static void doAXFR(Message response) throws IOException { System.out.println("; java dig 0.0 <> " + name + " axfr"); if (response.isSigned()) { System.out.print(";; TSIG "); if (response.isVerified()) System.out.println("ok"); else System.out.println("failed"); } if (response.getRcode() != Rcode.NOERROR) { System.out.println(response); return; } Record [] records = response.getSectionArray(Section.ANSWER); for (int i = 0; i < records.length; i++) System.out.println(records[i]); System.out.print(";; done ("); System.out.print(response.getHeader().getCount(Section.ANSWER)); System.out.print(" records, "); System.out.print(response.getHeader().getCount(Section.ADDITIONAL)); System.out.println(" additional)"); }
@Test public void testPublishDomainFails_whenDnsUpdateReturnsError() throws Exception { DomainResource domain = persistActiveDomain("example.tld") .asBuilder() .setNameservers(ImmutableSet.of(Key.create(persistActiveHost("ns1.example.tld")))) .build(); persistResource(domain); when(mockResolver.send(any(Message.class))).thenReturn(messageWithResponseCode(Rcode.SERVFAIL)); VerifyException thrown = expectThrows( VerifyException.class, () -> { writer.publishDomain("example.tld"); writer.commit(); }); assertThat(thrown).hasMessageThat().contains("SERVFAIL"); }
@Test public void testPublishHostFails_whenDnsUpdateReturnsError() throws Exception { HostResource host = persistActiveSubordinateHost("ns1.example.tld", persistActiveDomain("example.tld")) .asBuilder() .setInetAddresses(ImmutableSet.of(InetAddresses.forString("10.0.0.1"))) .build(); persistResource(host); when(mockResolver.send(any(Message.class))).thenReturn(messageWithResponseCode(Rcode.SERVFAIL)); VerifyException thrown = expectThrows( VerifyException.class, () -> { writer.publishHost("ns1.example.tld"); writer.commit(); }); assertThat(thrown).hasMessageThat().contains("SERVFAIL"); }
public static void main(String[] args) throws Exception { try (DatagramSocket socket = new DatagramSocket()) { Message message = new Message(); Header header = message.getHeader(); header.setOpcode(Opcode.QUERY); header.setID(1); header.setRcode(Rcode.NOERROR); header.setFlag(Flags.RD); message.addRecord(Record.newRecord(new Name("www.xqbase.com."), Type.A, DClass.IN), Section.QUESTION); byte[] data = message.toWire(); DatagramPacket packet = new DatagramPacket(data, data.length, new InetSocketAddress("localhost", 53)); socket.send(packet); data = new byte[65536]; packet = new DatagramPacket(data, data.length); socket.setSoTimeout(2000); socket.receive(packet); Message response = new Message(Bytes.left(data, packet.getLength())); System.out.println(response); } }
public void test_toString() { m_h.setOpcode(Opcode.value("STATUS")); m_h.setRcode(Rcode.value("NXDOMAIN")); m_h.setFlag(0); // qr m_h.setFlag(7); // rd m_h.setFlag(8); // ra m_h.setFlag(11); // cd m_h.setCount(1, 0xFF); m_h.setCount(2, 0x0A); String text = m_h.toString(); assertFalse(text.indexOf("id: 43981") == -1); assertFalse(text.indexOf("opcode: STATUS") == -1); assertFalse(text.indexOf("status: NXDOMAIN") == -1); assertFalse(text.indexOf(" qr ") == -1); assertFalse(text.indexOf(" rd ") == -1); assertFalse(text.indexOf(" ra ") == -1); assertFalse(text.indexOf(" cd ") == -1); assertFalse(text.indexOf("qd: 0 ") == -1); assertFalse(text.indexOf("an: 255 ") == -1); assertFalse(text.indexOf("au: 10 ") == -1); assertFalse(text.indexOf("ad: 0 ") == -1); }
public void test_clone() { m_h.setOpcode(Opcode.value("IQUERY")); m_h.setRcode(Rcode.value("SERVFAIL")); m_h.setFlag(0); // qr m_h.setFlag(7); // rd m_h.setFlag(8); // ra m_h.setFlag(11); // cd m_h.setCount(1, 0xFF); m_h.setCount(2, 0x0A); Header h2 = (Header)m_h.clone(); assertNotSame(m_h, h2); assertEquals(m_h.getID(), h2.getID()); for( int i=0; i<16; ++i){ if( (i>0 && i<5) || i > 11){ continue; } assertEquals(m_h.getFlag(i), h2.getFlag(i)); } for( int i=0; i<4; ++i){ assertEquals(m_h.getCount(i), h2.getCount(i)); } }
@Test public void testValidAnswerToDifferentQueryTypeIsBogus() throws IOException { Message m = resolver.send(createMessage("www.ingotronic.ch./A")); Message message = createMessage("www.ingotronic.ch./MX"); for (int i = 1; i < Section.ADDITIONAL; i++) { for (Record r: m.getSectionArray(i)) { message.addRecord(r, i); } } add("www.ingotronic.ch./A", message); Message response = resolver.send(createMessage("www.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.response.unknown:UNKNOWN", getReason(response)); }
