Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
  • 2 commits
  • 3 files changed
  • 0 commit comments
  • 1 contributor
Commits on Apr 09, 2013
Matt Simerson Fully qualify mailaddr in BIND export
if it isn't already
463807c
Matt Simerson tested and functional NSEC3 exports 9d6fe70
6 server/lib/NicToolServer/Export/BIND.pm
View
@@ -244,7 +244,11 @@ sub zr_soa {
my ($self, $z) = @_;
# empty mailaddr makes BIND angry, set a default
- $z->{mailaddr} ||= 'hostmaster.' . $z->{zone};
+ $z->{mailaddr} ||= 'hostmaster.' . $z->{zone} . '.';
+ if ( '.' ne substr( $z->{mailaddr}, -1, 1) ) { # not fully qualified
+ $z->{mailaddr} = $self->{nte}->qualify( $z->{mailaddr} ); # append domain
+ $z->{mailaddr} .= '.'; # append trailing dot
+ };
# name ttl class rr name-server email-addr (sn ref ret ex min)
return "
43 server/lib/NicToolServer/Export/tinydns.pm
View
@@ -9,6 +9,7 @@ use base 'NicToolServer::Export::Base';
use Cwd;
use File::Copy;
+use MIME::Base32;
use MIME::Base64;
use Net::IP;
use Params::Validate qw/ :all /;
@@ -577,8 +578,16 @@ sub zr_nsec3 {
# TTL should be same as zone SOA minimum: RFC 2308
# IN NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
- my ($hash_algo, $flags, $iters, $salt, undef, $next_hash) =
- split /\s+/, $r->{address}, 6;
+ my @data = split /\s+/, $r->{address};
+ @data = grep { $_ ne '(' && $_ ne ')' } @data; # make parens optional
+ if ( '(' eq substr( $data[0], 0, 1) ) { $data[0] = substr $data[0], 1; };
+ if ( ')' eq substr( $data[-1], -1, 1) ) { chop $data[-1]; };
+
+ my ($hash_algo, $flags, $iters, $salt, $next_hash, @types ) = @data;
+ if ( $salt eq '-' ) { $salt = ''; }
+ else { $salt = pack 'H*', $salt }; # to binary
+
+ $next_hash = $self->base32str_to_bin( $next_hash );
my $rdata = escape_rdata( pack 'CCnCa*Ca*',
$hash_algo, # Hash Algorithm 1 octet
@@ -590,7 +599,8 @@ sub zr_nsec3 {
$next_hash # Next Hashed Owner Name - unmodified binary hash value
);
- $rdata .= $self->pack_type_bitmap( $r->{description} ); # Type Bit Maps
+ my $bitmap_list = scalar @types ? join(' ', @types) : $r->{description};
+ $rdata .= $self->pack_type_bitmap( $bitmap_list ); # Type Bit Maps
return $self->zr_generic( 50, $r, $rdata );
};
@@ -724,15 +734,16 @@ sub pack_type_bitmap {
$rec_ids{ $self->{nte}->get_rr_id( $label ) } = $label;
};
- my ($highest_rr_id) = (sort keys %rec_ids)[-1]; # find the highest ID
+ my ($highest_rr_id) = (sort { $a <=> $b} keys %rec_ids)[-1]; # find highest ID
- my $highest_window = int( $highest_rr_id / 256 );
+ my $highest_window = int( $highest_rr_id / 256 ); # how many windows needed?
$highest_window += ( $highest_rr_id % 256 == 0 ? 0 : 1 );
my $bitmap;
foreach my $window ( 0 .. $highest_window ) {
my $base = $window * 256;
- next unless grep { $_ >= $base && $_ < $base + 256 } %rec_ids;
+ next unless grep { $_ >= $base && $_ < $base + 256 } keys %rec_ids;
+
my $highest_in_this_window = $highest_rr_id - $base;
my $bm_octets = int( $highest_in_this_window / 8 );
@@ -770,6 +781,26 @@ sub to_tai64 {
return substr unixtai64( $ts ), 1;
};
+sub base32str_to_bin {
+ my ($self, $str) = @_;
+
+ # RFC 5155 (NSEC3) suggests using Base32 with Extended Hex Alphabet as
+ # described in RFC 4648).
+
+ # Convert::Base32 implements Base32 per RACE 03 (ie, differently). First
+ # clue? It dies on the NSEC3 RFC example with "non-Base32 characters"
+ #return Convert::Base32::decode_base32( $str );
+
+ # MIME::Base32 in 'RFC' mode implements RFC 3548, which is RFC 4648 minus
+ # the 'base32 extended hex alphabet'. It won't suffice.
+
+ # The MB fallback method is encode_09AV, which will work if we uc the
+ # string first.
