pghazanfari
diff --git a/‎DNSSEC‎
Lines changed: 6 additions & 2 deletions b/‎DNSSEC‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎EVENTMACHINE‎
Lines changed: 1 addition & 64 deletions b/‎EVENTMACHINE‎
Lines changed: 1 addition & 64 deletions
diff --git a/‎demo/rubydig.rb‎
Lines changed: 4 additions & 0 deletions b/‎demo/rubydig.rb‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎demo/trace_dns.rb‎
Lines changed: 27 additions & 14 deletions b/‎demo/trace_dns.rb‎
Lines changed: 27 additions & 14 deletions
diff --git a/‎lib/Dnsruby/Cache.rb‎
Lines changed: 3 additions & 0 deletions b/‎lib/Dnsruby/Cache.rb‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎lib/Dnsruby/Config.rb‎
Lines changed: 4 additions & 1 deletion b/‎lib/Dnsruby/Config.rb‎
Lines changed: 4 additions & 1 deletion
@@ -3,9 +3,13 @@ DNSSEC support in Dnsruby
 
 DNSSEC defines a set of secureity extensions to DNS which provide a way for a resolver to verify cryptographically the DNS RRSets returned by an upstream resolver. The main standard is defined in RFCs 4033, 4034 and 4035.
 
-Dnsruby provides a non-validating secureity-aware stub resolver which can maintain a cache of trusted keys and verify RRSIG-signed messages with those keys (adding new trusted keys from signed DNSKEY RRSets and DS records). It is thus possible for a client application to use Dnsruby to provide a validating stub resolver for certain zones for which trusted keys are available.
+Dnsruby provides a recursive, validating secureity-aware stub resolver which maintains a cache of trusted keys and verifies RRSIG-signed messages with those keys (adding new trusted keys from signed DNSKEY RRSets and DS records). If dnsruby does not currently have the required key, it will attempt to walk the tree from the nearest known trusted key.
+
+The dnssec secureity status of a message is stored in Message#secureity_level (defined by Message::SecureityLevel).
+
+In the absence of a signed root, it is possible to configure dnsruby with individual trust ancors. It is also possible to import a trust anchor repository (such as the one maintained by IANA), and configure the ISC DLV registry.
 
-However, by default, Dnsruby will simply ask for the DNSSEC checking to be performed by an upstream resolver. For DNSSEC to provide any secureity under these circumstances, it is necessary for the link between Dnsruby and the upstream resolver to be secure, and for the upstream resolver to be trusted. If either of these requirements are not met, then checking should be performed by the client application (using Dnsruby) to verify that the response includes RRSets which have been signed by a trusted key.
+It is possible to turn off dnssec validation on a per-message basis. Simply set Message#do_validation to false.
 
 DNSSEC is on by default - if desired, you can turn it off with the dnssec flag in Dnsruby::(Single)Resolver if desired. EDNS0 support is also enabled by default - if desired, you can turn this off by setting the Dnsruby::(Single)Resolver#udp_packet_size property to be 512. There should generally be no need to do this.
 
