dnsruby 1.61.3 → 1.61.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +23 -0
- data/.yardopts +7 -0
- data/Gemfile +0 -2
- data/README.md +2 -1
- data/RELEASE_NOTES.md +41 -1
- data/Rakefile +1 -0
- data/demo/digdlv.rb +1 -0
- data/dnsruby.gemspec +15 -10
- data/lib/dnsruby/DNS.rb +1 -1
- data/lib/dnsruby/config.rb +10 -11
- data/lib/dnsruby/dnssec.rb +1 -1
- data/lib/dnsruby/hosts.rb +8 -4
- data/lib/dnsruby/message/encoder.rb +2 -2
- data/lib/dnsruby/message/header.rb +0 -3
- data/lib/dnsruby/name.rb +13 -15
- data/lib/dnsruby/packet_sender.rb +11 -15
- data/lib/dnsruby/recursor.rb +6 -5
- data/lib/dnsruby/resolver.rb +14 -17
- data/lib/dnsruby/resource/CAA.rb +2 -2
- data/lib/dnsruby/resource/DNSKEY.rb +18 -0
- data/lib/dnsruby/resource/NSEC3PARAM.rb +1 -1
- data/lib/dnsruby/resource/TLSA.rb +3 -3
- data/lib/dnsruby/resource/TXT.rb +11 -1
- data/lib/dnsruby/select_thread.rb +6 -7
- data/lib/dnsruby/single_verifier.rb +14 -3
- data/lib/dnsruby/validator_thread.rb +4 -4
- data/lib/dnsruby/version.rb +1 -1
- data/lib/dnsruby/zone_reader.rb +2 -2
- data/lib/dnsruby/zone_transfer.rb +0 -1
- data/lib/dnsruby.rb +4 -4
- data/test/spec_helper.rb +12 -6
- data/test/tc_caa.rb +0 -1
- data/test/tc_dnskey.rb +29 -0
- data/test/tc_name.rb +19 -0
- data/test/tc_res_file.rb +6 -0
- data/test/tc_resolv.rb +5 -5
- data/test/tc_resolver.rb +11 -11
- data/test/tc_rr-opt.rb +4 -7
- data/test/tc_rr-txt.rb +7 -1
- data/test/tc_tcp.rb +2 -2
- data/test/tc_verifier.rb +15 -0
- data/test/test_utils.rb +0 -2
- data/test/ts_offline.rb +8 -8
- metadata +37 -50
- data/.travis.yml +0 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7f1d44662973a06d7ff5296b1c49530b10e58a08ca5df87c893bb25e06e4bf7c
|
4
|
+
data.tar.gz: b82b2920d6d24ff8907d2e9b776a53f7034c11610335626ea31ee1485ffb6dde
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 02f7ac0626839e3faf33f72a2b98e620ca1ac9bb5d11c06299b403c79e0552c5b0160b40978ead7aba27d8801b2b339a1cdeb856772c0241883f06b68a42beb5
|
7
|
+
data.tar.gz: bdc9cf4c7e89b11fb67871b480957f3f28bd29e472438490e918041f9e1d2682fa434ce6d66dff283843e7c67fc2f002482175e2a7c6b6a05106785b6f7797cb
|
@@ -0,0 +1,23 @@
|
|
1
|
+
name: CI
|
2
|
+
|
3
|
+
on: [push, pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
runs-on: ubuntu-latest
|
8
|
+
strategy:
|
9
|
+
matrix:
|
10
|
+
ruby: [ '2.5', '2.6', '2.7', '3.0', '3.1' ] # , 'ruby-head' ]
|
11
|
+
name: Ruby ${{ matrix.ruby }} tests
|
12
|
+
steps:
|
13
|
+
- uses: actions/checkout@v2
|
14
|
+
- name: Setup Ruby
|
15
|
+
uses: ruby/setup-ruby@v1
|
16
|
+
with:
|
17
|
+
ruby-version: ${{ matrix.ruby }}
|
18
|
+
- name: Bundle install
|
19
|
+
run: |
|
20
|
+
gem install bundler
|
21
|
+
bundle install --jobs 4 --retry 3
|
22
|
+
- name: Run tests
|
23
|
+
run: bundle exec rake test
|
data/.yardopts
ADDED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
[![Build Status](https://
|
