use of org.minidns.record.Record in project minidns by MiniDNS.
the class DNSMessageTest method testSRVLookup.
@Test
public void testSRVLookup() throws Exception {
DNSMessage m = getMessageFromResource("gpn-srv");
assertFalse(m.authoritativeAnswer);
List<Record<? extends Data>> answers = m.answerSection;
assertEquals(1, answers.size());
Record<? extends Data> answer = answers.get(0);
assertTrue(answer.getPayload() instanceof SRV);
assertEquals(TYPE.SRV, answer.getPayload().getType());
SRV r = (SRV) (answer.getPayload());
assertCsEquals("raven.toroid.org", r.target);
assertEquals(5222, r.port);
assertEquals(0, r.priority);
}
use of org.minidns.record.Record in project minidns by MiniDNS.
the class DNSMessageTest method testRootDnskeyLookup.
@Test
public void testRootDnskeyLookup() throws Exception {
DNSMessage m = getMessageFromResource("root-dnskey");
assertFalse(m.authoritativeAnswer);
assertTrue(m.recursionDesired);
assertTrue(m.recursionAvailable);
List<Record<? extends Data>> answers = m.answerSection;
assertEquals(3, answers.size());
for (int i = 0; i < answers.size(); i++) {
Record<? extends Data> answer = answers.get(i);
assertCsEquals(".", answer.name);
assertEquals(19593, answer.getTtl());
assertEquals(TYPE.DNSKEY, answer.type);
assertEquals(TYPE.DNSKEY, answer.getPayload().getType());
DNSKEY dnskey = (DNSKEY) answer.getPayload();
assertEquals(3, dnskey.protocol);
assertEquals(SignatureAlgorithm.RSASHA256, dnskey.algorithm);
assertTrue((dnskey.flags & DNSKEY.FLAG_ZONE) > 0);
assertEquals(dnskey.getKeyTag(), dnskey.getKeyTag());
switch(i) {
case 0:
assertTrue((dnskey.flags & DNSKEY.FLAG_SECURE_ENTRY_POINT) > 0);
assertEquals(260, dnskey.getKeyLength());
assertEquals(19036, dnskey.getKeyTag());
break;
case 1:
assertEquals(DNSKEY.FLAG_ZONE, dnskey.flags);
assertEquals(132, dnskey.getKeyLength());
assertEquals(48613, dnskey.getKeyTag());
break;
case 2:
assertEquals(DNSKEY.FLAG_ZONE, dnskey.flags);
assertEquals(132, dnskey.getKeyLength());
assertEquals(1518, dnskey.getKeyTag());
break;
}
}
List<Record<? extends Data>> arr = m.additionalSection;
assertEquals(1, arr.size());
Record<? extends Data> opt = arr.get(0);
EDNS edns = EDNS.fromRecord(opt);
assertEquals(512, edns.udpPayloadSize);
assertEquals(0, edns.version);
}
use of org.minidns.record.Record in project minidns by MiniDNS.
the class DNSMessageTest method testMXLookup.
@Test
public void testMXLookup() throws Exception {
DNSMessage m = getMessageFromResource("gmail-mx");
assertFalse(m.authoritativeAnswer);
List<Record<? extends Data>> answers = m.answerSection;
assertEquals(5, answers.size());
Map<Integer, DNSName> mxes = new TreeMap<>();
for (Record<? extends Data> r : answers) {
assertCsEquals("gmail.com", r.name);
Data d = r.getPayload();
assertTrue(d instanceof MX);
assertEquals(TYPE.MX, d.getType());
mxes.put(((MX) d).priority, ((MX) d).target);
}
assertCsEquals("gmail-smtp-in.l.google.com", mxes.get(5));
assertCsEquals("alt1.gmail-smtp-in.l.google.com", mxes.get(10));
assertCsEquals("alt2.gmail-smtp-in.l.google.com", mxes.get(20));
assertCsEquals("alt3.gmail-smtp-in.l.google.com", mxes.get(30));
assertCsEquals("alt4.gmail-smtp-in.l.google.com", mxes.get(40));
}
use of org.minidns.record.Record in project minidns by MiniDNS.
the class DNSMessageTest method testExampleNsecLookup.
@Test
public void testExampleNsecLookup() throws Exception {
DNSMessage m = getMessageFromResource("example-nsec");
List<Record<? extends Data>> answers = m.answerSection;
assertEquals(1, answers.size());
assertEquals(TYPE.NSEC, answers.get(0).type);
assertEquals(TYPE.NSEC, answers.get(0).payloadData.getType());
NSEC nsec = (NSEC) answers.get(0).getPayload();
assertCsEquals("www.example.com", nsec.next);
ArrayList<TYPE> types = new ArrayList<>(Arrays.asList(TYPE.A, TYPE.NS, TYPE.SOA, TYPE.TXT, TYPE.AAAA, TYPE.RRSIG, TYPE.NSEC, TYPE.DNSKEY));
for (TYPE type : nsec.types) {
assertTrue(types.remove(type));
}
assertTrue(types.isEmpty());
}
use of org.minidns.record.Record in project minidns by MiniDNS.
the class DNSSECClient method verifyNsec.
private Set<UnverifiedReason> verifyNsec(DNSMessage dnsMessage) throws IOException {
Set<UnverifiedReason> result = new HashSet<>();
Question q = dnsMessage.questions.get(0);
boolean validNsec = false;
boolean nsecPresent = false;
DNSName zone = null;
List<Record<? extends Data>> nameserverRecords = dnsMessage.authoritySection;
for (Record<? extends Data> nameserverRecord : nameserverRecords) {
if (nameserverRecord.type == TYPE.SOA)
zone = nameserverRecord.name;
}
if (zone == null)
throw new DNSSECValidationFailedException(q, "NSECs must always match to a SOA");
for (Record<? extends Data> record : nameserverRecords) {
UnverifiedReason reason;
switch(record.type) {
case NSEC:
nsecPresent = true;
reason = verifier.verifyNsec(record, q);
break;
case NSEC3:
nsecPresent = true;
reason = verifier.verifyNsec3(zone, record, q);
break;
default:
continue;
}
if (reason != null) {
result.add(reason);
} else {
validNsec = true;
}
}
if (nsecPresent && !validNsec) {
throw new DNSSECValidationFailedException(q, "Invalid NSEC!");
}
List<Record<? extends Data>> toBeVerified = dnsMessage.copyAuthority();
VerifySignaturesResult verifiedSignatures = verifySignatures(q, nameserverRecords, toBeVerified);
if (validNsec && verifiedSignatures.reasons.isEmpty()) {
result.clear();
} else {
result.addAll(verifiedSignatures.reasons);
}
if (!toBeVerified.isEmpty() && toBeVerified.size() != nameserverRecords.size()) {
throw new DNSSECValidationFailedException(q, "Only some nameserver records are signed!");
}
return result;
}
Aggregations