mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 14:53:15 -05:00
unbound-host shows security info.
git-svn-id: file:///svn/unbound/trunk@811 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
1f9ad9e66e
commit
cdf334528f
5 changed files with 81 additions and 22 deletions
|
|
@ -2,6 +2,8 @@
|
|||
- library resolution works in foreground mode, unbound-host app
|
||||
receives data.
|
||||
- unbound-host prints rdata using ldns.
|
||||
- unbound-host accepts trust anchors, and prints validation
|
||||
information when you give -v.
|
||||
|
||||
5 December 2007: Wouter
|
||||
- locking in context_new() inside the function.
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ ub_val_ctx_create
|
|||
ub_val_ctx_delete
|
||||
ub_val_ctx_config
|
||||
ub_val_ctx_add_ta
|
||||
ub_val_ctx_add_ta_file
|
||||
ub_val_ctx_trustedkeys
|
||||
ub_val_ctx_async
|
||||
ub_val_ctx_poll
|
||||
|
|
|
|||
|
|
@ -183,6 +183,25 @@ ub_val_ctx_add_ta(struct ub_val_ctx* ctx, char* ta)
|
|||
return UB_NOERROR;
|
||||
}
|
||||
|
||||
int
|
||||
ub_val_ctx_add_ta_file(struct ub_val_ctx* ctx, char* fname)
|
||||
{
|
||||
char* dup = strdup(fname);
|
||||
if(!dup) return UB_NOMEM;
|
||||
lock_basic_lock(&ctx->cfglock);
|
||||
if(ctx->finalized) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
return UB_AFTERFINAL;
|
||||
}
|
||||
if(!cfg_strlist_insert(&ctx->env->cfg->trust_anchor_file_list, dup)) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
free(dup);
|
||||
return UB_NOMEM;
|
||||
}
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
return UB_NOERROR;
|
||||
}
|
||||
|
||||
int
|
||||
ub_val_ctx_trustedkeys(struct ub_val_ctx* ctx, char* fname)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -218,7 +218,18 @@ int ub_val_ctx_add_ta(struct ub_val_ctx* ctx, char* ta);
|
|||
|
||||
/**
|
||||
* Add trust anchors to the given context.
|
||||
* The trust anchor the name of a bind-style config file with trusted-keys{}.
|
||||
* Pass name of a file with DS and DNSKEY records (like from dig or drill).
|
||||
* @param ctx: context.
|
||||
* At this time it is only possible to add trusted keys before the
|
||||
* first resolve is done.
|
||||
* @param fname: filename of file with keyfile with trust anchors.
|
||||
* @return 0 if OK, else error.
|
||||
*/
|
||||
int ub_val_ctx_add_ta_file(struct ub_val_ctx* ctx, char* fname);
|
||||
|
||||
/**
|
||||
* Add trust anchors to the given context.
|
||||
* Pass the name of a bind-style config file with trusted-keys{}.
|
||||
* @param ctx: context.
|
||||
* At this time it is only possible to add trusted keys before the
|
||||
* first resolve is done.
|
||||
|
|
|
|||
|
|
@ -52,13 +52,19 @@ static void
|
|||
usage()
|
||||
{
|
||||
printf("Usage: unbound-host [-c class] [-t type] hostname\n");
|
||||
printf(" [-y key] [-f keyfile] [-F named.conf]\n");
|
||||
printf(" Queries the DNS for information.\n");
|
||||
printf(" The hostname is looked up for IP4, IP6 and mail.\n");
|
||||
printf(" If an ip-address is given a reverse lookup is done.\n");
|
||||
printf("-t type what type to look for.\n");
|
||||
printf("-c class what class to look for, if not class IN.\n");
|
||||
printf("-v be more verbose.\n");
|
||||
printf("-h show this usage help.\n");
|
||||
printf(" Use the -v option to see DNSSEC security information.\n");
|
||||
printf(" -t type what type to look for.\n");
|
||||
printf(" -c class what class to look for, if not class IN.\n");
|
||||
printf(" -y 'keystring' specify trust anchor, DS or DNSKEY, like\n");
|
||||
printf(" -y 'example.com DS 31560 5 1 1CFED8478...'\n");
|
||||
printf(" -f keyfile read trust anchors from file, with lines as -y.\n");
|
||||