1
|
+
[![Build Status](https://github.com/alexdalitz/dnsruby/actions/workflows/ci.yml/badge.svg)]
|
2
2
|
[![Coverage Status](https://img.shields.io/coveralls/alexdalitz/dnsruby.svg)](https://coveralls.io/r/alexdalitz/dnsruby?branch=master)
|
3
3
|
|
4
4
|
<img src="http://caerkettontech.com/dnsruby/DNSRuby-colour-mid.png" width="200" height="200" />
|
@@ -93,3 +93,4 @@ Contact/Links
|
|
93
93
|
| Github | https://github.com/alexdalitz/dnsruby |
|
94
94
|
| Google Group | https://groups.google.com/forum/#!forum/dnsruby |
|
95
95
|
| Rubygems | http://rubygems.org/gems/dnsruby/ |
|
96
|
+
| Documentation | https://www.rubydoc.info/gems/dnsruby/ |
|
data/RELEASE_NOTES.md
CHANGED
@@ -1,6 +1,46 @@
|
|
1
1
|
# Release Notes
|
2
2
|
|
3
|
-
##
|
3
|
+
## v.1.61.9
|
4
|
+
|
5
|
+
* Remove unused net-ftp dependency
|
6
|
+
|
7
|
+
## v.1.61.8
|
8
|
+
|
9
|
+
* Fix compatability with Ruby 3.1 - thanks @byroot Jean Boussier
|
10
|
+
* Get the digdlv demo to enable dnssec
|
11
|
+
|
12
|
+
## v1.61.7
|
13
|
+
|
14
|
+
* Fix namespace issue from v1.61.6
|
15
|
+
|
16
|
+
## v1.61.6
|
17
|
+
|
18
|
+
* RD bit not set on Recursor queries (thanks Sean Dilda!)
|
19
|
+
* Handle quoted strings followed by unquoted strings in TXT records
|
20
|
+
* do not worry about rogue repeated Ids - just log an error and get on with life
|
21
|
+
* Clear Ruby warnings
|
22
|
+
* Use GitHub Actions rather than Travis
|
23
|
+
|
24
|
+
## v1.61.5
|
25
|
+
|
26
|
+
* CAA record fixes - add contactphone and contactemail
|
27
|
+
* Fix eprecation warnings
|
28
|
+
|
29
|
+
## v1.61.4
|
30
|
+
|
31
|
+
* Dnsruby::Name : document .punycode
|
32
|
+
* gemspec enhancement
|
33
|
+
* add yard build file
|
34
|
+
* fix create name include url special characters
|
35
|
+
* Fix uninitialized constant error when using via Rails
|
36
|
+
* Implement ECDSAP256SHA256 (13) / ECDSAP384SHA384 (14) algorithms for DNSKEY
|
37
|
+
* Reinitialize all IANA TAR keys with Dnssec.reset
|
38
|
+
|
39
|
+
## v1.61.3
|
40
|
+
|
41
|
+
* TCP timeout and port changes
|
42
|
+
|
43
|
+
## v1.61.2
|
4
44
|
|
5
45
|
* Add new root key
|
6
46
|
|
data/Rakefile
CHANGED
data/demo/digdlv.rb
CHANGED
@@ -53,6 +53,7 @@ unless (1..3).include?(ARGV.length)
|
|
53
53
|
end
|
54
54
|
|
55
55
|
resolver = Dnsruby::Recursor.new
|
56
|
+
resolver.dnssec = true
|
56
57
|
zone_transfer = Dnsruby::ZoneTransfer.new
|
57
58
|
|
58
59
|
dlv_key = Dnsruby::RR.create("dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh")
|
data/dnsruby.gemspec
CHANGED
@@ -15,6 +15,7 @@ SPEC = Gem::Specification.new do |s|
|
|
15
15
|
stub resolver. It aims to comply with all DNS RFCs, including
|
16
16
|
DNSSEC NSEC3 support.'
|
17
17
|
s.license = "Apache License, Version 2.0"
|
18
|
+
|
18
19
|
s.files = `git ls-files -z`.split("\x0")
|
19
20
|
|
20
21
|
s.post_install_message = \
|
@@ -25,21 +26,25 @@ DNSSEC NSEC3 support.'
