
       servers = []
       resolver.single_resolvers.each {|s|
         servers.push(s.server)
@@ -638,7 +639,7 @@ module Dnsruby
         packet = resolver.send_message(query)
         #  @TODO@ Now prune unrelated RRSets (RFC 5452 section 6)
         prune_rrsets_to_rfc5452(packet, known_zone)
-      rescue ResolvTimeout, IOError => e
+      rescue ResolvTimeout, IOError
         #             TheLog.debug(";; nameserver #{levelns.to_s} didn't respond")
         #             next
         TheLog.debug("No response!")

data/lib/dnsruby/resolver.rb

@@ -128,7 +128,9 @@ module Dnsruby
     #  The current Config
     attr_reader :config
 
-    #  Does this Resolver cache answers, and attempt to retrieve answer from the cache?
+    #  Defines whether we will cache responses, or pass every request to the
+    #  upstream resolver.  This is only really useful when querying authoritative
+    #  servers (as the upstream recursive resolver is likely to cache)
     attr_reader :do_caching
 
     #  The array of SingleResolvers used for sending query messages
@@ -171,11 +173,6 @@ module Dnsruby
     #  requirements.
     attr_accessor :do_validation
 
-    #  Defines whether we will cache responses, or pass every request to the
-    #  upstream resolver.  This is only really useful when querying authoritative
-    #  servers (as the upstream recursive resolver is likely to cache)
-    attr_accessor :do_caching
-
     #  --
     #  @TODO@ add load_balance? i.e. Target nameservers in a random, rather than pre-determined, order?
     #  This is best done when configuring the Resolver, as it will re-order servers based on their response times.
@@ -568,7 +565,7 @@ module Dnsruby
     def add_server(server)# :nodoc:
       @configured = true
       res = PacketSender.new(server)
-      log_and_raise("Can't create server #{server}", ArgumentError) unless res
+      Dnsruby.log_and_raise("Can't create server #{server}", ArgumentError) unless res
       update_internal_res(res)
       @single_res_mutex.synchronize { @single_resolvers.push(res) }
     end
@@ -644,7 +641,7 @@ module Dnsruby
         a = Resolver.get_ports_from(p)
         a.each do |x|
           if (@src_port.length > 0) && (x == 0)
-            log_and_raise("src_port of 0 only allowed as only src_port value (currently #{@src_port.length} values",
+            Dnsruby.log_and_raise("src_port of 0 only allowed as only src_port value (currently #{@src_port.length} values",
                 ArgumentError)
           end
           @src_port.push(x)
@@ -668,7 +665,7 @@ module Dnsruby
         return ! ((p == 0) && (src_port.length > 0))
       else
         Dnsruby.log.error("Illegal port (#{p})")
-        log_and_raise("Illegal port #{p}", ArgumentError)
+        Dnsruby.log_and_raise("Illegal port #{p}", ArgumentError)
       end
     end
 
@@ -837,7 +834,7 @@ module Dnsruby
             timeouts[base + offset]=[res, retry_count]
           else
             if timeouts.has_key?(base + retry_delay + offset)
-              log_and_raise('Duplicate timeout key!')
+              Dnsruby.log_and_raise('Duplicate timeout key!')
             end
             timeouts[base + retry_delay + offset]=[res, retry_count]
           end
@@ -878,7 +875,7 @@ module Dnsruby
       end
 
