Commit 0a2e7576 authored by Ondrej Sury's avatar Ondrej Sury

Imported Upstream version 1.6.8~rc1

parent eaea58e6
1.6.8
* Fix ldns zone, so that $TTL definition match RFC 2308.
* Fix lots of missing checks on allocation failures and parse of
NSEC with many types and max parse length in hosts_frm_fp routine
and off by one in read_anchor_file routine (thanks Dan Kaminsky and
Justin Ferguson).
* bugfix #355: Drill: Print both SHA-1 and SHA-256 corresponding DS
records.
* Print correct WHEN in query packet (is not always 1-1-1970)
* ldns-test-edns: new example tool that detects EDNS support.
* fix ldns_resolver_send without openssl.
* bugfix #342: patch for support for more CERT key types (RFC4398).
1.6.7 2010-11-08
* EXPERIMENTAL ecdsa implementation, please do not enable on real
servers.
......@@ -18,7 +31,7 @@
* bugfix: read of RR in unknown syntax with missing fields.
* added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
to sign and verify TSIG RRs on subsequent messages
(section 4.4, RFC 2845).
(section 4.4, RFC 2845, thanks to Michael Sheldon).
* bugfix: signer sigs nsecs with zsks only.
* bugfix #333: fix ldns_dname_absolute for name ending with backslash.
......
......@@ -44,7 +44,6 @@ LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
LIBNSL_LIBS = @LIBNSL_LIBS@
LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@
LIBSSL_LDFLAGS = @LIBSSL_LDFLAGS@
LIBSSL_LIBS = @LIBSSL_LIBS@
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.65 for ldns 1.6.7.
# Generated by GNU Autoconf 2.65 for ldns 1.6.8.
#
# Report bugs to <libdns@nlnetlabs.nl>.
#
......@@ -701,8 +701,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ldns'
PACKAGE_TARNAME='libdns'
PACKAGE_VERSION='1.6.7'
PACKAGE_STRING='ldns 1.6.7'
PACKAGE_VERSION='1.6.8'
PACKAGE_STRING='ldns 1.6.8'
PACKAGE_BUGREPORT='libdns@nlnetlabs.nl'
PACKAGE_URL=''
......@@ -1418,7 +1418,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ldns 1.6.7 to adapt to many kinds of systems.
\`configure' configures ldns 1.6.8 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1483,7 +1483,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ldns 1.6.7:";;
short | recursive ) echo "Configuration of ldns 1.6.8:";;
esac
cat <<\_ACEOF
......@@ -1594,7 +1594,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ldns configure 1.6.7
ldns configure 1.6.8
generated by GNU Autoconf 2.65
Copyright (C) 2009 Free Software Foundation, Inc.
......@@ -2115,7 +2115,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ldns $as_me 1.6.7, which was
It was created by ldns $as_me 1.6.8, which was
generated by GNU Autoconf 2.65. Invocation command line was
$ $0 $@
......@@ -2464,13 +2464,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# needed to build correct soname
LIBTOOL_VERSION_INFO=1:6:7
LIBTOOL_VERSION_INFO=1:6:8
LDNS_VERSION_MAJOR=1
LDNS_VERSION_MINOR=6
LDNS_VERSION_MICRO=7
LDNS_VERSION_MICRO=8
OURCPPFLAGS=''
......@@ -14851,7 +14851,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ldns $as_me 1.6.7, which was
This file was extended by ldns $as_me 1.6.8, which was
generated by GNU Autoconf 2.65. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -14917,7 +14917,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ldns config.status 1.6.7
ldns config.status 1.6.8
configured by $0, generated by GNU Autoconf 2.65,
with options \\"\$ac_cs_config\\"
......
......@@ -6,7 +6,7 @@ sinclude(acx_nlnetlabs.m4)
# must be numbers. ac_defun because of later processing.
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[6])
m4_define([VERSION_MICRO],[7])
m4_define([VERSION_MICRO],[8])
AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns)
AC_CONFIG_SRCDIR([packet.c])
# needed to build correct soname
......