|
|
25
26
|
s.test_file = "test/ts_offline.rb"
|
26
27
|
s.extra_rdoc_files = ["DNSSEC", "EXAMPLES", "README.md", "EVENTMACHINE"]
|
27
28
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
29
|
+
s.metadata = {
|
30
|
+
'yard.run' => 'yard',
|
31
|
+
'bug_tracker_uri' => 'https://github.com/alexdalitz/dnsruby/issues',
|
32
|
+
'changelog_uri' => 'https://github.com/alexdalitz/dnsruby/blob/master/RELEASE_NOTES.md',
|
33
|
+
'documentation_uri' => 'https://www.rubydoc.info/gems/dnsruby/',
|
34
|
+
'homepage_uri' => 'https://github.com/alexdalitz/dnsruby',
|
35
|
+
'source_code_uri' => 'https://github.com/alexdalitz/dnsruby',
|
36
|
+
}
|
37
|
+
|
38
|
+
s.add_development_dependency 'rake', '>= 13.0.6'
|
39
|
+
s.add_development_dependency 'minitest', '~> 5.14.4'
|
35
40
|
s.add_development_dependency 'rubydns', '~> 2.0.1'
|
36
41
|
s.add_development_dependency 'nio4r', '~> 2.0'
|
37
|
-
s.add_development_dependency 'minitest-display', '>= 0.3.
|
42
|
+
s.add_development_dependency 'minitest-display', '>= 0.3.1'
|
43
|
+
s.add_development_dependency('yard', '~> 0.9')
|
38
44
|
|
39
45
|
if RUBY_VERSION >= "1.9.3"
|
40
46
|
s.add_development_dependency 'coveralls', '~> 0.7'
|
41
47
|
end
|
42
48
|
|
43
|
-
s.add_runtime_dependency '
|
49
|
+
s.add_runtime_dependency 'simpleidn', '~> 0.1'
|
44
50
|
end
|
45
|
-
|
data/lib/dnsruby/DNS.rb
CHANGED
@@ -290,7 +290,7 @@ module Dnsruby
|
|
290
290
|
msg.do_caching = do_caching
|
291
291
|
@resolver.do_validation = false
|
292
292
|
@resolver.send_async(msg, q)
|
293
|
-
|
293
|
+
_id, ret, exception = q.pop
|
294
294
|
if (exception == nil && ret && ret.rcode == RCode.NOERROR)
|
295
295
|
return ret, ret.question[0].qname
|
296
296
|
end
|
data/lib/dnsruby/config.rb
CHANGED
@@ -85,13 +85,10 @@ module Dnsruby
|
|
85
85
|
def initialize()
|
86
86
|
@mutex = Mutex.new
|
87
87
|
@configured = false
|
88
|
-
# parse_config
|
89
88
|
end
|
90
89
|
# Reset the config to default values
|
91
90
|
def Config.reset
|
92
|
-
c = Config.new
|
93
91
|
@configured = false
|
94
|
-
# c.parse_config
|
95
92
|
end
|
96
93
|
|
97
94
|
def parse_config(config_info=nil) #:nodoc: all
|
@@ -207,13 +204,13 @@ module Dnsruby
|
|
207
204
|
if (String ===n)
|
208
205
|
# Make sure we can make a Name or an address from it
|
209
206
|
begin
|
210
|
-
|
207
|
+
IPv4.create(n)
|
211
208
|
rescue ArgumentError
|
212
209
|
begin
|
213
|
-
|
210
|
+
IPv6.create(n)
|
214
211
|
rescue ArgumentError
|
215
212
|
begin
|
216
|
-
|
213
|
+
Name.create(n)
|
217
214
|
rescue ArgumentError
|
218
215
|
raise ArgumentError.new("Can't interpret #{n} as IPv4, IPv6 or Name")
|
219
216
|
end
|
@@ -303,7 +300,7 @@ module Dnsruby
|
|
303
300
|
end
|
304
301
|
rescue Exception => e
|
305
302
|
Dnsruby.log.error{"Can't make sense of nameserver : #{server}, exception : #{e}"}
|
306
|
-
|
303
|
+
raise ArgumentError.new("Can't make sense of nameserver : #{server}, exception : #{e}")
|
307
304
|
return nil
|
308
305
|
end
|
309
306
|
end
|
@@ -321,9 +318,11 @@ module Dnsruby
|
|
321
318
|
f.each {|line|
|
322
319
|
line.sub!(/[#;].*/, '')
|
323
320
|
keyword, *args = line.split(/\s+/)
|
324
|
-
|
325
|
-
|
326
|
-
|
321
|
+
if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("2.8")
|
322
|
+
args.each { |arg|
|
323
|
+
arg.untaint
|
324
|
+
}
|
325
|
+
end
|
327
326
|
next unless keyword
|
328
327
|
case keyword
|
329
328
|
when 'port'