@Test public void testDNameWithNoCnameIsValid() throws IOException { Message m = resolver.send(createMessage("www.isc.ingotronic.ch./A")); Message message = messageFromString(m.toString().replaceAll("(.*CNAME.*)", "").replaceAll("\n\n", "\n")); add("www.isc.ingotronic.ch./A", message); Message response = resolver.send(createMessage("www.isc.ingotronic.ch./A")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); Lookup l = new Lookup("www.isc.ingotronic.ch"); l.setResolver(resolver); Record[] results = l.run(); assertTrue(results != null); assertTrue(results.length >= 1); }
@Test public void testUnsignedThatMustBeSigned() throws IOException { Name query = Name.fromString("www.ingotronic.ch."); // prepare a faked, unsigned response message that must have a signature // to be valid Message message = new Message(); message.addRecord(Record.newRecord(query, Type.A, DClass.IN), Section.QUESTION); message.addRecord(new ARecord(query, Type.A, DClass.IN, InetAddress.getByName(localhost)), Section.ANSWER); add("www.ingotronic.ch./A", message); Message response = resolver.send(createMessage("www.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.missingsig", getReason(response)); }
@Test public void testModifiedSignature() throws IOException { Name query = Name.fromString("www.ingotronic.ch."); // prepare a faked, unsigned response message that must have a signature // to be valid Message message = new Message(); message.addRecord(Record.newRecord(query, Type.A, DClass.IN), Section.QUESTION); message.addRecord(new ARecord(query, Type.A, DClass.IN, InetAddress.getByName(localhost)), Section.ANSWER); message.addRecord(new RRSIGRecord(query, DClass.IN, 0, Type.A, Algorithm.RSASHA256, 5, new Date(System.currentTimeMillis() + 5000), new Date(System.currentTimeMillis() - 5000), 1234, Name.fromString("ingotronic.ch."), new byte[] { 1, 2, 3 }), Section.ANSWER); add("www.ingotronic.ch./A", message); Message response = resolver.send(createMessage("www.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.answer.positive:{ www.ingotronic.ch.")); }
@Override protected void commitUnchecked() { try { Message response = transport.send(update); verify( response.getRcode() == Rcode.NOERROR, "DNS server failed domain update for '%s' rcode: %s", zoneName, Rcode.string(response.getRcode())); } catch (IOException e) { throw new RuntimeException("publishDomain failed for zone: " + zoneName, e); } }
@Before public void setUp() throws Exception { inject.setStaticField(Ofy.class, "clock", clock); createTld("tld"); when(mockResolver.send(any(Update.class))).thenReturn(messageWithResponseCode(Rcode.NOERROR)); writer = new DnsUpdateWriter( "tld", Duration.ZERO, Duration.ZERO, Duration.ZERO, mockResolver, clock); }
@Before public void before() throws Exception { simpleQuery = Message.newQuery(Record.newRecord(Name.fromString("example.com."), Type.A, DClass.IN)); expectedResponse = responseMessageWithCode(simpleQuery, Rcode.NOERROR); when(mockFactory.createSocket(InetAddress.getByName(UPDATE_HOST), DnsMessageTransport.DNS_PORT)) .thenReturn(mockSocket); resolver = new DnsMessageTransport(mockFactory, UPDATE_HOST, Duration.ZERO); }
@Test public void shouldReturnEmptyForHostNotFound() throws Exception { String fqdn = "thefqdn."; when(lookupFactory.forName(fqdn)).thenReturn(testLookup(fqdn)); when(xbillResolver.send(any(Message.class))).thenReturn(messageWithRCode(fqdn, Rcode.NXDOMAIN)); assertThat(resolver.resolve(fqdn).isEmpty(), is(true)); }
public boolean sendAdd() throws TextParseException, IOException { boolean rc = false; Resolver res = createResolver(); String revIp = buildReverseIpString(); Name owner = new Name(revIp.toString()); PTRRecord ptr = new PTRRecord(owner, DClass.IN, ttl, new Name(fqdn)); Name _zone = buildZoneName(revIp); Update update = new Update(_zone); update.delete(owner); update.add(ptr); if (log.isDebugEnabled()) { log.debug("Sending reverse DDNS update (replace) to server=" + server + ":\n" + update.toString()); } else if (log.isInfoEnabled()) { log.info("Sending reverse DDNS update (replace): " + ptr.toString()); } Message response = res.send(update); if (response.getRcode() == Rcode.NOERROR) { log.info("Reverse DDNS update (replace) succeeded: " + ptr.toString()); rc = true; } else { log.error("Reverse DDNS update (replace) failed (rcode=" + Rcode.string(response.getRcode()) + "): " + ptr.toString()); } return rc; }