       unless client_queue.kind_of?(Queue)
-        log_and_raise('Wrong type for client_queue in Resolver# send_async')
+        Dnsruby.log_and_raise('Wrong type for client_queue in Resolver# send_async')
         #  @TODO@ Handle different queue tuples - push this to generic send_error method
         client_queue.push([client_query_id, ArgumentError.new('Wrong type of client_queue passed to Dnsruby::Resolver# send_async - should have been Queue, was #{client_queue.class}')])
         return
@@ -1059,13 +1056,13 @@ module Dnsruby
       #  @TODO@ Also, should have option to speak only to configured resolvers (not follow authoritative chain)
       #
       if queue.empty?
-        log_and_raise('Severe internal error - Queue empty in handle_queue_event')
+        Dnsruby.log_and_raise('Severe internal error - Queue empty in handle_queue_event')
       end
       event_id, event_type, response, error = queue.pop
       #  We should remove this packet from the list of outstanding packets for this query
       _resolver, _msg, client_query_id, _retry_count = id
       if id != event_id
-        log_and_raise("Serious internal error!! #{id} expected, #{event_id} received")
+        Dnsruby.log_and_raise("Serious internal error!! #{id} expected, #{event_id} received")
       end
       #       @mutex.synchronize{
       @parent.single_res_mutex.synchronize {
@@ -1078,7 +1075,7 @@ module Dnsruby
         if event_type == Resolver::EventType::RECEIVED ||
               event_type == Resolver::EventType::ERROR
           unless outstanding.include?(id)
-            log_and_raise("Query id not on outstanding list! #{outstanding.length} items. #{id} not on #{outstanding}")
+            Dnsruby.log.error("Query id not on outstanding list! #{outstanding.length} items. #{id} not on #{outstanding}")
           end
           outstanding.delete(id)
         end
@@ -1208,7 +1205,7 @@ module Dnsruby
       #       @mutex.synchronize{
       _query, _client_queue, s_queue, _outstanding = @query_list[client_query_id]
       if s_queue != select_queue
-        log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
+        Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
       end
       stop_querying(client_query_id)
       #  @TODO@ Does the client want notified at this point?
@@ -1221,7 +1218,7 @@ module Dnsruby
       #       @mutex.synchronize {
       _query, client_queue, s_queue, _outstanding = @query_list[client_query_id]
       if s_queue != select_queue
-        log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
+        Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
       end
       if response.rcode == RCode.NXDOMAIN
         send_result(client_queue, client_query_id, select_queue, response, NXDomain.new)
@@ -1237,7 +1234,7 @@ module Dnsruby
       _resolver, _msg, client_query_id, _retry_count = query_id
       _query, client_queue, s_queue, _outstanding = @query_list[client_query_id]
       if s_queue != select_queue
-        log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
+        Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
       end
       #       For some errors, we immediately send result. For others, should we retry?
       #       Either :

data/lib/dnsruby/resource/CAA.rb

@@ -26,7 +26,7 @@ module Dnsruby
       # The value for the property_tag
       attr_accessor :property_value
       # The value for the flag
-      attr_accessor :flag
+      attr_writer :flag
 
       def from_hash(hash) #:nodoc: all
         @property_tag = hash[:property_tag]
@@ -43,7 +43,7 @@ module Dnsruby
       end
 
       def from_string(input) #:nodoc: all
-        matches = (/(\d+) (issuewild|issue|iodef) "(.+)"$/).match(input)
+        matches = (/(\d+) (issuewild|issue|iodef|contactemail|contactphone) "(.+)"$/).match(input)
         @flag = matches[1]
         @property_tag = matches[2]
         @property_value = matches[3]

data/lib/dnsruby/resource/DNSKEY.rb

@@ -313,6 +313,8 @@ module Dnsruby
           elsif [Algorithms.DSA,
               Algorithms.DSA_NSEC3_SHA1].include?(@algorithm)
             @public_key = dsa_key
+          elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(@algorithm)
+            @public_key = ec_key(Algorithms.ECDSAP256SHA256 == @algorithm ? 'prime256v1' : 'secp384r1')
           end
         end
         #  @TODO@ Support other key encodings!
@@ -377,6 +379,22 @@ module Dnsruby
 
         pkey
       end
+
+      # RFC6605, section 4
+      # ECDSA public keys consist of a single value, called "Q" in FIPS
+      # 186-3.  In DNSSEC keys, Q is a simple bit string that represents the
+      # uncompressed form of a curve point, "x | y".
+      def ec_key(curve = 'prime256v1')
+        group = OpenSSL::PKey::EC::Group.new(curve)
+        pkey = OpenSSL::PKey::EC.new(group)
+
+        # DNSSEC pub does not have first octet that determines whether it's uncompressed
+        # or compressed form, but it's required by OpenSSL to parse EC point correctly
+        point_from_pub = "\x04" + @key.to_s # octet string, \x04 prefix determines uncompressed
+        pkey.public_key = OpenSSL::PKey::EC::Point.new(group, point_from_pub)
+
+        pkey
+      end
     end
   end
 end