|
@@ -472,4 +471,4 @@ module Dnsruby
|
|
472
471
|
return candidates
|
473
472
|
end
|
474
473
|
end
|
475
|
-
end
|
474
|
+
end
|
data/lib/dnsruby/dnssec.rb
CHANGED
@@ -14,7 +14,6 @@
|
|
14
14
|
# limitations under the License.
|
15
15
|
# ++
|
16
16
|
require 'digest/sha2'
|
17
|
-
require 'net/ftp'
|
18
17
|
require 'dnsruby/key_cache'
|
19
18
|
require 'dnsruby/single_verifier'
|
20
19
|
module Dnsruby
|
@@ -128,6 +127,7 @@ module Dnsruby
|
|
128
127
|
@@validation_policy = ValidationPolicy::LOCAL_ANCHORS_THEN_ROOT
|
129
128
|
@@root_verifier = SingleVerifier.new(SingleVerifier::VerifierType::ROOT)
|
130
129
|
@@root_verifier.add_root_ds(@@root_key)
|
130
|
+
@@root_verifier.add_root_ds(@@root_key_new)
|
131
131
|
|
132
132
|
@@dlv_verifier = SingleVerifier.new(SingleVerifier::VerifierType::DLV)
|
133
133
|
|
data/lib/dnsruby/hosts.rb
CHANGED
@@ -57,15 +57,19 @@ module Dnsruby
|
|
57
57
|
line.sub!(/#.*/, '')
|
58
58
|
addr, hostname, *aliases = line.split(/\s+/)
|
59
59
|
next unless addr
|
60
|
-
|
61
|
-
|
60
|
+
if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("2.8")
|
61
|
+
addr.untaint
|
62
|
+
hostname.untaint
|
63
|
+
end
|
62
64
|
@addr2name[addr] = [] unless @addr2name.include? addr
|
63
65
|
@addr2name[addr] << hostname
|
64
66
|
@addr2name[addr] += aliases
|
65
67
|
@name2addr[hostname] = [] unless @name2addr.include? hostname
|
66
68
|
@name2addr[hostname] << addr
|
67
69
|
aliases.each {|n|
|
68
|
-
|
70
|
+
if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("2.8")
|
71
|
+
n.untaint
|
72
|
+
end
|
69
73
|
@name2addr[n] = [] unless @name2addr.include? n
|
70
74
|
@name2addr[n] << addr
|
71
75
|
}
|
@@ -123,4 +127,4 @@ module Dnsruby
|
|
123
127
|
end
|
124
128
|
end
|
125
129
|
end
|
126
|
-
end
|
130
|
+
end
|
@@ -17,7 +17,7 @@ class MessageEncoder #:nodoc: all
|
|
17
17
|
def put_pack(template, *d)
|
18
18
|
begin
|
19
19
|
@data << d.pack(template)
|
20
|
-
rescue Encoding::CompatibilityError
|
20
|
+
rescue Encoding::CompatibilityError
|
21
21
|
raise Dnsruby::EncodeError.new("IDN support currently requires punycode string")
|
22
22
|
end
|
23
23
|
end
|
@@ -35,7 +35,7 @@ class MessageEncoder #:nodoc: all
|
|
35
35
|
begin
|
36
36
|
self.put_pack("C", d.length)
|
37
37
|
@data << d
|
38
|
-
rescue Encoding::CompatibilityError
|
38
|
+
rescue Encoding::CompatibilityError
|
39
39
|
raise Dnsruby::EncodeError.new("IDN support currently requires punycode string")
|
40
40
|
end
|
41
41
|
end
|
data/lib/dnsruby/name.rb
CHANGED
@@ -27,7 +27,7 @@ module Dnsruby
|
|
27
27
|
# * Name#subdomain_of?(other)
|
28
28
|
# * Name#labels
|
29
29
|
#
|
30
|
-
require '
|
30
|
+
require 'simpleidn'
|
31
31
|
class Name
|
32
32
|
include Comparable
|
33
33
|
MaxNameLength=255
|
@@ -63,20 +63,18 @@ module Dnsruby
|
|
63
63
|
end
|
64
64
|
end
|
65
65
|
|
66
|
+
# Convert IDN domain from Unicode UTF-8 to ASCII punycode
|
67
|
+
# @param [Object|String] d Unicode domain with emoji inside
|
68
|
+
# @return [String] ASCII punycode domain
|
69
|
+
# @example
|
70
|
+
# Dnsruby::Name.punycode('🏳.cf')
|
71
|
+
# => "xn--en8h.cf"
|
66
72
|
def self.punycode(d)
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
end
|
73
|
-
if (!ret.end_with?".")