......@@ -679,6 +679,7 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
bm_len = i_type / 8 + 2;
bitmap = LDNS_XMALLOC(uint8_t, bm_len);
if(!bitmap) return NULL;
for (i = 0; i < bm_len; i++) {
bitmap[i] = 0;
}
......@@ -700,6 +701,10 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
data = LDNS_XREALLOC(data,
uint8_t,
cur_data_size + cur_window_max + 3);
if(!data) {
LDNS_FREE(bitmap);
return NULL;
}
data[cur_data_size] = cur_window;
data[cur_data_size + 1] = cur_window_max + 1;
memcpy(data + cur_data_size + 2,
......@@ -721,6 +726,10 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
data = LDNS_XREALLOC(data,
uint8_t,
cur_data_size + cur_window_max + 3);
if(!data) {
LDNS_FREE(bitmap);
return NULL;
}
data[cur_data_size] = cur_window;
data[cur_data_size + 1] = cur_window_max + 1;
memcpy(data + cur_data_size + 2, cur_data, cur_window_max+1);
......@@ -964,6 +973,10 @@ ldns_nsec3_hash_name(ldns_rdf *name,
hashed_owner_str_len = salt_length + ldns_rdf_size(cann);
hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
if(!hashed_owner_str) {
ldns_rdf_deep_free(cann);
return NULL;
}
memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann));
memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length);
ldns_rdf_deep_free(cann);
......@@ -976,7 +989,6 @@ ldns_nsec3_hash_name(ldns_rdf *name,
hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH;
hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
if (!hashed_owner_str) {
fprintf(stderr, "Memory error\n");
return NULL;
}
memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH);
......@@ -990,6 +1002,9 @@ ldns_nsec3_hash_name(ldns_rdf *name,
hashed_owner_b32 = LDNS_XMALLOC(char,
ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1);
if(!hashed_owner_b32) {
return NULL;
}
hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex(
(uint8_t *) hashed_owner_str,
hashed_owner_str_len,
......@@ -1048,11 +1063,20 @@ ldns_nsec3_add_param_rdfs(ldns_rr *rr,
if (old) ldns_rdf_deep_free(old);
salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1);
if(!salt_data) {
/* no way to return error */
return;
}
salt_data[0] = salt_length;
memcpy(salt_data + 1, salt, salt_length);
salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT,
salt_length + 1,
salt_data);
if(!salt_rdf) {
LDNS_FREE(salt_data);
/* no way to return error */
return;
}
old = ldns_rr_set_rdf(rr, salt_rdf, 3);
if (old) ldns_rdf_deep_free(old);
......@@ -1228,6 +1252,7 @@ ldns_nsec3_salt_data(const ldns_rr *nsec3_rr)
if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
salt_length = ldns_rdf_data(salt_rdf)[0];
salt = LDNS_XMALLOC(uint8_t, salt_length);
if(!salt) return NULL;
memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length);
return salt;
}
......@@ -1538,25 +1563,37 @@ ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
(const unsigned char **)&dsasig_data,
sig_len);
if (!dsasig) {
DSA_SIG_free(dsasig);
return NULL;
}
dsasig_data = LDNS_XMALLOC(unsigned char, 41);
if(!dsasig_data) {
DSA_SIG_free(dsasig);
return NULL;
}
dsasig_data[0] = 0;
byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r));
if (byte_offset > 20) {
DSA_SIG_free(dsasig);
LDNS_FREE(dsasig_data);
return NULL;
}
memset(&dsasig_data[1], 0, byte_offset);
BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]);
byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s));
if (byte_offset > 20) {
DSA_SIG_free(dsasig);
LDNS_FREE(dsasig_data);
return NULL;
}
memset(&dsasig_data[21], 0, byte_offset);
BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]);
sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data);
if(!sigdata_rdf) {
LDNS_FREE(dsasig_data);
}
DSA_SIG_free(dsasig);
return sigdata_rdf;
......
