Commit 40f04b1e authored by Robert Edmonds's avatar Robert Edmonds

Merge tag 'upstream/0.8.0' into debian/sid

Upstream version 0.8.0
parents d5f3a6d2 67168ce5
......@@ -4,7 +4,7 @@ rights in this software.
Copyright 2014-2016 VeriSign, Inc.
Copyright 2016-2017 Casey Deccio.
Copyright 2016-2019 Casey Deccio.
DNSViz is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
include COPYRIGHT LICENSE
include requirements.txt
include dnsviz/config.py.in
exclude dnsviz/config.py
include doc/COPYRIGHT
include doc/Makefile
include doc/src/*dot
......
Metadata-Version: 1.1
Name: dnsviz
Version: 0.6.6
Version: 0.8.0
Summary: DNS analysis and visualization tool suite
Home-page: https://github.com/dnsviz/dnsviz/
Author: Casey Deccio
......@@ -19,7 +19,6 @@ Classifier: License :: OSI Approved :: GNU General Public License v2 or later (G
Classifier: Natural Language :: English
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Internet :: Name Service (DNS)
......@@ -28,3 +27,4 @@ Classifier: Topic :: System :: Networking :: Monitoring
Requires: pygraphviz (>=1.1)
Requires: m2crypto (>=0.24.0)
Requires: dnspython (>=1.11)
Requires: libnacl
......@@ -9,79 +9,137 @@ powers the Web-based analysis available at http://dnsviz.net/
## Installation
DNSViz packages are available in repositories for popular operating systems,
such as Debian, Ubuntu, and FreeBSD. DNSViz can also be installed on Mac OS X
via Homebrew or MacPorts.
The remainer of this section covers other methods of installation, including a
list of [dependencies](#dependencies), installation to a
[virtual environment](#installation-in-a-virtual-environment), and installation
on [Fedora](#fedora-rpm-build-and-install) and
[RHEL6 or RHEL7](#rhel6rhel7-rpm-build-and-install).
Instructions for running in a Docker container are also available
[later in this document](#docker-container).
### Dependencies
* python (2.6/2.7/3.4) - http://www.python.org/
* python (2.7/3.4/3.5/3.6) - http://www.python.org/
* dnspython (1.13.0 or later) - http://www.dnspython.org/
* pygraphviz (1.4 or later) - http://pygraphviz.github.io/
* M2Crypto (0.28.0 or later) - https://gitlab.com/m2crypto/m2crypto
* libnacl - https://github.com/saltstack/libnacl
python 2.6, 2.7, or 3.4 is required. For python 3.4 the other third-party
dependencies must also support python 3.4. Note that for python 2.6 the
importlib (https://pypi.python.org/pypi/importlib) and ordereddict
(https://pypi.python.org/pypi/ordereddict) packages are also required.
Note that the software versions listed above are known to work with the current
version of DNSViz. Other versions might also work well together, but might
have some caveats. For example, while the current version of DNSViz works with
python 2.6, the importlib (https://pypi.python.org/pypi/importlib) and
ordereddict (https://pypi.python.org/pypi/ordereddict) packages are
additionally required. Also for python 2.6, pygraphviz version 1.1 or 1.2 is
required (pygraphviz version 1.3 dropped support for python 2.6).
* dnspython (1.11.0 or later) - http://www.dnspython.org/
dnspython is required. Version 1.10.0 is sufficient if you're not issuing
TLSA queries, but more generally version 1.11.0 or greater is required.
### Optional Software
* pygraphviz (1.1 or later) - http://pygraphviz.github.io/
* OpenSSL GOST Engine - https://github.com/gost-engine/engine
pygraphviz is required for most functionality. `dnsviz probe` and `dnsviz grok`
(without the -t option) can be used without pygraphviz installed. Version 1.1
or greater is required because of the support for unicode names and HTML-like
labels, both of which are utilized in the visual output.
With OpenSSL version 1.1.0 and later, the OpenSSL GOST Engine is necessary to
validate DNSSEC signatures with algorithm 12 (GOST R 34.10-2001) and create
digests of type 3 (GOST R 34.11-94).
* M2Crypto (0.24.0 or later) - https://gitlab.com/m2crypto/m2crypto
* ISC BIND - https://www.isc.org/downloads/bind/
M2Crypto is required if cryptographic validation of signatures and digests is
desired (and thus is highly recommended). The current code will display
warnings if the cryptographic elements cannot be verified.
