Example 1 with NSECRecord
use of org.xbill.DNS.NSECRecord in project dim by 1and1.
the class ZoneVerifier method processNSECChain.
private int processNSECChain() {
int errors = 0;
NSECRecord lastNSEC = null;
for (Iterator<Map.Entry<Name, MarkRRset>> i = mNSECMap.entrySet().iterator(); i.hasNext(); ) {
// which is different.
if (lastNSEC != null) {
if (lastNSEC.getName().compareTo(lastNSEC.getNext()) >= 0) {
log.warning("NSEC for " + lastNSEC.getName() + " has next name >= owner but is not the last NSEC in the chain.");
errors++;
}
}
Map.Entry<Name, MarkRRset> entry = i.next();
Name n = entry.getKey();
MarkRRset rrset = entry.getValue();
// signed node.
if (!rrset.getMark()) {
log.warning("NSEC RR for " + n + " appears to be extra.");
errors++;
}
NSECRecord nsec = (NSECRecord) rrset.first();
// nsec map incorrectly.
if (!n.equals(nsec.getName())) {
log.warning("The NSEC in the map for name " + n + " has name " + nsec.getName());
errors++;
}
// name
if (lastNSEC == null && !n.equals(mZoneName)) {
log.warning("The first NSEC in the chain does not match the zone name: name = " + n + " zonename = " + mZoneName);
errors++;
}
// Check that the prior NSEC's next name equals this rows owner name.
if (lastNSEC != null) {
if (!lastNSEC.getNext().equals(nsec.getName())) {
log.warning("NSEC for " + lastNSEC.getName() + " does not point to the next NSEC in the chain: " + n);
errors++;
}
}
lastNSEC = nsec;
}
// the ownername should be >= next name.
if (lastNSEC.getName().compareTo(lastNSEC.getNext()) < 0) {
log.warning("The last NSEC RR in the chain did not have an owner >= next: owner = " + lastNSEC.getName() + " next = " + lastNSEC.getNext());
errors++;
}
// check to make sure it links to the first NSEC in the chain
if (!lastNSEC.getNext().equals(mZoneName)) {
log.warning("The last NSEC RR in the chain did not link to the first NSEC");
errors++;
}
return errors;
}Example 2 with NSECRecord
use of org.xbill.DNS.NSECRecord in project dim by 1and1.
the class ZoneVerifier method processNSEC.
private int processNSEC(Name n, Set<Integer> typeset) {
MarkRRset rrset = mNSECMap.get(n);
if (n == null) {
log.warning("Missing NSEC for " + n);
return 1;
}
int errors = 0;
rrset.setMark(true);
NSECRecord nsec = (NSECRecord) rrset.first();
// check typemap
if (!checkTypeMap(typeset, nsec.getTypes())) {
log.warning("Typemap for NSEC RR " + n + " did not match what was expected. Expected '" + typesetToString(typeset) + "', got '" + typesToString(nsec.getTypes()));
errors++;
}
// verify rrset
errors += processRRset(rrset);
return errors;
}
Also used :
NSECRecord(org.xbill.DNS.NSECRecord)