......@@ -319,10 +319,18 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
return NULL;
}
sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
if(!sig) {
ldns_buffer_free(b64sig);
return NULL;
}
data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
if(!data) {
ldns_buffer_free(b64sig);
DSA_SIG_free(sig);
return NULL;
}
data[0] = 1;
pad = 20 - (size_t) BN_num_bytes(sig->r);
......@@ -343,6 +351,7 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
ldns_buffer_free(b64sig);
LDNS_FREE(data);
DSA_SIG_free(sig);
return sigdata_rdf;
}
......
......@@ -19,6 +19,7 @@ ldns_dnssec_data_chain *
ldns_dnssec_data_chain_new()
{
ldns_dnssec_data_chain *nc = LDNS_XMALLOC(ldns_dnssec_data_chain, 1);
if(!nc) return NULL;
nc->rrset = NULL;
nc->parent_type = 0;
nc->parent = NULL;
......@@ -107,6 +108,7 @@ ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res,
LDNS_RR_TYPE_DNSKEY,
c,
qflags);
if (my_pkt) {
keys = ldns_pkt_rr_list_by_name_and_type(
my_pkt,
key_name,
......@@ -120,6 +122,7 @@ ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res,
NULL);
new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY;
ldns_pkt_free(my_pkt);
}
} else {
new_chain->parent = ldns_dnssec_build_data_chain(res,
qflags,
......@@ -160,6 +163,7 @@ ldns_dnssec_build_data_chain_other(ldns_resolver *res,
LDNS_RR_TYPE_DS,
c,
qflags);
if (my_pkt) {
dss = ldns_pkt_rr_list_by_name_and_type(my_pkt,
key_name,
LDNS_RR_TYPE_DS,
......@@ -175,12 +179,14 @@ ldns_dnssec_build_data_chain_other(ldns_resolver *res,
ldns_rr_list_deep_free(dss);
}
ldns_pkt_free(my_pkt);
}
my_pkt = ldns_resolver_query(res,
key_name,
LDNS_RR_TYPE_DNSKEY,
c,
qflags);
if (my_pkt) {
signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt,
key_name,
LDNS_RR_TYPE_RRSIG,
......@@ -194,6 +200,7 @@ ldns_dnssec_build_data_chain_other(ldns_resolver *res,
new_chain->signatures = signatures2;
}
ldns_pkt_free(my_pkt);
}
}
ldns_dnssec_data_chain *
......@@ -223,6 +230,9 @@ ldns_dnssec_build_data_chain_nokeyname(ldns_resolver *res,
LDNS_RR_TYPE_DS,
LDNS_RR_CLASS_IN,
qflags);
if (!my_pkt) {
return new_chain;
}
if (ldns_pkt_ancount(my_pkt) > 0) {
/* add error, no sigs but DS in parent */
......@@ -352,8 +362,10 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
} else {
my_pkt = ldns_resolver_query(res, name, type, c, qflags);
if (my_pkt) {
signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
ldns_pkt_free(my_pkt);
}
}
} else {
if (pkt) {
......@@ -364,11 +376,13 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
}
if (!signatures) {
my_pkt = ldns_resolver_query(res, name, type, c, qflags);
if (my_pkt) {
signatures =
ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt,
name,
type);
ldns_pkt_free(my_pkt);
}
}
}
......@@ -415,6 +429,7 @@ ldns_dnssec_trust_tree_new()
{
ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree,
1);
if(!new_tree) return NULL;
new_tree->rr = NULL;
new_tree->rrset = NULL;
new_tree->parent_count = 0;
......@@ -481,6 +496,8 @@ ldns_dnssec_trust_tree_print_sm(FILE *out,
if (!sibmap) {
treedepth = ldns_dnssec_trust_tree_depth(tree);
sibmap = malloc(treedepth);
if(!sibmap)
return; /* mem err */
memset(sibmap, 0, treedepth);
mapset = true;
}
