dblacka / jdnssec-tools Goto Github PK
View Code? Open in Web Editor NEWJava command line tools for DNSSEC
Java command line tools for DNSSEC
Hi,
We are using this in our tests and are using the exit code to see if the jdnssec-verify passed it's test.
Now, when there is an unhandled exception (like this one: #9) then it exits with code 0, so this goes unnoticed for us.
Suggestion is to have a catch all for all exceptions in jdnssec-verify and to exit with non-zero code in that case.
Thanks
Instead, jdnssec-verifyzone should complain if duplicate RRs exist in a zone.
In particular, it thinks that empty non-terminals created by insecure delegations should have NSEC3 records.
org.xbill.DNS.Tokenizer$TokenizerException: dns.be.zone.forfast.axfr:30: Invalid type 'CAA'
at org.xbill.DNS.Tokenizer.exception(Tokenizer.java:710)
at org.xbill.DNS.Master.parseTTLClassAndType(Master.java:161)
at org.xbill.DNS.Master._nextRecord(Master.java:364)
at org.xbill.DNS.Master.nextRecord(Master.java:388)
at com.verisignlabs.dnssec.security.ZoneUtils.readZoneFile(ZoneUtils.java:74)
at com.verisignlabs.dnssec.cl.VerifyZone.execute(VerifyZone.java:141)
at com.verisignlabs.dnssec.cl.CLBase.run(CLBase.java:336)
at com.verisignlabs.dnssec.cl.VerifyZone.main(VerifyZone.java:164)
version jdnssec-tools-0.14-0
Doing some internal testing, we noticed that fromBytes() (which isn't used in the rest of the tools) is incorrect.
We encounted this bug during a rollover of one ZSK key to another ( with same keytag)
The DNSKEYtoString
generation which is the string serialization being written into the .key
file generated does not include the TTL value of the DNSKEY
record type, resulting in errors of missing TTL when using the jdnssec-signkeyset
.
$ jdnssec-keygen -a ECDSAP256SHA256 -d . test
results in
test. IN DNSKEY 256 3 13 2PWH6GR4uKmAffpfg01eAoe13xaEWXGCwPqkv67GDw4XZypwmADMxjN6o20uDyKdbHO0CPuCX6ymmA5zQ+/FXA==
Expected
test. <TTL> IN DNSKEY 256 3 13 2PWH6GR4uKmAffpfg01eAoe13xaEWXGCwPqkv67GDw4XZypwmADMxjN6o20uDyKdbHO0CPuCX6ymmA5zQ+/FXA==
--- a/src/main/java/com/verisignlabs/dnssec/security/BINDKeyUtils.java
+++ b/src/main/java/com/verisignlabs/dnssec/security/BINDKeyUtils.java
@@ -355,6 +355,8 @@ public class BINDKeyUtils
StringBuffer buf = new StringBuffer();
buf.append(rec.getName());
+ buf.append(" ");
+ buf.append(rec.getTTL());
buf.append(" IN DNSKEY ");
buf.append(rec.getFlags() & 0xFFFF);
buf.append(" ");
With reference to tobez/validns#69:
$ jdnssec-verifyzone minimal.com
org.xbill.DNS.Tokenizer$TokenizerException: minimal.com:5: invalid base64 encoding
at org.xbill.DNS.Tokenizer.exception(Tokenizer.java:710)
at org.xbill.DNS.Tokenizer.getBase64(Tokenizer.java:617)
at org.xbill.DNS.Tokenizer.getBase64(Tokenizer.java:631)
at org.xbill.DNS.SIGBase.rdataFromString(SIGBase.java:80)
at org.xbill.DNS.Record.fromString(Record.java:472)
at org.xbill.DNS.Master._nextRecord(Master.java:365)
at org.xbill.DNS.Master.nextRecord(Master.java:388)
at com.verisignlabs.dnssec.security.ZoneUtils.readZoneFile(ZoneUtils.java:74)
at com.verisignlabs.dnssec.cl.VerifyZone.execute(VerifyZone.java:141)
at com.verisignlabs.dnssec.cl.CLBase.run(CLBase.java:318)
at com.verisignlabs.dnssec.cl.VerifyZone.main(VerifyZone.java:164)
verifyzone completely bails out on the base64 decoding failure, while it could theoretically still check the rest of the zone file.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.