public boolean sendDelete() throws TextParseException, IOException { boolean rc = false; Resolver res = createResolver(); String revIp = buildReverseIpString(); Name owner = new Name(revIp); PTRRecord ptr = new PTRRecord(owner, DClass.IN, 0, new Name(fqdn)); Name _zone = buildZoneName(revIp); Update update = new Update(_zone); update.delete(ptr); if (log.isDebugEnabled()) { log.debug("Sending reverse DDNS update (delete) to server=" + server + ":\n" + update.toString()); } else if (log.isInfoEnabled()) { log.info("Sending reverse DDNS update (delete): " + ptr.toString()); } Message response = res.send(update); if (response.getRcode() == Rcode.NOERROR) { log.info("Reverse DDNS update (delete) succeeded: " + ptr.toString()); rc = true; } else { log.error("Reverse DDNS update (delete) failed (rcode=" + Rcode.string(response.getRcode()) + "): " + ptr.toString()); } return rc; }
/** * Apply any final massaging to a response before returning up the pipeline. * Primarily this means setting the AD bit or not and possibly stripping * DNSSEC data. */ private SMessage processFinishedState(Message request, SMessage response) { // If the response message validated, set the AD bit. SecurityStatus status = response.getStatus(); String reason = response.getBogusReason(); switch (status) { case BOGUS: // For now, in the absence of any other API information, we // return SERVFAIL. int code = response.getHeader().getRcode(); if (code == Rcode.NOERROR || code == Rcode.NXDOMAIN || code == Rcode.YXDOMAIN) { code = Rcode.SERVFAIL; } response = ValidatingResolver.errorMessage(request, code); break; case SECURE: response.getHeader().setFlag(Flags.AD); break; case UNCHECKED: case INSECURE: break; default: throw new RuntimeException("unexpected security status"); } response.setStatus(status, reason); return response; }
@Test public void testInvalidIterationCountMarksInsecure() throws IOException { Properties config = new Properties(); config.put("org.jitsi.dnssec.nsec3.iterations.1024", 0); config.put("org.jitsi.dnssec.nsec3.iterations.2048", 0); config.put("org.jitsi.dnssec.nsec3.iterations.4096", 0); resolver.init(config); Message response = resolver.send(createMessage("www.wc.nsec3.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("failed.nsec3_ignored", getReason(response)); }
@Test public void testNsec3WithoutClosestEncloser() throws IOException { Message m = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A")); Message message = messageFromString(m.toString().replaceAll("((UDUMPS9J6F8348HFHH2FAED6I9DDE0U6)|(NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P))\\.nsec3.*", "")); add("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A", message); Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); }
@Test public void testNsec3NodataChangedToNxdomainIsBogus() throws IOException { Message m = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./MX")); Message message = messageFromString(m.toString().replaceAll("status: NOERROR", "status: NXDOMAIN")); add("a.b.nsec3.ingotronic.ch./A", message); Message response = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); }
@Test @AlwaysOffline public void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException { Message response = resolver.send(createMessage("a.unsigned.nsec3.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals("failed.nxdomain.nsec3_insecure", getReason(response)); }
@Test public void testNxDomainWithInvalidNsecSignature() throws IOException { Message m = resolver.send(createMessage("x.ingotronic.ch./A")); Message message = messageFromString(m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg==")); add("x.ingotronic.ch./A", message); Message response = resolver.send(createMessage("x.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nxdomain.authority")); }