When using DNSViz for [pre-deployment testing](#pre-deployment-dns-testing)
by specifying zone files and/or alternate delegation information on the
command line (i.e., with `-N`, `-x`, or `-D`), `named(8)` is invoked to serve
one or more zones. ISC BIND is only needed in this case, and `named(8)` does
not need to be running (i.e., as a server).
Note that M2Crypto version 0.21.1 or later can be used to validate some
DNSSEC algorithms, but support for the following DNSSEC algorithms is not
available in releases of M2Crypto prior to 0.24.0 without a patch:
3 (DSA-SHA1), 6 (DSA-NSEC3-SHA1), 12 (GOST R 34.10-2001),
13 (ECDSA Curve P-256 with SHA-256), 14 (ECDSA Curve P-384 with SHA-384).
There are two patches included in the `contrib` directory that can be
applied to pre-0.24.0 versions to get this functionality:
`contrib/m2crypto-pre0.23.patch` or `contrib/m2crypto-0.23.patch`. For
example:
Note that default AppArmor policies for Debian are known to cause issues when
invoking `named(8)` from DNSViz for pre-deployment testing. Two solutions to
this problem are to either: 1) create a local policy for AppArmor that allows
`named(8)` to run with fewer restrictions; or 2) disable AppArmor completely.
```
$ patch -p1 < /path/to/dnsviz-source/contrib/m2crypto-pre0.23.patch
```
* (optional) ISC BIND - https://www.isc.org/downloads/bind/
### Installation in a Virtual Environment
To install DNSViz to a virtual environment, first create and activate a virtual
environment, and install the dependencies:
```
$ virtualenv ~/myenv
$ source ~/myenv/bin/activate
(myenv) $ pip install -r requirements.txt
```
(Note that this installs the dependencies that are python packages, but some of
these packages have non-python dependecies, such as Graphviz (required for
pygraphviz) and libsodium (required for libnacl), that are not installed
automatically.)
Next download and install DNSViz from the Python Package Index (PyPI):
```
(myenv) $ pip install dnsviz
```
or locally, from a downloaded copy of DNSViz:
```
(myenv) $ pip install .
```
When calling `dnsviz probe` if the `-N` option is used or if a zone file is
used in conjunction with the `-x` option, `named(8)` is looked for in PATH
and invoked to serve the zone file. ISC BIND is only needed in this specific
case, and `named(8)` does not need to be running.
### Fedora RPM Build and Install
A Fedora RPM can be built for either python2 or python3. However, note that
with Fedora releases after 29, python2 packages are being removed, so python3
is preferred.
### Generic Build and Install
The value of ${PY_VERS} is either 2 or 3, corresponding to python2 or python3.
A generic build and install is performed with the following commands:
Install the tools for building an RPM, and set up the rpmbuild tree.
```
$ sudo dnf install rpm-build rpmdevtools python${PY_VERS}-devel
$ rpmdev-setuptree
```
From within the DNSViz source directory, create a source distribution tarball
and copy it and the DNSViz spec file to the appropriate rpmbuild
subdirectories.
```
$ python setup.py build
$ sudo python setup.py install
$ python setup.py sdist
$ cp dist/dnsviz-*.tar.gz ~/rpmbuild/SOURCES/
$ cp contrib/dnsviz-py${PY_VERS}.spec ~/rpmbuild/SPECS/dnsviz.spec
```
To see all installation options, run the following:
Install dnspython, pygraphviz, M2Crypto, and libnacl.
```
$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-libnacl
```
For python2:
```
$ sudo dnf install m2crypto
```
For python3:
```
$ sudo dnf install python3-m2crypto
```
Build and install the DNSViz RPM.
```
$ python setup.py --help
$ rpmbuild -ba rpmbuild/SPECS/dnsviz.spec
$ sudo rpm -iv rpmbuild/RPMS/noarch/dnsviz-*-1.*.noarch.rpm
```
### RPM Build and Install (RHEL6 or RHEL7)
### RHEL6/RHEL7 RPM Build and Install
Install pygraphviz and M2Crypto, after installing their build dependencies.
```
$ sudo yum install python-setuptools gcc python-devel graphviz-devel openssl-devel
$ sudo easy_install pbr
$ sudo easy_install m2crypto pygraphviz
$ sudo easy_install m2crypto pygraphviz==1.2
```
(RHEL6 only) Install the EPEL repository, and the necessary python libraries
......@@ -458,3 +516,58 @@ $ dnsviz probe -A \
-D example.com:dsset-example.com. \
example.com
```
## Docker Container
A ready-to-use docker container is available for use.
