mikepultz / netdns2 Goto Github PK

View Code? Open in Web Editor NEW

116.0 116.0 63.0 918 KB

Native PHP DNS Resolver and Updater

Home Page: https://netdns2.com/

License: Other

PHP 100.00%

netdns2's People

Contributors

Stargazers

Watchers

Forkers

matishsiao vcgato29 grunya404 paericksen davidgarciacat p0nley swipemail-io evlsqd orgoth remicollet deadooshka fernando-almeida juntime benbe clwells eric-oclock aripringle erwane cyon vanderlee gitsfz hunbalazs wormly jamesiarmes acquia awaw ddiguru victorlap allenjb repat coldwhiz inboxviktorv jkenn99 romaven l1kw1d spirit55555 mbardelmeijer chandro drossha pstast rhuijts theunknownones blackbam ralflang jdwx gribnut jellyfrog maintaina-com zacek johnidevo rakhithjk fancydos arnowelzel gwhitehead ryneit daeppen

netdns2's Issues

Incompatible with PHP < 5.3.x

What steps will reproduce the problem?
1. Install PHP 5.2
2. Try to make update query with Signature

What is the expected output? What do you see instead?

Instead of updating, we get:

Fatal error: Call to undefined function get_called_class() in 
/usr/local/php5/lib/php/Net/DNS2/RR.php on line 195

Which is normal, considering the fact that the function get_called_class() is 
supported since php 5.3


Is there any way to make it work on php 5.2 ?

Thank you.

Original issue reported on code.google.com by [email protected] on 5 Mar 2013 at 11:47

Notice problem. dont work on php strict mode.

What steps will reproduce the problem?
1. $u = new \Net_DNS2_Updater($zone);
  $u->setServers(array('ip'));
  $u->signTSIG($keyname, $key);
  $u->deleteAll($zone);
  $u->update();

2. Notice: Undefined index: Net_DNS2_RR_ANY in 
/home/pablo/dev/dns-manager/vendor/pear/net_dns2/Net/DNS2/RR.php line 194 


What is the expected output? What do you see instead?
force silent call:
$class = @Net_DNS2_Lookups::$rr_types_class_to_id[get_class($this)]; 
or more elegant solution. 

What version of the product are you using? On what operating system?
@version   SVN: $Id: RR.php 188 2013-03-31 01:25:46Z mike.pultz $
PHP 5.4.17
Please provide any additional information below.

Original issue reported on code.google.com by castorblex on 14 Aug 2013 at 3:21

Failed AXFR takes about 5 seconds

A failed AXFR (for instance, because the nameserver denies it for policy 
reasons) will take longer than needed.

Example:

<?php
 require_once('Net/DNS2.php');

 $then = time();
 $resolver = new Net_DNS2_Resolver();
 $resolver->setServers(array('216.239.32.10')); // ns1.google.com
 try {
        $resp = $resolver->query('google.com', 'AXFR', 'IN');
 }
 catch (Exception $e) {
        echo $e->getMessage()."\n";
 }

 $now = time();
 echo 'took '.($now - $then)." seconds\n";

Expected output:
DNS request failed: The name server refuses to perform the specified operation 
for policy reasons.
took 0 seconds

Actual output:
DNS request failed: The name server refuses to perform the specified operation 
for policy reasons.
took 3 seconds

Tested with version 1.2.4 on Linux.

The code seems to count the number of SOA records to see when it's done. This 
is useless in case of an error. The code can return immediately then because 
there will never be two SOA records in the response.

Proposed fix:

Line 894 and futher of DNS2.php:

if (is_null($response) == true) {
     $response = clone $chunk;

+if ($response->header->rcode != Net_DNS2_Lookups::RCODE_NOERROR) {
+    break;
+}
//
// go through each answer
//

Original issue reported on code.google.com by [email protected] on 17 Sep 2012 at 8:23

My page load loop ...

I work on the interface "Web-based Dynamic DNS Update" with the lib Net_DNS2
I have several apache (2.2)
   * Set default Ubuntu 12.04 (installed with apt)
   * Compiled on CentOS 6 (apache 2.2 and php 5.3)

No problem on ubuntu
On Centos when I update a page load loop & not ever accomplished

You told me in a previous bug that two methods was used by the lib for updates 
... What is it? (as can be that I need to compile more item ..?)