|
74
|
-
return ret + "."
|
75
|
-
end
|
76
|
-
return ret
|
77
|
-
rescue Exception => e
|
78
|
-
return d
|
79
|
-
end
|
73
|
+
begin
|
74
|
+
return SimpleIDN.to_ascii(d)
|
75
|
+
rescue
|
76
|
+
return d
|
77
|
+
end
|
80
78
|
end
|
81
79
|
|
82
80
|
def self.split_escaped(arg) #:nodoc: all
|
@@ -261,7 +259,7 @@ module Dnsruby
|
|
261
259
|
# in: dName a string with a domain name in presentation format (1035
|
262
260
|
# sect 5.1)
|
263
261
|
# out: an array of labels in wire format.
|
264
|
-
def self.name2encodedlabels
|
262
|
+
def self.name2encodedlabels(dName) #:nodoc: all
|
265
263
|
# Check for "\" in the name : If there, then decode properly - otherwise, cheat and split on "."
|
266
264
|
if (dName.index("\\"))
|
267
265
|
names=[]
|
@@ -204,26 +204,22 @@ module Dnsruby
|
|
204
204
|
@tcp_pipelining_max_queries = :infinite
|
205
205
|
@use_counts = {}
|
206
206
|
|
207
|
-
if
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
elsif (arg.kind_of? Name)
|
214
|
-
@server=arg
|
215
|
-
elsif (arg.kind_of? Hash)
|
207
|
+
if arg.nil?
|
208
|
+
elsif arg.kind_of? String
|
209
|
+
@server = arg
|
210
|
+
elsif arg.kind_of? Name
|
211
|
+
@server = arg
|
212
|
+
elsif arg.kind_of? Hash
|
216
213
|
arg.keys.each do |attr|
|
217
214
|
begin
|
218
|
-
if ((
|
219
|
-
(
|
215
|
+
if ((attr.to_s == "src_address" || attr.to_s == "src_address6") &&
|
216
|
+
(arg[attr] == nil || arg[attr] == ""))
|
220
217
|
else
|
221
|
-
send(attr.to_s+"=", arg[attr])
|
218
|
+
send(attr.to_s + "=", arg[attr])
|
222
219
|
end
|
223
220
|
rescue Exception => e
|
224
221
|
Dnsruby.log.error { "PacketSender : Argument #{attr}, #{arg[attr]} not valid : #{e}\n" }
|
225
222
|
end
|
226
|
-
# end
|
227
223
|
end
|
228
224
|
end
|
229
225
|
# Check server is IP
|
@@ -235,12 +231,12 @@ module Dnsruby
|
|
235
231
|
|
236
232
|
def check_ipv6
|
237
233
|
begin
|
238
|
-
|
234
|
+
IPv4.create(@server)
|
239
235
|
# @src_address = '0.0.0.0'
|
240
236
|
@ipv6=false
|
241
237
|
rescue Exception
|
242
238
|
begin
|
243
|
-
|
239
|
+
IPv6.create(@server)
|
244
240
|
# @src_address6 = '::'
|
245
241
|
@ipv6=true
|
246
242
|
rescue Exception
|
data/lib/dnsruby/recursor.rb
CHANGED
@@ -227,7 +227,7 @@ module Dnsruby
|
|
227
227
|
# Nice idea.
|
228
228
|
|
229
229
|
# if (!@@hints || @@hints.length == 0)
|
230
|
-
resolver.recurse=
|
230
|
+
resolver.recurse = true
|
231
231
|
packet=resolver.query_no_validation_or_recursion(".", "NS", "IN")
|
232
232
|
hints = Hash.new
|
233
233
|
if (packet)
|
@@ -264,7 +264,7 @@ module Dnsruby
|
|
264
264
|
}
|
265
265
|
}
|
266
266
|
(hints.length * 2).times {
|
267
|
-
|
267
|
+
_id, result, _error = q.pop
|
268
268
|
if (result)
|
269
269
|
result.answer.each {|rr|
|
270
270
|
TheLog.debug(";; NS address: " + rr.inspect+"\n")