+ return MIME::Base32::decode( uc $str );
+
+#TODO: patch MIME::Base32 to implement RFC 4648
+};
+
# next 3 subs based on http://www.anders.com/projects/sysadmin/djbdnsRecordBuilder/
sub escape {
my $line = pop @_;
67 server/t/22_export.t
View
@@ -62,30 +62,17 @@ foreach ( @good_ports ) {
ok( $export->is_ip_port($_), "is_ip_port, valid, $_");
};
-done_testing() and exit;
+#done_testing() and exit;
# TODO: specify NS type when loading, so we can run these NS specific tests
$export->load_export_class();
-$r = $export->{export_class}->datestamp_to_int( '20130401101010' );
-cmp_ok( $r, '==', 1364811010, "datestamp_to_int, $r");
-
-$r = $export->{export_class}->expand_aaaa( '2607:f060:b008:feed::6' );
-cmp_ok( $r, 'eq', '2607:f060:b008:feed:0000:0000:0000:0006', 'expand_aaaa');
-#print "r: $r\n";
-
-$r = $export->{export_class}->aaaa_to_ptr( {
- address => $r,
- name => 'ns2.cadillac.net.',
- ttl => 86400,
- timestamp => '',
- location => '',
- } );
-cmp_ok( $r, 'eq', '^6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.e.e.f.8.0.0.b.0.6.0.f.7.0.6.2.ip6.arpa.:ns2.cadillac.net.:86400::
-', 'aaaa_to_ptr');
#print "r: $r\n";
-#_zr_nsec();
-#_zr_rrsig();
+_zr_nsec();
+_zr_rrsig();
+_aaaa_to_ptr();
+_datestamp_to_int();
+_zr_nsec3();
done_testing() and exit;
@@ -133,7 +120,7 @@ sub _zr_rrsig {
timestamp => '',
location => '',
} );
- cmp_ok( $r, 'eq', 'A 5 3 86411 20130701084611 20130402084611 52071 simerson.com. kFuXL2wTkWD7BYt0x3e5GkZru5mCnf1AmkBhXo7BASMnkRWi0hoaQKQ68jhVnk+Tede9tbPiEBgdgOl7LkOMAdtnByoMdczV8kTgRcNA5nWhttfT+X7lPeOXn2igLuik7ceyWHyWiCheDzyPXAgntcZQWKUVDJCEq6DO1IEOwWFRAgWYoGnXVNNaKWP0Iho6CSXujK8lvRdALY+WY3q60GTBJworRIIp6xEZW3JkbvVbCioyBm8VQ5rvRjftM0ru4GACbMpz5Ysga7bJWZodbGk5xERlXLGOiZF5f1+zgWR/igooqsPvGSJAXPL6QCDhn6V8cooWRtib2PLrgdexGw==
+ cmp_ok( $r, 'eq', ':localhost.simerson.com.:46:\000\001\005\003\000\001Q\213Q\321A\323QZ\232\323\313g\010simerson\003com\000\220\133\227\057l\023\221\140\373\005\213t\307w\271\032Fk\273\231\202\235\375\100\232\100a\136\216\301\001\043\047\221\025\242\322\032\032\100\244\072\3628U\236O\223y\327\275\265\263\342\020\030\035\200\351\173.C\214\001\333g\007\052\014u\314\325\362D\340E\303\100\346u\241\266\327\323\371\176\345\075\343\227\237h\240.\350\244\355\307\262X\174\226\210\050\136\017\074\217\134\010\047\265\306PX\245\025\014\220\204\253\240\316\324\201\016\301aQ\002\005\230\240i\327T\323Z\051c\364\042\032\072\011\045\356\214\257\045\275\027\100-\217\226cz\272\320d\301\047\012\053D\202\051\353\021\031\133rdn\365\133\012\0522\006o\025C\232\357F7\3553J\356\340\140\002l\312s\345\213\040k\266\311Y\232\035li9\304De\134\261\216\211\221y\177\137\263\201d\177\212\012\050\252\303\357\031\042\100\134\362\372\100\040\341\237\245\174r\212\026F\330\233\330\362\353\201\327\261\033:86400::
', 'zr_rrsig');
};
@@ -147,7 +134,7 @@ sub _zr_nsec {
location => '',
} );
cmp_ok( $r, 'eq', ':localhost.simerson.com.:47:\011mbp-hires\010simerson\003com\000\000\006\100\000\000\000\000\003:86400::
- ', 'zr_nsec');
+', 'zr_nsec');
$r = $export->{export_class}->zr_nsec( {
name => 'localhost.simerson.com.',
@@ -158,6 +145,42 @@ sub _zr_nsec {
location => '',
} );
cmp_ok( $r, 'eq', ':localhost.simerson.com.:47:\011mbp-hires\010simerson\003com\000\000\006\100\000\000\000\000\003:86400::
- ', 'zr_nsec');
+', 'zr_nsec');
print $r;
};
+sub _datestamp_to_int {
+ $r = $export->{export_class}->datestamp_to_int( '20130401101010' );
+ cmp_ok( $r, '==', 1364811010, "datestamp_to_int, $r");
+
+ $r = $export->{export_class}->expand_aaaa( '2607:f060:b008:feed::6' );
+ cmp_ok( $r, 'eq', '2607:f060:b008:feed:0000:0000:0000:0006', 'expand_aaaa');
+#print "r: $r\n";
+};
+
+sub _aaaa_to_ptr {
+
+ $r = $export->{export_class}->aaaa_to_ptr( {
+ address => '2607:f060:b008:feed::6',
+ name => 'ns2.cadillac.net.',
+ ttl => 86400,
+ timestamp => '',
+ location => '',
+ } );
+
+ cmp_ok( $r, 'eq', '^6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.e.e.f.8.0.0.b.0.6.0.f.7.0.6.2.ip6.arpa.:ns2.cadillac.net.:86400::
+', 'aaaa_to_ptr');
+};
+
+sub _zr_nsec3 {
+ $r = $export->{export_class}->zr_nsec3( {
+ name => 'nsec3.simerson.com.',
+ address => '1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )',
+ description => '(A RRSIG NSEC)',
+ ttl => '86400',
+ timestamp => '',
+ location => '',
+ } );
+ cmp_ok( $r, 'eq', ':nsec3.simerson.com.:50:\001\001\000\014\004\252\273\314\335\024\027N\262\100\237\342\213\313H\207\241\203o\225\177\012\204\045\342\173\000\007\042\001\000\000\000\002\220:86400::
+', 'zr_nsec3');
+
+};

No commit comments for this range

Something went wrong with that request. Please try again.