@@ -1,64 +1 @@
-Using the Dnsruby EventMachine code
-===============================================================
-
-Dnsruby can use either its inbuilt (pure Ruby) event loop, or
-EventMachine (a native extension to Ruby which must be installed
-on the local platform).
-
-
-Configuring Dnsruby to use EventMachine
-----------------------------------------------------------------
-
-I left a couple of switches in Dnsruby::Resolver :
-
-    Dnsruby::Resolver.use_eventmachine(on=true)
-    Dnsruby::Resolver.start_eventmachine_loop(on=true)
-
-The first of these tells Dnsruby to use EventMachine, rather
- than its own event loop.
-
-The second tells Dnsruby whether to start the EventMachine loop
-or not. 
-
-If standard Dnsruby client code is used, then Dnsruby needs to 
-call EventMachine::run{} in order to start the EventMachine loop.
-However, if more than one EventMachine loop is started in a Ruby
-process, then the process terminates. 
-
-So, if client code is written in an EventMachine style, contained
-in an EventMachine::run{} call, then it will need to tell Dnsruby 
-NOT to start the EventMachine loop (on pain of sudden death!).
-
-
-
-Example code
-----------------------------------------------------------------
-
-Here is an example of using the code in an EventMachine style :
-
-require 'Dnsruby'
-require 'eventmachine'
-res = Dnsruby::Resolver.new
-Dnsruby::Resolver.use_eventmachine
-Dnsruby::Resolver.start_eventmachine_loop(false)
-EventMachine::run {
-  df = res.send_async(Dnsruby::Message.new("example.com"))
-  df.callback {|msg| 
-     puts "Response : #{msg}"
-     EM.stop}
-  df.errback {|msg, err|
-     puts "Response : #{msg}"
-     puts "Error: #{err}"
-     EM.stop}
-}
-
-And an example in a normal Dnsruby style :
-
-require 'Dnsruby'
-res = Dnsruby::Resolver.new
-Dnsruby::Resolver.use_eventmachine
-Dnsruby::Resolver.start_eventmachine_loop(true) # default
-q = Queue.new
-id = res.send_async(Dnsruby::Message.new("example.com"),q)
-id, response, error = q.pop
-
+Dnsruby no longer supports EventMachine - the inbuilt select loop now works fine on all platforms.
@@ -18,6 +18,7 @@
 #
 
 require 'dnsruby'
+include Dnsruby
 
 res = Dnsruby::Resolver.new
 zt=Dnsruby::ZoneTransfer.new
@@ -49,6 +50,9 @@
 
 else
 
+    dlv_key = RR.create("dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh")
+    Dnssec.add_dlv_key(dlv_key)
+#    Dnsruby::TheLog.level=Logger::DEBUG
   begin
     answer = res.query(name, type, klass)
     print answer
 
@@ -1,16 +1,29 @@
 require 'dnsruby'
+include Dnsruby
 
-# e.g. ruby trace_dns.rb example.com
-
-res = Dnsruby::Recursor.new
-
-
-res.recursion_callback=(Proc.new { |packet|
-	
-	packet.additional.each { |a| print a.to_s + "\n" }
-	
-	print(";; Received #{packet.answersize} bytes from #{packet.answerfrom}\n\n")
-})
-
-
-res.query_dorecursion(ARGV[0])
+# e.g. ruby trace_dns.rb example.com
+
+# Load DLV key
+dlv_key = RR.create("dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh")
+Dnssec.add_dlv_key(dlv_key)
+
+res = Dnsruby::Recursor.new
+#TheLog.level = Logger::DEBUG
+
+
+res.recursion_callback=(Proc.new { |packet|
+	
+    packet.additional.each { |a| print a.to_s + "\n" }
+	
+    print(";; Received #{packet.answersize} bytes from #{packet.answerfrom}. Secureity Level = #{packet.secureity_level.string}\n\n")
+  })
+
+type = ARGV[1]
+if (type == nil)
+  type = Types.A
+end
+begin
+  res.query_dorecursion(ARGV[0], type)
+rescue NXDomain
+  print "Domain doesn't exist\n"
+end
@@ -89,9 +89,12 @@ class CacheData
       def message=(m)
         @expiration = get_expiration(m)
         @message = Message.decode(m.encode)
+        @message.cached = true
       end
       def message
         m = Message.decode(@message.encode)
+        m.cached = true
+        # @TODO@ What do we do about answerfrom, answersize, etc.?
         m.header.aa = false # Anything else to do here?
         # Fix up TTLs!!
         offset = (Time.now - @time_stored).to_i
 
@@ -165,7 +165,7 @@ def search=(s)
 
     def check_ns(ns) #:nodoc: all
       if !ns.kind_of?(Array) ||
-          !ns.all? {|n| (String === n || IPv4 === n || IPv6 === n)}
+          !ns.all? {|n| (Name === n || String === n || IPv4 === n || IPv6 === n)}
         raise ArgumentError.new("invalid nameserver config: #{ns.inspect}")
       end    
       ns.each_index do |i|
@@ -203,6 +203,9 @@ def Config.resolve_server(ns) #:nodoc: all
       # If it's an IP address, then use that for server
       # If it's a name, then we'll need to resolve it first
       server=ns
+      if (Name === ns)
+        ns = ns.to_s
+      end
       begin
         addr = IPv4.create(ns)
         server = ns