Original issue reported on code.google.com by [email protected] on 26 Jul 2012 at 9:13

Possible "output to show the query" ?

I wanted to migrate one of my little personal project to Net_DNS net_dns2 but I 
can not find the option "debug" or "output to show the query"

(http://forge.zici.fr/p/dig-php/source/tree/master/dig.php#L75)

 $resolver = new Net_DNS_Resolver();
 $resolver->debug = 1; // Turn on debugging output to show the query

Is that possible with net_dns2?

sample output : 
http://dig.zici.fr/?page=dig&ns=ns1.fdn.org&type=A&domain=linuxfr.org&submit=Go

Original issue reported on code.google.com by [email protected] on 19 Feb 2013 at 7:27

failed to parse resource record: packet too small

What is the expected output? What do you see instead?

I would list all the records in my zone (I test with the example Zone Transfer 
(AXFR): http://code.google.com/p/netdns2/wiki/ResolverExample) but sometimes it 
works and I have error:
:: query () failed: failed to parse resource record: packet too small.
I tested on two different DNS server
This bug appears only on "large zone"
I do not have this bug with the lib Net_DNS (1) - the same zone

What version of the product are you using? On what operating system?
   Net_DNS2-1.2.1 
   Centos 6 
   Bind 9.8.2

Original issue reported on code.google.com by [email protected] on 17 Jul 2012 at 3:28

Error with PHP5.5.3

What steps will reproduce the problem?
If i do a simple query for A records of google.com with php 5.5.3 i get the 
following exception: every name server provided has failed: The operation 
completed successfully. If i do the same query with php 5.4.19 i get the 
results as expected. Same source code, server etc, only php version difference.

What version of the product are you using? On what operating system?
Failed on net_dns2/1.3.1 - php 5.5.3 on Windows 2008 R2 SP1
Succes on net_dns2/1.3.1 - php 5.4.19 on Windows 2008 R2 SP1

Original issue reported on code.google.com by [email protected] on 8 Sep 2013 at 5:55

The tests use PHPUnit, but neither the local documentation, the remote documentation, nor the composer.json file describe this dependency or how to install PHPUnit to run tests. Sure, getting PHPUnit is trivial if you already know it, and arguably those using a DNS resolver already know how, but for completeness sake, the package should document how to test itself.

Example code for OpenPGP-lookup

@mikepultz

Hi,

I'm going to do some IETF RFC7929-lobbying at webmail vendors (Owncloud email plugin, Rainloop, Roundcube, Mailvelope key server, etc.). Can you please add an code example how to lookup an OpenPGP-RR for an email address to your NetDNS2 examples I can refer to?

This would speed up the deployment of email end-to-end-encryption a lot. ;)

Timeouts not handled corrrectly in Net_DNS2_Socket_Sockets::read()

What steps will reproduce the problem?
Query a slow DNS server with a low timeout. In my case I was using 1 second 
timeout, with Googles public DNS servers (8.8.8.8 and 8.8.4.4), and certain 
domains seem to trigger this, in my case one of these was: 
531954529.mail.outlook.com for type A

What is the expected output? What do you see instead?
Expecting to see either resulting records, or timeout. Instead I was getting 
the error: "every name server provided has failed: Operation now in progress"


What version of the product are you using? On what operating system?
1.3.2 (via Composer)


Fix:
In Net\DNS2\Socket\Sockets.php, at line 271, change:
{{{
        //
        // select on read
        //
        switch(@socket_select($read, $write, $except, $this->timeout)) {
        case false:
            $this->last_error = socket_strerror(socket_last_error());
            return false;
            break;

        case 0:
            return false;
            break;

        default:
            ;
        }

        $data = '';
        $length = Net_DNS2_Lookups::DNS_MAX_UDP_SIZE;
}}}

To:
{{{
        //
        // select on read
        //
        $select = @socket_select($read, $write, $except, $this->timeout);
        if ($select === FALSE) {
            $this->last_error = socket_strerror(socket_last_error());
            return false;
        } else if ($select == 0) {
            $this->last_error = "Timeout waiting for data";
            return FALSE;
        }

        $data = '';
        $length = Net_DNS2_Lookups::DNS_MAX_UDP_SIZE;
}}}

Reasoning: switch does not perform type comparison, so it always hits the FALSE 
block, and never the 0 block.