......@@ -638,6 +655,8 @@ ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr)
size_t i, j;
ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new();
if(!new_tree)
return NULL;
if (data_chain && data_chain->rrset) {
cur_rrset = data_chain->rrset;
......@@ -1116,12 +1135,9 @@ ldns_validate_domain_dnskey(const ldns_resolver * res,
ldns_rr_list * trusted_keys = NULL;
/* Fetch keys for the domain */
if ((keypkt = ldns_resolver_query(res,
domain,
LDNS_RR_TYPE_DNSKEY,
LDNS_RR_CLASS_IN,
LDNS_RD))) {
keypkt = ldns_resolver_query(res, domain,
LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
if (keypkt) {
domain_keys = ldns_pkt_rr_list_by_type(keypkt,
LDNS_RR_TYPE_DNSKEY,
LDNS_SECTION_ANSWER);
......@@ -1205,12 +1221,9 @@ ldns_validate_domain_ds(const ldns_resolver *res,
ldns_rr_list * trusted_keys = NULL;
/* Fetch DS for the domain */
if ((dspkt = ldns_resolver_query(res,
domain,
LDNS_RR_TYPE_DS,
LDNS_RR_CLASS_IN,
LDNS_RD))) {
dspkt = ldns_resolver_query(res, domain,
LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN, LDNS_RD);
if (dspkt) {
rrset = ldns_pkt_rr_list_by_type(dspkt,
LDNS_RR_TYPE_DS,
LDNS_SECTION_ANSWER);
......
......@@ -11,6 +11,7 @@ ldns_dnssec_rrs_new()
{
ldns_dnssec_rrs *new_rrs;
new_rrs = LDNS_MALLOC(ldns_dnssec_rrs);
if(!new_rrs) return NULL;
new_rrs->rr = NULL;
new_rrs->next = NULL;
return new_rrs;
......@@ -96,6 +97,7 @@ ldns_dnssec_rrsets_new()
{
ldns_dnssec_rrsets *new_rrsets;
new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets);
if(!new_rrsets) return NULL;
new_rrsets->rrs = NULL;
new_rrsets->type = 0;
new_rrsets->signatures = NULL;
......@@ -555,6 +557,7 @@ ldns_dnssec_zone *
ldns_dnssec_zone_new()
{
ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone);
if(!zone) return NULL;
zone->soa = NULL;
zone->names = NULL;
......@@ -653,6 +656,7 @@ ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
if (!zone->names) {
zone->names = ldns_rbtree_create(ldns_dname_compare_v);
if(!zone->names) return LDNS_STATUS_MEM_ERR;
}
/* we need the original of the hashed name if this is
......@@ -674,7 +678,12 @@ ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
if (!cur_node) {
/* add */
cur_name = ldns_dnssec_name_new_frm_rr(rr);
if(!cur_name) return LDNS_STATUS_MEM_ERR;
cur_node = LDNS_MALLOC(ldns_rbnode_t);
if(!cur_node) {
ldns_dnssec_name_free(cur_name);
return LDNS_STATUS_MEM_ERR;
}
cur_node->key = ldns_rr_owner(rr);
cur_node->data = cur_name;
ldns_rbtree_insert(zone->names, cur_node);
......
......@@ -6,12 +6,14 @@ Features:
* HMAC and MD5 without OpenSSL
* HIP RR support
* Parse 'search' attribute in /etc/resolv.conf
* Make use of automake
* ./configure --with-tools --with-drill
* Make use of automake (Bug #173)
* ./configure --with-tools --with-drill (Bug #264)
* Drill: print appropriate DS RRs (relates to Bug #355)
* ldns-signzone optout to be really optout
Bugfixes:
* Bug #173
* Bug #264
* Bug #279
* Bug #279: fix return values for net.h functions, and related: make return
values for functions that cannot return memory-failure today. Needs medium
version increase because of API change.
* Long out-standing packaging bugs (debian)
* Lazy ABI
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.65 for ldns 1.6.7.