data/lib/dnsruby/resource/NSEC3PARAM.rb

@@ -85,7 +85,7 @@ module Dnsruby
       #       end
       # 
       def from_data(data) #:nodoc: all
-        hash_alg, flags, iterations, salt_length, salt = data
+        hash_alg, flags, iterations, _salt_length, salt = data
         self.hash_alg=(hash_alg)
         self.flags=(flags)
         self.iterations=(iterations)

data/lib/dnsruby/resource/TLSA.rb

@@ -33,8 +33,8 @@ module Dnsruby
         # 255 Private use
         attr_accessor :matching_type
         # sec 2.1.4
-        attr_accessor :data
-        attr_accessor :databin
+        attr_reader :data
+        attr_reader :databin
 
         def verify
           raise ArgumentError, "usage with invalid value: #{@usage}" if @usage < 0 || @usage > 255
@@ -71,7 +71,7 @@ module Dnsruby
           if @matching_type == 0 && @selector == 0 && @databin
             begin
               cert = OpenSSL::X509::Certificate.new(@databin)
-            rescue => e
+            rescue
               raise ArgumentError, 'data is invalid cert '
             end
           end

data/lib/dnsruby/resource/TXT.rb

@@ -82,7 +82,17 @@ module Dnsruby
             end
           else
             if (seen_strings && !in_string)
-              next
+              if (c == ";")
+                 # Comment in zone file!
+                 return strings
+              end
+              if (c != " " && c != "\t")
+                in_string = true
+                count+=1
+                strings[count] = ""
+              else
+                next
+              end
             end
             if (pos == 0)
               unquoted = true

data/lib/dnsruby/select_thread.rb

@@ -140,7 +140,7 @@ module Dnsruby
       }
       begin
         @@wakeup_sockets[0].send("wakeup!", 0)
-      rescue Exception => e
+      rescue Exception
         #          do nothing
       end
     end
@@ -190,12 +190,11 @@ module Dnsruby
         end
         #         next if (timeout < 0)
         begin
-          ready, write, errors = IO.select(sockets, nil, nil, timeout)
+          ready, _write, _errors = IO.select(sockets, nil, nil, timeout)
         rescue SelectWakeup
           #  If SelectWakeup, then just restart this loop - the select call will be made with the new data
           next
-        rescue IOError, EncodeError => e
-          #           print "IO Error  =: #{e}\n"
+        rescue IOError, EncodeError
           exceptions = clean_up_closed_sockets
           exceptions.each { |exception| send_exception_to_client(*exception) }
 
@@ -248,7 +247,7 @@ module Dnsruby
     # Removes closed sockets from @@sockets, and returns an array containing 1
     # exception for each closed socket contained in @@socket_hash.
     def clean_up_closed_sockets
-      exceptions = @@mutex.synchronize do
+      @@mutex.synchronize do
         closed_sockets_in_hash = @@sockets.select(&:closed?).select { |s| @@socket_hash[s] }
         @@sockets.delete_if { | socket | socket.closed? }
         closed_sockets_in_hash.each_with_object([]) do |socket, exceptions|
@@ -257,6 +256,7 @@ module Dnsruby
           end
         end
       end
+      exceptions
     end
 
     def process_error(errors)
@@ -295,7 +295,6 @@ module Dnsruby
       @@mutex.synchronize do
         ids = get_active_ids(@@query_hash, msg.header.id)
         return if ids.empty? # should be only one
-        query_settings = @@query_hash[ids[0]].clone
       end
 
       answerip = msg.answerip.downcase
@@ -732,7 +731,7 @@ module Dnsruby
       }
 
       responses.each do |item|
-        client_id, client_queue, msg, err, query, res = item
+        client_id, client_queue, msg, err, _query, _res = item
         #         push_to_client(client_id, client_queue, msg, err)
         client_queue.push([client_id, Resolver::EventType::VALIDATED, msg, err])
         notify_queue_observers(client_queue, client_id)