Original issue reported on code.google.com by AllenBrooker on 14 Nov 2013 at 9:58

How to get CNAME of a domain

Hello,

I am using netdns2 in all other records working fine but i dont know who to get CNAME records of domain.

Please provide me any example. it will be very help full for my project.

parsing of timeout option fails - order of nameservers used is reversed

My resolv.conf contains settings for a first and a second nameserver:
nameserver 192.168.0.10
nameserver 192.168.0.1

The latter (~~.1) is also the GW for my subnet so it is used only as a backup if the dedicated nameserver (~~.10) fails.

When using Horde, for some reason a DNS query is processed on each and every HTTP request. My problem was that every request took 5 seconds to process while waiting for -- what?

On this, DNS2 throws errors:

Jun 14 21:35:00 max HORDE: PHP ERROR: Undefined offset: 1 [pid 6887 on line 416 of "/usr/local/share/pear/Net/DNS2.php"]

I experimentally put some debugging code two lines above the referenced statement to dump $line and this it what it yields:

...
Jun 14 21:41:51 max HORDE: line is <my.domain>
Jun 14 21:44:55 max HORDE: line is nameserver 192.168.0.10
Jun 14 21:44:55 max HORDE: line is options:timeout:1
Jun 14 21:44:55 max HORDE: PHP ERROR: Undefined offset: 1 [pid 6934 on line 418 of "/usr/local/share/pear/Net/DNS2.php"]
...

Obviously the timeout options for DNS lookup doesn't get processed properly. It also seems that the secondary server (~~.10) is queried first and the primary (~~.1) only after the secondary server failed.

Now, in my environment the secondary had died so that a request to it would take until the timeout. The default timeout is 5 seconds, just the delay I was looking for. After the timeout the primary DNS was queried and everything functioned again.

Curing this was easy enough for me, I just commented out the secondary nameserver in /etc/resolv.conf. Still, the two issues above should get a good looking-at.

Update packagist repository

The packagist record for this project still points at Google Code, and so doesn't have any of the tags from this repo: https://packagist.org/packages/pear/net_dns2

Stack Trace error on PTR lookup

What steps will reproduce the problem?
1. Lookup PTR record that does not resolve (NXDOMAIN)


What is the expected output? What do you see instead?
0 records found

Using CLI:
PHP Fatal error:  Uncaught exception 'Net_DNS2_Exception' with message 'DNS 
request failed: The domain name referenced in the query does not exist.' in 
/usr/share/pear/Net/DNS2.php:923
Stack trace:
#0 /usr/share/pear/Net/DNS2/Resolver.php(161): 
Net_DNS2->sendPacket(Object(Net_DNS2_Packet_Request), false)
#1 /var/www/html/iplist/qry.php(20): Net_DNS2_Resolver->query('10.2.159.254', 
'PTR')
#2 {main}
  thrown in /usr/share/pear/Net/DNS2.php on line 923

Using web will produce a 500 code (Internal Server error)

What version of the product are you using? On what operating system?
1.1.4 , CentOS 5.6

Please provide any additional information below.
php 5.3.6

Original issue reported on code.google.com by [email protected] on 27 Sep 2011 at 9:03

STRIC LIABILITY

The LICENSE file (and source files) probably contain a typo:

https://github.com/mikepultz/netdns2/blob/master/LICENSE

I'm pretty sure it should say "STRICT LIABILITY" instead of "STRIC LIABILITY".

Using Cache file produces errors

What steps will reproduce the problem?
1.Trying to use cache
2.windows 2008r2, php 5.3.8
3.Net_DNS2-1.2.1

What is the expected output? What do you see instead?
Cache should work.  Using 'file' method.  