|
@@ -303,7 +303,7 @@ module Dnsruby
|
|
303
303
|
end
|
304
304
|
|
305
305
|
# Disable recursion flag.
|
306
|
-
resolver.recurse=
|
306
|
+
resolver.recurse = false
|
307
307
|
# end
|
308
308
|
|
309
309
|
# return $self->nameservers( map { @{ $_ } } values %{ $self->{'hints'} } );
|
@@ -406,7 +406,7 @@ module Dnsruby
|
|
406
406
|
@@mutex.synchronize {
|
407
407
|
self.hints=(Hash.new) unless @@hints
|
408
408
|
}
|
409
|
-
@resolver.recurse=
|
409
|
+
@resolver.recurse = false
|
410
410
|
# Make sure the authority cache is clean.
|
411
411
|
# It is only used to store A and AAAA records of
|
412
412
|
# the suposedly authoritative name servers.
|
@@ -622,6 +622,7 @@ module Dnsruby
|
|
622
622
|
end
|
623
623
|
resolver = Resolver.new({:nameserver=>nameservers})
|
624
624
|
resolver.dnssec = @dnssec
|
625
|
+
resolver.recurse = false
|
625
626
|
servers = []
|
626
627
|
resolver.single_resolvers.each {|s|
|
627
628
|
servers.push(s.server)
|
@@ -638,7 +639,7 @@ module Dnsruby
|
|
638
639
|
packet = resolver.send_message(query)
|
639
640
|
# @TODO@ Now prune unrelated RRSets (RFC 5452 section 6)
|
640
641
|
prune_rrsets_to_rfc5452(packet, known_zone)
|
641
|
-
rescue ResolvTimeout, IOError
|
642
|
+
rescue ResolvTimeout, IOError
|
642
643
|
# TheLog.debug(";; nameserver #{levelns.to_s} didn't respond")
|
643
644
|
# next
|
644
645
|
TheLog.debug("No response!")