```
docker pull dnsviz/dnsviz
```
This section only covers Docker-related examples, for more information see the
[Usage](#usage) section.
### Simple Usage
```
$ docker run dnsviz/dnsviz help
$ docker run dnsviz/dnsviz query example.com
```
### Working with Files
It might be useful to mount a local working directory into the container,
especially when combining multiple commands or working with zone files.
```
$ docker run -v "$PWD:/data:rw" dnsviz/dnsviz probe dnsviz.net > probe.json
$ docker run -v "$PWD:/data:rw" dnsviz/dnsviz graph -r probe.json -T png -O
```
### Using a Host Network
When running authoritative queries, a host network is recommended.
```
$ docker run --network host dnsviz/dnsviz probe -4 -A example.com > example.json
```
Otherwise, you're likely to encounter the following error:
`dnsviz.query.SourceAddressBindError: Unable to bind to local address (EADDRNOTAVAIL)`
### Interactive Mode
When performing complex analyses, where you need to combine multiple DNSViz
commands, use bash redirection, etc., it might be useful to run the container
interactively:
```
$ docker run --network host -v "$PWD:/data:rw" --entrypoint /bin/sh -ti dnsviz/dnsviz
/data # dnsviz --help
```
......@@ -6,6 +6,8 @@
#
# Copyright 2015-2016 VeriSign, Inc.
#
# Copyright 2016-2019 Casey Deccio
#
# DNSViz is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
......@@ -22,6 +24,7 @@
from __future__ import unicode_literals
import getopt
import importlib
import sys
......@@ -38,32 +41,45 @@ def usage(err=None):
err += '\n\n'
else:
err = ''
sys.stderr.write('''%sUsage: dnsviz <command> [args]
sys.stderr.write('''%sUsage: dnsviz [options] <command> [args]
Options:
-p <path> - Add path to the python path.
Commands:
probe - issue diagnostic DNS queries
grok - assess diagnostic DNS queries
graph - graph the assessment of diagnostic DNS queries
print - process diagnostic DNS queries to textual output
query - assess a DNS query
probe - Issue diagnostic DNS queries.
grok - Assess diagnostic DNS queries.
graph - Graph the assessment of diagnostic DNS queries.
print - Process diagnostic DNS queries to textual output.
query - Assess a DNS query.
help [<command>]
- show usage for a command
- Show usage for a command.
''' % (err))
def main():
check_deps()
if len(sys.argv) < 2:
try:
opts, args = getopt.getopt(sys.argv[1:], 'p:')
except getopt.GetoptError as e:
sys.stderr.write('%s\n' % str(e))
sys.exit(1)
opts = dict(opts)
if len(args) < 1:
usage()
sys.exit(0)
if sys.argv[1] == 'help':
if len(sys.argv) < 3:
if args[0] == 'help':
if len(args) < 2:
usage()
sys.exit(0)
command = sys.argv[2]
command = args[1]
else:
command = sys.argv[1]
command = args[0]
if '-p' in opts:
sys.path.insert(0, opts['-p'])
# first try importing just the commands module to make sure
# dnsviz is properly reachable with the current path
......@@ -80,13 +96,13 @@ def main():
if exc_frame.tb_next.tb_next is not None:
raise
usage('Invalid command: %s' % command)
sys.stderr.write('Invalid command: %s\n' % command)
sys.exit(1)
if sys.argv[1] == 'help':
if args[0] == 'help':
mod.usage()
else:
mod.main(sys.argv[1:])
mod.main(args)
if __name__ == "__main__":
main()