# Generated by GNU Autoconf 2.65 for ldns 1.6.8rc1.
#
# Report bugs to <libdns@nlnetlabs.nl>.
#
......@@ -552,8 +552,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ldns'
PACKAGE_TARNAME='libdns'
PACKAGE_VERSION='1.6.7'
PACKAGE_STRING='ldns 1.6.7'
PACKAGE_VERSION='1.6.8rc1'
PACKAGE_STRING='ldns 1.6.8rc1'
PACKAGE_BUGREPORT='libdns@nlnetlabs.nl'
PACKAGE_URL=''
......@@ -1207,7 +1207,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ldns 1.6.7 to adapt to many kinds of systems.
\`configure' configures ldns 1.6.8rc1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1268,7 +1268,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ldns 1.6.7:";;
short | recursive ) echo "Configuration of ldns 1.6.8rc1:";;
esac
cat <<\_ACEOF
......@@ -1364,7 +1364,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ldns configure 1.6.7
ldns configure 1.6.8rc1
generated by GNU Autoconf 2.65
Copyright (C) 2009 Free Software Foundation, Inc.
......@@ -1789,7 +1789,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ldns $as_me 1.6.7, which was
It was created by ldns $as_me 1.6.8rc1, which was
generated by GNU Autoconf 2.65. Invocation command line was
$ $0 $@
......@@ -5874,7 +5874,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ldns $as_me 1.6.7, which was
This file was extended by ldns $as_me 1.6.8rc1, which was
generated by GNU Autoconf 2.65. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -5936,7 +5936,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ldns config.status 1.6.7
ldns config.status 1.6.8rc1
configured by $0, generated by GNU Autoconf 2.65,
with options \\"\$ac_cs_config\\"
......
......@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_INIT(ldns, 1.6.7, libdns@nlnetlabs.nl,libdns)
AC_INIT(ldns, 1.6.8rc1, libdns@nlnetlabs.nl,libdns)
AC_CONFIG_SRCDIR([drill.c])
sinclude(../acx_nlnetlabs.m4)
......
......@@ -95,6 +95,16 @@ ldns_rdf_new_addr_frm_str(char *str)
return a;
}
static inline void
local_print_ds(FILE* out, const char* pre, ldns_rr* ds)
{
if (out && ds) {
fprintf(out, "%s", pre);
ldns_rr_print(out, ds);
ldns_rr_free(ds);
}
}
/*
* For all keys in a packet print the DS
*/
......@@ -106,7 +116,7 @@ print_ds_of_keys(ldns_pkt *p)
ldns_rr *ds;
/* TODO fix the section stuff, here or in ldns */
keys = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_DNSKEY,
keys = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_DNSKEY,
LDNS_SECTION_ANSWER);
/* this also returns the question section rr, which does not
......@@ -114,12 +124,13 @@ print_ds_of_keys(ldns_pkt *p)
if (keys) {
for (i = 0; i < ldns_rr_list_rr_count(keys); i++) {
fprintf(stdout, ";\n; equivalent DS records for key %u:\n",
ldns_calc_keytag(ldns_rr_list_rr(keys, i)));
ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA1);
if (ds) {
printf("; ");
ldns_rr_print(stdout, ds);
printf("\n");
}
local_print_ds(stdout, "; sha1: ", ds);
ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA256);
local_print_ds(stdout, "; sha256: ", ds);
}
}
}
......
......@@ -46,6 +46,7 @@ MAIN_SOURCES = ldns-read-zone.c \
ldns-zcat.c \
ldns-dpa.c \
ldns-resolver.c \
ldns-test-edns.c \
ldns-keyfetcher.c \
ldns-notify.c \
ldns-testns.c \
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.65 for ldns 1.6.7.
# Generated by GNU Autoconf 2.65 for ldns 1.6.8rc1.
#
# Report bugs to <libdns@nlnetlabs.nl>.
#
......@@ -552,8 +552,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ldns'
PACKAGE_TARNAME='libdns'
PACKAGE_VERSION='1.6.7'
PACKAGE_STRING='ldns 1.6.7'
PACKAGE_VERSION='1.6.8rc1'
PACKAGE_STRING='ldns 1.6.8rc1'
PACKAGE_BUGREPORT='libdns@nlnetlabs.nl'
PACKAGE_URL=''
......@@ -1213,7 +1213,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ldns 1.6.7 to adapt to many kinds of systems.