printf(" -F keyfile read named.conf-style trust anchors.\n");
|
||||
printf(" -v be more verbose, shows nodata and security.\n");
|
||||
printf(" -h show this usage help.\n");
|
||||
printf("Version %s\n", PACKAGE_VERSION);
|
||||
printf("BSD licensed, see LICENSE in source package for details.\n");
|
||||
printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
|
||||
|
|
@ -256,7 +262,8 @@ pretty_rdata(char* q, char* cstr, char* tstr, int t, const char* sec,
|
|||
printf(" domain name pointer");
|
||||
else printf(" has %s record", tstr);
|
||||
print_rd(t, data, len);
|
||||
printf(" %s", sec);
|
||||
if(verb > 0)
|
||||
printf(" %s", sec);
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
|
|
@ -284,9 +291,21 @@ pretty_output(char* q, int t, int c, int sec, int haved,
|
|||
printf("%s is an alias for %s\n", result->qname,
|
||||
result->canonname);
|
||||
if(!haved) {
|
||||
if(verb > 0)
|
||||
printf("%s %s %s: no data. %s\n",
|
||||
q, cstr, tstr, secstatus);
|
||||
if(verb > 0) {
|
||||
printf("%s", q);
|
||||
if(strcmp(cstr, "IN") != 0)
|
||||
printf(" in class %s", cstr);
|
||||
if(t == LDNS_RR_TYPE_A)
|
||||
printf(" has no address");
|
||||
else if(t == LDNS_RR_TYPE_AAAA)
|
||||
printf(" has no IPv6 address");
|
||||
else if(t == LDNS_RR_TYPE_PTR)
|
||||
printf(" has no domain name ptr");
|
||||
else if(t == LDNS_RR_TYPE_MX)
|
||||
printf(" has no mail handler record");
|
||||
else printf(" has no %s record", tstr);
|
||||
printf(" %s\n", secstatus);
|
||||
}
|
||||
/* else: emptiness to indicate no data */
|
||||
return;
|
||||
}
|
||||
|
|
@ -321,7 +340,7 @@ dnslook(struct ub_val_ctx* ctx, char* q, int t, int c, int docname)
|
|||
|
||||
/** perform host lookup */
|
||||
static void
|
||||
lookup(const char* nm, const char* qt, const char* qc)
|
||||
lookup(struct ub_val_ctx* ctx, const char* nm, const char* qt, const char* qc)
|
||||
{
|
||||
/* massage input into a query name, type and class */
|
||||
int multi = 0; /* no type, so do A, AAAA, MX */
|
||||
|
|
@ -331,16 +350,6 @@ lookup(const char* nm, const char* qt, const char* qc)
|
|||
int c = massage_class(qc);
|
||||
|
||||
/* perform the query */
|
||||
struct ub_val_ctx* ctx = NULL;
|
||||
|
||||
if(verb>0)
|
||||
printf("lookup %s %d %d reverse=%d multi=%d\n",
|
||||
realq, t, c, reverse, multi);
|
||||
ctx = ub_val_ctx_create();
|
||||
if(!ctx) {
|
||||
fprintf(stderr, "error: out of memory\n");
|
||||
exit(1);
|
||||
}
|
||||
if(multi) {
|
||||
if(!dnslook(ctx, realq, LDNS_RR_TYPE_A, c, 1)) {
|
||||
/* domain exists, lookup more */
|
||||
|
|
@ -365,8 +374,16 @@ int main(int argc, char* argv[])
|
|||
int c;
|
||||
char* qclass = NULL;
|
||||
char* qtype = NULL;
|
||||
struct ub_val_ctx* ctx = NULL;
|
||||
|
||||
ctx = ub_val_ctx_create();
|
||||
if(!ctx) {
|
||||
fprintf(stderr, "error: out of memory\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* parse the options */
|
||||
while( (c=getopt(argc, argv, "c:ht:v")) != -1) {
|
||||
while( (c=getopt(argc, argv, "F:c:f:ht:vy:")) != -1) {
|
||||
switch(c) {
|
||||
case 'c':
|
||||
qclass = optarg;
|
||||
|
|
@ -377,6 +394,15 @@ int main(int argc, char* argv[])
|
|||
case 'v':
|
||||
verb++;
|
||||
break;
|
||||
case 'y':
|
||||
ub_val_ctx_add_ta(ctx, optarg);
|
||||
break;
|
||||
case 'f':
|
||||
ub_val_ctx_add_ta_file(ctx, optarg);
|
||||
break;
|
||||
case 'F':
|
||||
ub_val_ctx_trustedkeys(ctx, optarg);
|
||||
break;
|
||||
case '?':
|
||||
case 'h':
|
||||
default:
|
||||
|
|
@ -388,6 +414,6 @@ int main(int argc, char* argv[])
|
|||
if(argc != 1)
|
||||
usage();
|
||||
|
||||
lookup(argv[0], qtype, qclass);
|
||||
lookup(ctx, argv[0], qtype, qclass);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue