upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

unbound-host shows security info.

Browse source 
git-svn-id: file:///svn/unbound/trunk@811 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2007-12-06 17:05:21 +00:00
parent 1f9ad9e66e
commit cdf334528f
5 changed files with 81 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -2,6 +2,8 @@
- library resolution works in foreground mode, unbound-host app - library resolution works in foreground mode, unbound-host app
receives data. receives data.
- unbound-host prints rdata using ldns. - unbound-host prints rdata using ldns.
- unbound-host accepts trust anchors, and prints validation
information when you give -v.
5 December 2007: Wouter 5 December 2007: Wouter
- locking in context_new() inside the function. - locking in context_new() inside the function.

1
libunbound/ubsyms.def
View file

@ -2,6 +2,7 @@ ub_val_ctx_create
ub_val_ctx_delete ub_val_ctx_delete
ub_val_ctx_config ub_val_ctx_config
ub_val_ctx_add_ta ub_val_ctx_add_ta
ub_val_ctx_add_ta_file
ub_val_ctx_trustedkeys ub_val_ctx_trustedkeys
ub_val_ctx_async ub_val_ctx_async
ub_val_ctx_poll ub_val_ctx_poll

19
libunbound/unbound.c
View file

@ -183,6 +183,25 @@ ub_val_ctx_add_ta(struct ub_val_ctx* ctx, char* ta)
return UB_NOERROR; return UB_NOERROR;
} }
int
ub_val_ctx_add_ta_file(struct ub_val_ctx* ctx, char* fname)
{
char* dup = strdup(fname);
if(!dup) return UB_NOMEM;
lock_basic_lock(&ctx->cfglock);
if(ctx->finalized) {
lock_basic_unlock(&ctx->cfglock);
return UB_AFTERFINAL;
}
if(!cfg_strlist_insert(&ctx->env->cfg->trust_anchor_file_list, dup)) {
lock_basic_unlock(&ctx->cfglock);
free(dup);
return UB_NOMEM;
}
lock_basic_unlock(&ctx->cfglock);
return UB_NOERROR;
}
int int
ub_val_ctx_trustedkeys(struct ub_val_ctx* ctx, char* fname) ub_val_ctx_trustedkeys(struct ub_val_ctx* ctx, char* fname)
{ {

13
libunbound/unbound.h
View file

@ -218,7 +218,18 @@ int ub_val_ctx_add_ta(struct ub_val_ctx* ctx, char* ta);
/** /**
* Add trust anchors to the given context. * Add trust anchors to the given context.
* The trust anchor the name of a bind-style config file with trusted-keys{}. * Pass name of a file with DS and DNSKEY records (like from dig or drill).
* @param ctx: context.
* At this time it is only possible to add trusted keys before the
* first resolve is done.
* @param fname: filename of file with keyfile with trust anchors.
* @return 0 if OK, else error.
*/
int ub_val_ctx_add_ta_file(struct ub_val_ctx* ctx, char* fname);
/**
* Add trust anchors to the given context.
* Pass the name of a bind-style config file with trusted-keys{}.
* @param ctx: context. * @param ctx: context.
* At this time it is only possible to add trusted keys before the * At this time it is only possible to add trusted keys before the
* first resolve is done. * first resolve is done.

66
smallapp/unbound-host.c
View file

@ -52,13 +52,19 @@ static void
usage() usage()
{ {
printf("Usage: unbound-host [-c class] [-t type] hostname\n"); printf("Usage: unbound-host [-c class] [-t type] hostname\n");
printf(" [-y key] [-f keyfile] [-F named.conf]\n");
printf(" Queries the DNS for information.\n"); printf(" Queries the DNS for information.\n");
printf(" The hostname is looked up for IP4, IP6 and mail.\n"); printf(" The hostname is looked up for IP4, IP6 and mail.\n");
printf(" If an ip-address is given a reverse lookup is done.\n"); printf(" If an ip-address is given a reverse lookup is done.\n");
printf("-t type what type to look for.\n"); printf(" Use the -v option to see DNSSEC security information.\n");
printf("-c class what class to look for, if not class IN.\n"); printf(" -t type what type to look for.\n");
printf("-v be more verbose.\n"); printf(" -c class what class to look for, if not class IN.\n");
printf("-h show this usage help.\n"); printf(" -y 'keystring' specify trust anchor, DS or DNSKEY, like\n");
printf(" -y 'example.com DS 31560 5 1 1CFED8478...'\n");
printf(" -f keyfile read trust anchors from file, with lines as -y.\n");
printf(" -F keyfile read named.conf-style trust anchors.\n");
printf(" -v be more verbose, shows nodata and security.\n");
printf(" -h show this usage help.\n");
printf("Version %s\n", PACKAGE_VERSION); printf("Version %s\n", PACKAGE_VERSION);
printf("BSD licensed, see LICENSE in source package for details.\n"); printf("BSD licensed, see LICENSE in source package for details.\n");
printf("Report bugs to %s\n", PACKAGE_BUGREPORT); printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
@ -256,6 +262,7 @@ pretty_rdata(char* q, char* cstr, char* tstr, int t, const char* sec,
printf(" domain name pointer"); printf(" domain name pointer");
else printf(" has %s record", tstr); else printf(" has %s record", tstr);
print_rd(t, data, len); print_rd(t, data, len);
if(verb > 0)
printf(" %s", sec); printf(" %s", sec);
printf("\n"); printf("\n");
} }
@ -284,9 +291,21 @@ pretty_output(char* q, int t, int c, int sec, int haved,
printf("%s is an alias for %s\n", result->qname, printf("%s is an alias for %s\n", result->qname,
result->canonname); result->canonname);
if(!haved) { if(!haved) {
if(verb > 0) if(verb > 0) {
printf("%s %s %s: no data. %s\n", printf("%s", q);
q, cstr, tstr, secstatus); if(strcmp(cstr, "IN") != 0)
printf(" in class %s", cstr);
if(t == LDNS_RR_TYPE_A)
printf(" has no address");
else if(t == LDNS_RR_TYPE_AAAA)
printf(" has no IPv6 address");
else if(t == LDNS_RR_TYPE_PTR)
printf(" has no domain name ptr");
else if(t == LDNS_RR_TYPE_MX)
printf(" has no mail handler record");
else printf(" has no %s record", tstr);
printf(" %s\n", secstatus);
}
/* else: emptiness to indicate no data */ /* else: emptiness to indicate no data */
return; return;
} }
@ -321,7 +340,7 @@ dnslook(struct ub_val_ctx* ctx, char* q, int t, int c, int docname)
/** perform host lookup */ /** perform host lookup */
static void static void
lookup(const char* nm, const char* qt, const char* qc) lookup(struct ub_val_ctx* ctx, const char* nm, const char* qt, const char* qc)
{ {
/* massage input into a query name, type and class */ /* massage input into a query name, type and class */
int multi = 0; /* no type, so do A, AAAA, MX */ int multi = 0; /* no type, so do A, AAAA, MX */
@ -331,16 +350,6 @@ lookup(const char* nm, const char* qt, const char* qc)
int c = massage_class(qc); int c = massage_class(qc);
/* perform the query */ /* perform the query */
struct ub_val_ctx* ctx = NULL;
if(verb>0)
printf("lookup %s %d %d reverse=%d multi=%d\n",
realq, t, c, reverse, multi);
ctx = ub_val_ctx_create();
if(!ctx) {
fprintf(stderr, "error: out of memory\n");
exit(1);
}
if(multi) { if(multi) {
if(!dnslook(ctx, realq, LDNS_RR_TYPE_A, c, 1)) { if(!dnslook(ctx, realq, LDNS_RR_TYPE_A, c, 1)) {
/* domain exists, lookup more */ /* domain exists, lookup more */
@ -365,8 +374,16 @@ int main(int argc, char* argv[])
int c; int c;
char* qclass = NULL; char* qclass = NULL;
char* qtype = NULL; char* qtype = NULL;
struct ub_val_ctx* ctx = NULL;
ctx = ub_val_ctx_create();
if(!ctx) {
fprintf(stderr, "error: out of memory\n");
exit(1);
}
/* parse the options */ /* parse the options */
while( (c=getopt(argc, argv, "c:ht:v")) != -1) { while( (c=getopt(argc, argv, "F:c:f:ht:vy:")) != -1) {
switch(c) { switch(c) {
case 'c': case 'c':
qclass = optarg; qclass = optarg;
@ -377,6 +394,15 @@ int main(int argc, char* argv[])
case 'v': case 'v':
verb++; verb++;
break; break;
case 'y':
ub_val_ctx_add_ta(ctx, optarg);
break;
case 'f':
ub_val_ctx_add_ta_file(ctx, optarg);
break;
case 'F':
ub_val_ctx_trustedkeys(ctx, optarg);
break;
case '?': case '?':
case 'h': case 'h':
default: default:
@ -388,6 +414,6 @@ int main(int argc, char* argv[])
if(argc != 1) if(argc != 1)
usage(); usage();
lookup(argv[0], qtype, qclass); lookup(ctx, argv[0], qtype, qclass);
return 0; return 0;
} }