|
data/lib/dnsruby/resolver.rb
CHANGED
@@ -128,7 +128,9 @@ module Dnsruby
|
|
128
128
|
# The current Config
|
129
129
|
attr_reader :config
|
130
130
|
|
131
|
-
#
|
131
|
+
# Defines whether we will cache responses, or pass every request to the
|
132
|
+
# upstream resolver. This is only really useful when querying authoritative
|
133
|
+
# servers (as the upstream recursive resolver is likely to cache)
|
132
134
|
attr_reader :do_caching
|
133
135
|
|
134
136
|
# The array of SingleResolvers used for sending query messages
|
@@ -171,11 +173,6 @@ module Dnsruby
|
|
171
173
|
# requirements.
|
172
174
|
attr_accessor :do_validation
|
173
175
|
|
174
|
-
# Defines whether we will cache responses, or pass every request to the
|
175
|
-
# upstream resolver. This is only really useful when querying authoritative
|
176
|
-
# servers (as the upstream recursive resolver is likely to cache)
|
177
|
-
attr_accessor :do_caching
|
178
|
-
|
179
176
|
# --
|
180
177
|
# @TODO@ add load_balance? i.e. Target nameservers in a random, rather than pre-determined, order?
|
181
178
|
# This is best done when configuring the Resolver, as it will re-order servers based on their response times.
|
@@ -568,7 +565,7 @@ module Dnsruby
|
|
568
565
|
def add_server(server)# :nodoc:
|
569
566
|
@configured = true
|
570
567
|
res = PacketSender.new(server)
|
571
|
-
log_and_raise("Can't create server #{server}", ArgumentError) unless res
|
568
|
+
Dnsruby.log_and_raise("Can't create server #{server}", ArgumentError) unless res
|
572
569
|
update_internal_res(res)
|
573
570
|
@single_res_mutex.synchronize { @single_resolvers.push(res) }
|
574
571
|
end
|
@@ -644,7 +641,7 @@ module Dnsruby
|
|
644
641
|
a = Resolver.get_ports_from(p)
|
645
642
|
a.each do |x|
|
646
643
|
if (@src_port.length > 0) && (x == 0)
|
647
|
-
log_and_raise("src_port of 0 only allowed as only src_port value (currently #{@src_port.length} values",
|
644
|
+
Dnsruby.log_and_raise("src_port of 0 only allowed as only src_port value (currently #{@src_port.length} values",
|
648
645
|
ArgumentError)
|
649
646
|
end
|
650
647
|
@src_port.push(x)
|
@@ -668,7 +665,7 @@ module Dnsruby
|
|
668
665
|
return ! ((p == 0) && (src_port.length > 0))
|
669
666
|
else
|
670
667
|
Dnsruby.log.error("Illegal port (#{p})")
|
671
|
-
log_and_raise("Illegal port #{p}", ArgumentError)
|
668
|
+
Dnsruby.log_and_raise("Illegal port #{p}", ArgumentError)
|
672
669
|
end
|
673
670
|
end
|
674
671
|
|
@@ -837,7 +834,7 @@ module Dnsruby
|
|
837
834
|
timeouts[base + offset]=[res, retry_count]
|
838
835
|
else
|
839
836
|
if timeouts.has_key?(base + retry_delay + offset)
|
840
|
-
log_and_raise('Duplicate timeout key!')
|
837
|
+
Dnsruby.log_and_raise('Duplicate timeout key!')
|
841
838
|
end
|
842
839
|
timeouts[base + retry_delay + offset]=[res, retry_count]
|
843
840
|
end
|
@@ -878,7 +875,7 @@ module Dnsruby
|
|
878
875
|
end
|
879
876
|
|
880
877
|
unless client_queue.kind_of?(Queue)
|
881
|
-
log_and_raise('Wrong type for client_queue in Resolver# send_async')
|
878
|
+
Dnsruby.log_and_raise('Wrong type for client_queue in Resolver# send_async')
|
882
879
|
# @TODO@ Handle different queue tuples - push this to generic send_error method
|
883
880
|
client_queue.push([client_query_id, ArgumentError.new('Wrong type of client_queue passed to Dnsruby::Resolver# send_async - should have been Queue, was #{client_queue.class}')])
|
884
881
|
return
|
@@ -1059,13 +1056,13 @@ module Dnsruby
|
|
1059
1056
|
# @TODO@ Also, should have option to speak only to configured resolvers (not follow authoritative chain)
|
1060
1057
|
#
|
1061
1058
|
if queue.empty?
|
1062
|
-
log_and_raise('Severe internal error - Queue empty in handle_queue_event')
|
1059
|
+
Dnsruby.log_and_raise('Severe internal error - Queue empty in handle_queue_event')
|
1063
1060
|
end
|
1064
1061
|
event_id, event_type, response, error = queue.pop
|
1065
1062
|
# We should remove this packet from the list of outstanding packets for this query
|
1066
1063
|
_resolver, _msg, client_query_id, _retry_count = id
|
1067
1064
|
if id != event_id
|
1068
|
-
log_and_raise("Serious internal error!! #{id} expected, #{event_id} received")
|
1065
|
+
Dnsruby.log_and_raise("Serious internal error!! #{id} expected, #{event_id} received")
|
1069
1066
|
end
|
1070
1067
|
# @mutex.synchronize{
|
1071
1068
|
@parent.single_res_mutex.synchronize {
|
@@ -1078,7 +1075,7 @@ module Dnsruby
|
|
1078
1075
|
if event_type == Resolver::EventType::RECEIVED ||
|
1079
1076
|
event_type == Resolver::EventType::ERROR
|
1080
1077
|
unless outstanding.include?(id)
|
1081
|
-
|
1078
|
+
Dnsruby.log.error("Query id not on outstanding list! #{outstanding.length} items. #{id} not on #{outstanding}")
|
1082
1079
|
end
|
1083
1080
|
outstanding.delete(id)
|
1084
1081
|
end
|
@@ -1208,7 +1205,7 @@ module Dnsruby
|
|
1208
1205
|
# @mutex.synchronize{
|
1209
1206
|
_query, _client_queue, s_queue, _outstanding = @query_list[client_query_id]
|
1210
1207
|
if s_queue != select_queue
|
1211
|
-
log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
|
1208
|
+
Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
|
1212
1209
|
end
|
1213
1210
|
stop_querying(client_query_id)