\`configure' configures ldns 1.6.8rc1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1274,7 +1274,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ldns 1.6.7:";;
short | recursive ) echo "Configuration of ldns 1.6.8rc1:";;
esac
cat <<\_ACEOF
......@@ -1373,7 +1373,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ldns configure 1.6.7
ldns configure 1.6.8rc1
generated by GNU Autoconf 2.65
Copyright (C) 2009 Free Software Foundation, Inc.
......@@ -1837,7 +1837,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ldns $as_me 1.6.7, which was
It was created by ldns $as_me 1.6.8rc1, which was
generated by GNU Autoconf 2.65. Invocation command line was
$ $0 $@
......@@ -6357,7 +6357,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ldns $as_me 1.6.7, which was
This file was extended by ldns $as_me 1.6.8rc1, which was
generated by GNU Autoconf 2.65. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -6419,7 +6419,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ldns config.status 1.6.7
ldns config.status 1.6.8rc1
configured by $0, generated by GNU Autoconf 2.65,
with options \\"\$ac_cs_config\\"
......
......@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_INIT(ldns, 1.6.7, libdns@nlnetlabs.nl,libdns)
AC_INIT(ldns, 1.6.8rc1, libdns@nlnetlabs.nl,libdns)
AC_CONFIG_SRCDIR([ldns-read-zone.c])
sinclude(../acx_nlnetlabs.m4)
......
......@@ -665,7 +665,9 @@ main(int argc, char *argv[])
if (insecure) {
pkt = ldns_resolver_query(res, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
if (pkt) {
l = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_DNSKEY, LDNS_SECTION_ANY_NOQUESTION);
}
} else {
l = retrieve_dnskeys(res, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, dns_root);
}
......
.TH ldns-test-edns 1 "14 Dec 2010"
.SH NAME
ldns-test-edns \- test if dns cache supports EDNS and DNSSEC.
.SH SYNOPSIS
.B ldns-test-edns
[
.IR -i
]
{
.IR ip
}
.SH DESCRIPTION
\fBldns-test-edns\fR tests a DNS cache and checks if it supports EDNS0 and
DNSSEC types so that it can be used as a dnssec-enabled DNS cache. It sends
two queries to the cache, one for the root key and one for a DS record.
These must succeed, the answer must have EDNS, that type and signatures.
.PP
If the IP address is good for DNSSEC, it is printed with 'OK'. Otherwise
short description is given of the failure.
If OK is given, the cache should be good to use as a cache for a local
configured DNSSEC validator.
.PP
The tool assumes the root is signed and Sweden is signed.
Also, the queries are sent with the CD flag, the tool does not check that the
results are validated, but that they \fBcan\fR be validated.
.SH OPTIONS
\fB-i\fR option enables a mode where the working IP addresses are printed
after another, with no other explanations, and if none work or no IP addresses
are on the input, 'off' is printed.
.PP
\fBldns-test-edns\fR takes one or more IP addresses, it checks them in turn.
IPv4 and IPv6 addresses can be given. The exit value is for the last checked
IP address: 0 is OK, 1 is failure, 2 is some sort of network failure.
.SH AUTHOR
Written by the ldns team as an example for ldns usage.
.SH REPORTING BUGS
Report bugs to <ldns-team@nlnetlabs.nl>.
.SH COPYRIGHT
Copyright (C) 2010 NLnet Labs. This is free software. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
/*
* ldns-test-edns tries to get DNSKEY and RRSIG from an IP address.
* This can be used to test if a DNS cache supports DNSSEC (caching RRSIGs),
* i.e. for automatic configuration utilities or when you get a new DNS cache
* from DHCP and wonder if your local validator could use that as a cache.
*
* (c) NLnet Labs 2010
* See the file LICENSE for the license
*/
#include "config.h"
#include "errno.h"