......@@ -6,7 +6,7 @@
#
# Copyright 2014-2016 VeriSign, Inc.
#
# Copyright 2016-2017 Casey Deccio.
# Copyright 2016-2019 Casey Deccio
#
# DNSViz is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
......@@ -29,6 +29,14 @@ import errno
import socket
import sys
# python3/python2 dual compatibility
try:
import urllib.parse
except ImportError:
import urlparse
else:
urlparse = urllib.parse
import dns.flags, dns.exception, dns.name, dns.opcode, dns.rdataclass, dns.rdatatype
from dnsviz.ipaddr import IPAddr
......@@ -92,6 +100,7 @@ class DigCommandLineQuery:
self.trusted_keys = ()
self.show_ttl = True
self.lg_url = None
self.lg_factory = None
def process_query_options(self, global_options):
for arg in global_options + self.query_options:
......@@ -193,7 +202,14 @@ class DigCommandLineQuery:
elif arg == '+nomultiline':
self.multiline = False
#TODO +ndots=D
#TODO +[no]nsid
elif arg == '+nsid':
if self.edns < 0:
self.edns = 0
if not [x for x in filter(lambda x: x.otype == dns.edns.NSID, self.edns_options)]:
self.edns_options.append(dns.edns.GenericOption(dns.edns.NSID, b''))
elif arg == '+nonsid':
l = [x for x in filter(lambda x: x.otype == dns.edns.NSID, self.edns_options)]
self.edns_options.remove(dns.edns.GenericOption(dns.edns.NSID, b''))
#TODO +[no]nssearch
#TODO +[no]onesoa
#TODO +[no]qr
......@@ -303,6 +319,34 @@ class DigCommandLineQuery:
self.nameservers = nameservers + processed_nameservers
def process_looking_glass(self, looking_glass_cache):
if self.lg_url is None:
return
if self.lg_url not in looking_glass_cache:
# check that version is >= 2.7.9 if HTTPS is requested
if self.lg_url.startswith('https'):
vers0, vers1, vers2 = sys.version_info[:3]
if (2, 7, 9) > (vers0, vers1, vers2):
sys.stderr.write('python version >= 2.7.9 is required to use a DNS looking glass with HTTPS.\n')
sys.exit(1)
url = urlparse.urlparse(self.lg_url)
if url.scheme in ('http', 'https'):
fact = transport.DNSQueryTransportHandlerHTTPFactory(self.lg_url, insecure=options['insecure'])
elif url.scheme == 'ws':
if url.hostname is not None:
usage('WebSocket URL must designate a local UNIX domain socket.')
sys.exit(1)
fact = transport.DNSQueryTransportHandlerWebSocketServerFactory(url.path)
elif url.scheme == 'ssh':
fact = transport.DNSQueryTransportHandlerRemoteCmdFactory(self.lg_url)
else:
usage('Unsupported URL scheme: "%s"' % self.lg_url)
sys.exit(1)
looking_glass_cache[self.lg_url] = fact
self.lg_factory = looking_glass_cache[self.lg_url]
def _get_resolver(self, options):
class CustomQuery(Q.DNSQueryFactory):
flags = self.flags
......@@ -313,8 +357,8 @@ class DigCommandLineQuery:
tcp = self.tcp
response_handlers = self.handlers
if self.lg_url is not None:
th_factories = (transport.DNSQueryTransportHandlerHTTPFactory(self.lg_url),)
if self.lg_factory is not None:
th_factories = (self.lg_factory,)
else:
th_factories = None
......@@ -392,6 +436,17 @@ class DigCommandLineQuery:
s += ';; OPT PSEUDOSECTION:\n'
s += '; EDNS: version: %d, flags: %s; udp: %d\n' % (response.message.edns, dns.flags.edns_to_text(response.message.ednsflags).lower(), response.message.payload)
for opt in response.message.options:
chars = []
if opt.otype == dns.edns.NSID:
s += '; NSID:'
for b in opt.data:
s += ' %02x' % b
chars.append(chr(b))
for c in chars:
s += ' (%s)' % c
s += '\n'
if response.message.question and self.show_question:
if self.show_comments:
s += ';; QUESTION SECTION:\n'
......@@ -426,10 +481,10 @@ class DigCommandLineQuery:
return s
elif response.error in (Q.RESPONSE_ERROR_TIMEOUT, Q.RESPONSE_ERROR_NETWORK_ERROR):
return ';; connection timed out; no servers could be reached'
return ';; connection timed out; no servers could be reached\n'
else:
return ';; the response from %s was malformed' % server
return ';; the response from %s was malformed\n' % server
def query_and_display(self, options, filehandle):
try:
......@@ -453,6 +508,7 @@ class DigCommandLine:
'use_ipv6': None,
'client_ipv4': None,
'client_ipv6': None,
'insecure': None,
'port': 53,
}
......@@ -468,9 +524,11 @@ class DigCommandLine:
if not self.queries:
self.queries.append(DigCommandLineQuery('.', dns.rdatatype.NS, dns.rdataclass.IN))
looking_glass_cache = {}
for q in self.queries:
q.process_nameservers(self.nameservers, self.options['use_ipv4'], self.options['use_ipv6'])
q.process_query_options(self.global_query_options)
q.process_looking_glass(looking_glass_cache)
if not q.nameservers:
raise SemanticException('No nameservers to query')
......@@ -626,6 +684,9 @@ class DigCommandLine:
elif self.args[self.arg_index].startswith('-4'):
self._get_arg(False)
self.options['use_ipv4'] = True
elif self.args[self.arg_index].startswith('-k'):
self._get_arg(False)
self.options['insecure'] = True
else:
raise CommandLineException('Option "%s" not recognized.' % self.args[self.arg_index][:2])
......