@Test public void testNsecEcdsa256() throws IOException { Provider[] providers = Security.getProviders("KeyFactory.EC"); Assume.assumeTrue(providers != null && providers.length > 0); Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa256.ingotronic.ch./A")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); }
@Test public void testNameErrorWhenNsecIsNotFromApex() throws IOException { Message response = resolver.send(createMessage("1.www.ingotronic.ch./A")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); }
@Test public void testNoDataWhenDSResultIsFromChild() throws IOException { Message m = resolver.send(createMessage("samekey.ingotronic.ch./MX")); // this test needs to have the key in the cache add("samekey.ingotronic.ch./DS", m, false); Message response = resolver.send(createMessage("samekey.ingotronic.ch./DS")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); }
@Test public void testNoDataOfDSForRoot() throws IOException { Message response = resolver.send(createMessage("./DS")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); }
@Test public void testValidExising() throws IOException { Message response = resolver.send(createMessage("www.partial.ingotronic.ch./A")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertNull(getReason(response)); }
@Test public void testValidExisingNoType() throws IOException { Message response = resolver.send(createMessage("www.partial.ingotronic.ch./MX")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertTrue(isEmptyAnswer(response)); assertNull(getReason(response)); }
@Test public void testValidNonExising() throws IOException { Message response = resolver.send(createMessage("www.gibtsnicht.partial.ingotronic.ch./A")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); }
@Test public void testFakedNoDataNsec3WithoutNsecs() throws IOException { Message m = resolver.send(createMessage("www.nsec3.ingotronic.ch./A")); Message message = messageFromString(m.toString().replaceAll("www\\.nsec3\\.ingotronic\\.ch\\.\\s+.*", "")); add("www.nsec3.ingotronic.ch./A", message); Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nodata")); }
@Test public void testFakedNoDataNsec3WithNsecs() throws IOException { Message m = resolver.send(createMessage("www.nsec3.ingotronic.ch./MX")); Message message = messageFromString(m.toString().replaceAll("type = MX", "type = A")); add("www.nsec3.ingotronic.ch./A", message); Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nodata")); }
@Test public void testDNameToExistingIsValid() throws IOException { Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); }
@Test public void testDNameToNoDataIsValid() throws IOException { Message response = resolver.send(createMessage("www.alias.ingotronic.ch./MX")); assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); }
@Test public void testMd5AlgRfc6944() throws IOException { Message response = resolver.send(createMessage("rsamd5.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("insecure.ds.noalgorithms:rsamd5.ingotronic.ch.", getReason(response)); }
@Test public void testDNameDirectQueryIsValid() throws IOException { Message response = resolver.send(createMessage("alias.ingotronic.ch./DNAME")); assertTrue("AD flag must not set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); for (RRset set : response.getSectionRRsets(Section.ANSWER)) { if (set.getType() == Type.DNAME) { DNAMERecord r = (DNAMERecord)set.first(); assertEquals(Name.fromString("ingotronic.ch."), r.getTarget()); } } }
@Test public void testDNameWithFakedCnameIsInvalid() throws IOException { Message m = resolver.send(createMessage("www.alias.ingotronic.ch./A")); Message message = messageFromString(m.toString().replaceAll("(.*CNAME\\s+)(.*)", "$1 www.isc.org.")); add("www.alias.ingotronic.ch./A", message); Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.synthesize.nomatch:www.isc.org.:www.ingotronic.ch.", getReason(response)); }
@Test public void testDNameWithMultipleCnamesIsInvalid() throws IOException { Message m = resolver.send(createMessage("www.alias.ingotronic.ch./A")); Message message = messageFromString(m.toString().replaceAll("(.*CNAME.*)", "$1\n$1example.com.")); add("www.alias.ingotronic.ch./A", message); Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A")); assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.synthesize.multiple", getReason(response)); }