data/lib/dnsruby/single_verifier.rb

@@ -462,7 +462,6 @@ module Dnsruby
     def check_no_wildcard_expansion(msg) # :nodoc:
       #  @TODO@ Do this for NSEC3 records!!!
       proven_no_wildcards = false
-      name = msg.question()[0].qname
       [msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
         nsec_rrsets.each {|nsecs|
           nsecs.rrs.each {|nsec|
@@ -800,6 +799,19 @@ module Dnsruby
 
         asn1 = OpenSSL::ASN1::Sequence.new([r_asn1, s_asn1]).to_der
         verified = keyrec.public_key.verify(OpenSSL::Digest::DSS1.new, asn1, sig_data)
+      elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(sigrec.algorithm)
+        byte_size = (keyrec.public_key.group.degree + 7) / 8
+        sig_bytes = sigrec.signature[0..(byte_size - 1)]
+        sig_char = sigrec.signature[byte_size..-1] || ''
+        asn1 = OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+
+        digest_obj = if sigrec.algorithm == Algorithms.ECDSAP384SHA384
+                       OpenSSL::Digest::SHA384.new
+                     else
+                       OpenSSL::Digest::SHA256.new
+                     end
+
+        verified = keyrec.public_key.dsa_verify_asn1(digest_obj.digest(sig_data), asn1)
       else
         raise RuntimeError.new("Algorithm #{sigrec.algorithm.code} unsupported by Dnsruby")
       end
@@ -1316,8 +1328,7 @@ module Dnsruby
             msg.security_level = Message::SecurityLevel.SECURE
             return true
           end
-        rescue VerifyError => e
-          #           print "Verify failed : #{e}\n"
+        rescue VerifyError
         end
       end
       if (error)

data/lib/dnsruby/validator_thread.rb

@@ -1,12 +1,12 @@
 # --
 # Copyright 2007 Nominet UK
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -109,7 +109,7 @@ module Dnsruby
           return true
         rescue VerifyError => e
           response.security_error = e
-          response.security_level = BOGUS
+          response.security_level = Message::SecurityLevel.BOGUS
           #  Response security_level should already be set
           return false
         end

data/lib/dnsruby/version.rb

@@ -1,3 +1,3 @@
 module Dnsruby
-  VERSION = '1.61.2'
+  VERSION = '1.61.7'
 end

data/lib/dnsruby/zone_reader.rb

@@ -68,7 +68,7 @@ module Dnsruby
             end
             zone.push(rr)
           end
-        rescue Exception => e
+        rescue Exception
           raise ParseException.new("Error reading line #{io.lineno} of #{io.inspect} : [#{line}]")
         end
       end
@@ -303,7 +303,7 @@ module Dnsruby
         (split.length - 2).times {|i| line += "#{split[i+2]} "}
         line += "\n"
         split = line.split
-      rescue Error => e
+      rescue Error
       end
 
       #  Add the type so we can load the zone one RRSet at a time.

data/lib/dnsruby/zone_transfer.rb

@@ -244,7 +244,6 @@ module Dnsruby
     end
 
     def parseRR(rec) #:nodoc: all
-      name = rec.name
       type = rec.type
       delta = Delta.new
 

data/test/localdns.rb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+
+require_relative 'spec_helper'
+
+require_relative "test_dnsserver"
+
+class SimpleTCPPipeliningUDPServer < Async::DNS::Server
+  PORT     = 53938
+  IP   = '127.0.0.1'
+
+  def initialize(**options)
+    super(options)
+
+    @handlers << TcpPipelineHandler.new(self, IP, PORT)
+    @handlers << Async::DNS::UDPServerHandler.new(self, IP, PORT)
+
+  end
+
+  def process(name, resource_class, transaction)
+    @logger.debug "name: #{name}"
+    transaction.respond!("93.184.216.34", { resource_class: ::Resolv::DNS::Resource::IN::A })
+  end
+
+end
+
+
+if __FILE__ == $0
+  RubyDNS::run_server(server_class: SimpleTCPPipeliningUDPServer)
+end