|
1214
1211
|
# @TODO@ Does the client want notified at this point?
|
@@ -1221,7 +1218,7 @@ module Dnsruby
|
|
1221
1218
|
# @mutex.synchronize {
|
1222
1219
|
_query, client_queue, s_queue, _outstanding = @query_list[client_query_id]
|
1223
1220
|
if s_queue != select_queue
|
1224
|
-
log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
|
1221
|
+
Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
|
1225
1222
|
end
|
1226
1223
|
if response.rcode == RCode.NXDOMAIN
|
1227
1224
|
send_result(client_queue, client_query_id, select_queue, response, NXDomain.new)
|
@@ -1237,7 +1234,7 @@ module Dnsruby
|
|
1237
1234
|
_resolver, _msg, client_query_id, _retry_count = query_id
|
1238
1235
|
_query, client_queue, s_queue, _outstanding = @query_list[client_query_id]
|
1239
1236
|
if s_queue != select_queue
|
1240
|
-
log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
|
1237
|
+
Dnsruby.log_and_raise("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
|
1241
1238
|
end
|
1242
1239
|
# For some errors, we immediately send result. For others, should we retry?
|
1243
1240
|
# Either :
|
data/lib/dnsruby/resource/CAA.rb
CHANGED
@@ -26,7 +26,7 @@ module Dnsruby
|
|
26
26
|
# The value for the property_tag
|
27
27
|
attr_accessor :property_value
|
28
28
|
# The value for the flag
|
29
|
-
|
29
|
+
attr_writer :flag
|
30
30
|
|
31
31
|
def from_hash(hash) #:nodoc: all
|
32
32
|
@property_tag = hash[:property_tag]
|
@@ -43,7 +43,7 @@ module Dnsruby
|
|
43
43
|
end
|
44
44
|
|
45
45
|
def from_string(input) #:nodoc: all
|
46
|
-
matches = (/(\d+) (issuewild|issue|iodef) "(.+)"$/).match(input)
|
46
|
+
matches = (/(\d+) (issuewild|issue|iodef|contactemail|contactphone) "(.+)"$/).match(input)
|
47
47
|
@flag = matches[1]
|
48
48
|
@property_tag = matches[2]
|
49
49
|
@property_value = matches[3]
|
@@ -313,6 +313,8 @@ module Dnsruby
|
|
313
313
|
elsif [Algorithms.DSA,
|
314
314
|
Algorithms.DSA_NSEC3_SHA1].include?(@algorithm)
|
315
315
|
@public_key = dsa_key
|
316
|
+
elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(@algorithm)
|
317
|
+
@public_key = ec_key(Algorithms.ECDSAP256SHA256 == @algorithm ? 'prime256v1' : 'secp384r1')
|
316
318
|
end
|
317
319
|
end
|
318
320
|
# @TODO@ Support other key encodings!
|
@@ -377,6 +379,22 @@ module Dnsruby
|
|
377
379
|
|
378
380
|
pkey
|
379
381
|
end
|
382
|
+
|
383
|
+
# RFC6605, section 4
|
384
|
+
# ECDSA public keys consist of a single value, called "Q" in FIPS
|
385
|
+
# 186-3. In DNSSEC keys, Q is a simple bit string that represents the
|
386
|
+
# uncompressed form of a curve point, "x | y".
|
387
|
+
def ec_key(curve = 'prime256v1')
|
388
|
+
group = OpenSSL::PKey::EC::Group.new(curve)
|
389
|
+
pkey = OpenSSL::PKey::EC.new(group)
|
390
|
+
|
391
|
+
# DNSSEC pub does not have first octet that determines whether it's uncompressed
|
392
|
+
# or compressed form, but it's required by OpenSSL to parse EC point correctly
|
393
|
+
point_from_pub = "\x04" + @key.to_s # octet string, \x04 prefix determines uncompressed
|
394
|
+
pkey.public_key = OpenSSL::PKey::EC::Point.new(group, point_from_pub)
|
395
|
+
|
396
|
+
pkey
|
397
|
+
end
|
380
398
|
end
|
381
399
|
end
|
382
400
|
end
|
@@ -85,7 +85,7 @@ module Dnsruby
|
|
85
85
|
# end
|
86
86
|
#
|
87
87
|
def from_data(data) #:nodoc: all
|
88
|
-
hash_alg, flags, iterations,
|
88
|
+
hash_alg, flags, iterations, _salt_length, salt = data
|
89
89
|
self.hash_alg=(hash_alg)
|
90
90
|
self.flags=(flags)
|
91
91
|
self.iterations=(iterations)
|