Name: dnsviz
Version: 0.8.0
Release: 1%{?dist}
Summary: Tools for analyzing and visualizing DNS and DNSSEC behavior
License: GPLv2+
URL: https://github.com/dnsviz/dnsviz
Source0: https://github.com/dnsviz/dnsviz/releases/download/v%{version}/%{name}-%{version}.tar.gz
BuildArch: noarch
BuildRequires: python2-devel
BuildRequires: graphviz
BuildRequires: make
# python2-pygraphviz should be >= 1.4
Requires: python2-pygraphviz >= 1.3
Requires: m2crypto >= 0.28.0
Requires: python2-dns >= 1.13
Requires: python2-libnacl
%description
DNSViz is a tool suite for analysis and visualization of Domain Name System
(DNS) behavior, including its security extensions (DNSSEC). This tool suite
powers the Web-based analysis available at http://dnsviz.net/
%prep
%autosetup
%build
%py2_build
%install
#XXX Normally the py2_install macro would be used here,
# but dnsviz/config.py is build with the install command,
# so install MUST call the build subcommand, so config.py
# will be proplerly placed. With py2_install, the
# --skip-build argument is used.
%{__python2} %{py_setup} %{?py_setup_args} install -O1 --root %{buildroot} %{?*}
#XXX no checks yet
#%check
#%{__python2} setup.py test
%clean
rm -rf %{buildroot}
%files
%license LICENSE
%doc README.md
%{python2_sitelib}/%{name}/*
%{python2_sitelib}/%{name}-%{version}-py2.7.egg-info/*
%{_bindir}/%{name}
%{_datadir}/%{name}/*
%{_defaultdocdir}/%{name}/dnsviz-graph.html
%{_defaultdocdir}/%{name}/images/*png
%{_mandir}/man1/%{name}.1*
%{_mandir}/man1/%{name}-probe.1*
%{_mandir}/man1/%{name}-graph.1*
%{_mandir}/man1/%{name}-grok.1*
%{_mandir}/man1/%{name}-print.1*
%{_mandir}/man1/%{name}-query.1*
%changelog
* Fri Jan 25 2019 Casey Deccio
0.8.0 release
Name: dnsviz
Version: 0.8.0
Release: 1%{?dist}
Summary: Tools for analyzing and visualizing DNS and DNSSEC behavior
License: GPLv2+
URL: https://github.com/dnsviz/dnsviz
Source0: https://github.com/dnsviz/dnsviz/releases/download/v%{version}/%{name}-%{version}.tar.gz
BuildArch: noarch
BuildRequires: python3-devel
BuildRequires: graphviz
BuildRequires: make
# python3-pygraphviz should be >= 1.4
Requires: python3-pygraphviz >= 1.3
Requires: python3-m2crypto >= 0.28.0
Requires: python3-dns >= 1.13
Requires: python3-libnacl
%description
DNSViz is a tool suite for analysis and visualization of Domain Name System
(DNS) behavior, including its security extensions (DNSSEC). This tool suite
powers the Web-based analysis available at http://dnsviz.net/
%prep
%autosetup
%build
%py3_build
%install
#XXX Normally the py3_install macro would be used here,
# but dnsviz/config.py is build with the install command,
# so install MUST call the build subcommand, so config.py
# will be proplerly placed. With py3_install, the
# --skip-build argument is used.
%{__python3} %{py_setup} %{?py_setup_args} install -O1 --root %{buildroot} %{?*}
#XXX no checks yet
#%check
#%{__python3} setup.py test
%clean
rm -rf %{buildroot}
%files
%license LICENSE
%doc README.md
%{python3_sitelib}/%{name}/*
%{python3_sitelib}/%{name}-%{version}-py3.7.egg-info/*
%{_bindir}/%{name}
%{_datadir}/%{name}/*
%{_defaultdocdir}/%{name}/dnsviz-graph.html
%{_defaultdocdir}/%{name}/images/*png
%{_mandir}/man1/%{name}.1*
%{_mandir}/man1/%{name}-probe.1*
%{_mandir}/man1/%{name}-graph.1*
%{_mandir}/man1/%{name}-grok.1*
%{_mandir}/man1/%{name}-print.1*
%{_mandir}/man1/%{name}-query.1*
%changelog
* Fri Jan 25 2019 Casey Deccio
0.8.0 release
This diff is collapsed.
This diff is collapsed.
Metadata-Version: 1.1
Name: dnsviz
Version: 0.6.6
Version: 0.8.0
Summary: DNS analysis and visualization tool suite
Home-page: https://github.com/dnsviz/dnsviz/
Author: Casey Deccio
......@@ -19,7 +19,6 @@ Classifier: License :: OSI Approved :: GNU General Public License v2 or later (G
Classifier: Natural Language :: English
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Internet :: Name Service (DNS)
......@@ -28,3 +27,4 @@ Classifier: Topic :: System :: Networking :: Monitoring
Requires: pygraphviz (>=1.1)
Requires: m2crypto (>=0.24.0)
Requires: dnspython (>=1.11)
Requires: libnacl
......@@ -2,13 +2,15 @@ COPYRIGHT
LICENSE
MANIFEST.in
README.md
requirements.txt
setup.cfg
setup.py
bin/dnsviz
contrib/digviz
contrib/dnsviz-lg-ws.js
contrib/dnsviz-lg.cgi
contrib/m2crypto-0.23.patch
contrib/m2crypto-pre0.23.patch
contrib/dnsviz-py2.spec
contrib/dnsviz-py3.spec
contrib/rpm-install.sh
contrib/dnsviz-lg-java/net/dnsviz/applet/DNSLookingGlassApplet.java
contrib/dnsviz-lg-java/net/dnsviz/lookingglass/DNSLookingGlass.java
......@@ -46,6 +48,7 @@ dnsviz/analysis/status.py
dnsviz/commands/__init__.py
dnsviz/commands/graph.py
dnsviz/commands/grok.py
dnsviz/commands/lookingglass.py
dnsviz/commands/print.py
dnsviz/commands/probe.py
dnsviz/commands/query.py
......
from .online import WILDCARD_EXPLICIT_DELEGATION, Analyst, OnlineDomainNameAnalysis, PrivateAnalyst, RecursiveAnalyst, PrivateRecursiveAnalyst, NetworkConnectivityException, DNS_RAW_VERSION
from .online import COOKIE_STANDIN, WILDCARD_EXPLICIT_DELEGATION, Analyst, OnlineDomainNameAnalysis, PrivateAnalyst, RecursiveAnalyst, PrivateRecursiveAnalyst, NetworkConnectivityException, DNS_RAW_VERSION
from .offline import OfflineDomainNameAnalysis, TTLAgnosticOfflineDomainNameAnalysis, DNS_PROCESSED_VERSION
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
#
# This file is a part of DNSViz, a tool suite for DNS/DNSSEC monitoring,
# analysis, and visualization. This file (or some portion thereof) is a
# derivative work authored by VeriSign, Inc., and created in 2014, based on
# code originally developed at Sandia National Laboratories.
# analysis, and visualization.
# Created by Casey Deccio (casey@deccio.net)
#
# Copyright 2012-2014 Sandia Corporation. Under the terms of Contract
......@@ -11,6 +9,8 @@
#
# Copyright 2014-2016 VeriSign, Inc.
#
# Copyright 2016-2019 Casey Deccio
#
# DNSViz is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
......@@ -28,7 +28,6 @@
from __future__ import unicode_literals
import base64
import cgi
import datetime
import logging
......@@ -38,6 +37,12 @@ try:
except ImportError:
from ordereddict import OrderedDict
# python3/python2 dual compatibility
try:
from html import escape
except ImportError:
from cgi import escape
import dns.name, dns.rdatatype
from dnsviz import base32
......@@ -153,6 +158,15 @@ dname_status_mapping = {
DNAME_STATUS_INVALID: 'INVALID',
}
RRSIG_SIG_LENGTHS_BY_ALGORITHM = {
12: 512, 13: 512, 14: 768, 15: 512, 16: 912,
}
RRSIG_SIG_LENGTH_ERRORS = {
12: Errors.RRSIGBadLengthGOST, 13: Errors.RRSIGBadLengthECDSA256,
14: Errors.RRSIGBadLengthECDSA384, 15: Errors.RRSIGBadLengthEd25519,
16: Errors.RRSIGBadLengthEd448,
}
class RRSIGStatus(object):
def __init__(self, rrset, rrsig, dnskey, zone_name, reference_ts, supported_algs):
self.rrset = rrset
......@@ -206,6 +220,11 @@ class RRSIGStatus(object):