Get errors such as 

PHP Notice:  unserialize(): Error at offset 1832 of 1833 bytes in 
C:\PHP\PEAR\pear\Net\DNS2\Cache\File.php on line 110

PHP Warning:  Invalid argument supplied for foreach() in 
C:\PHP\PEAR\pear\Net\DNS2\Cache.php on line 191

PHP Notice:  unserialize(): Error at offset 1832 of 1833 bytes in 
C:\PHP\PEAR\pear\Net\DNS2\Cache\File.php on line 169

PHP Warning:  array_merge(): Argument #2 is not an array in 
C:\PHP\PEAR\pear\Net\DNS2\Cache\File.php on line 169

 PHP Warning:  Illegal offset type in isset or empty in C:\PHP\PEAR\pear\Net\DNS2.php on line 857

PHP Warning:  Illegal offset type in C:\PHP\PEAR\pear\Net\DNS2.php on line 862

PHP Warning:  Illegal offset type in C:\PHP\PEAR\pear\Net\DNS2.php on line 886

PHP Fatal error:  Call to a member function open() on a non-object in 
C:\PHP\PEAR\pear\Net\DNS2.php on line 886


Cache file is created and there is data in it, but I'm not sure if it is 
working?

Original issue reported on code.google.com by [email protected] on 19 Apr 2012 at 7:11

DNSSEC/DANE validation

Hi,

as all German mail providers have to support DANE-SMTP (IETF RFC 7672) transport encryption to renew their data privacy/security certifications I suggest to add DNSSEC validation to netdns2.

DANE-SMTP uses DNSSEC-secured TLSA-RRs to validate the TLS-certificates of mail-servers.

Version 1.3.2 is missed

Hi @mikepultz,

I can't find 1.3.2 version of netdns2. Seems like it missing.
Could you please release this version on GitHub?

Bad role for README.md

In package, it should be role="doc" (not data)

Uncaught exception 'Net_DNS2_Exception'

What steps will reproduce the problem?
1. query a host in a domain that has expired

What is the expected output? What do you see instead?
message stating no such domain

What version of the product are you using? On what operating system?
latest from pear install Net_DNS2 on uptodate 64bit gentoo linux

Please provide any additional information below.

#!/usr/bin/php
<?php

$host = "domain.tld";

if(isset($host)){
  $ns = array('8.8.8.8', '8.8.4.4');
  $ns2 = array('x.x.x.x', 'y.y.y.y');
  $type = "A";
  require_once 'Net/DNS2.php';
  $rs = new Net_DNS2_Resolver(array('nameservers' => $ns));
  $rs2 = new Net_DNS2_Resolver(array('nameservers' => $ns2));
} else {
  die("No host specified.");
}

try {
  $result = $rs->query($host, $type);
} catch(InvalidArgumentException $e) {
  echo "Failed to query: " . $e->getMessage() . "\n";
}

try {
  $result2 = $rs2->query($host, $type);
} catch(InvalidArgumentException $e) {
  echo "Failed to query: " . $e->getMessage() . "\n";
}

foreach($result->answer as $record){
  echo "{$record->name}\t{$record->type}\t{$record->ttl}\t{$record->address}\tInternet\n";
}

foreach($result2->answer as $record){
  echo "{$record->name}\t{$record->type}\t{$record->ttl}\t{$record->address}\tSocket\n";
}

?>

PHP Fatal error:  Uncaught exception 'Net_DNS2_Exception' with message 'DNS 
request failed: The domain name referenced in the query does not exist.' in 
/usr/share/php/Net/DNS2.php:1180
Stack trace:
#0 /usr/share/php/Net/DNS2/Resolver.php(212): 
Net_DNS2->sendPacket(Object(Net_DNS2_Packet_Request), false)
#1 /home/.../test.php(18): Net_DNS2_Resolver->query('domain.tld', 'A')
#2 {main}
  thrown in /usr/share/php/Net/DNS2.php on line 1180

Fatal error: Uncaught exception 'Net_DNS2_Exception' with message 'DNS request 
failed: The domain name referenced in the query does not exist.' in 
/usr/share/php/Net/DNS2.php:1180
Stack trace:
#0 /usr/share/php/Net/DNS2/Resolver.php(212): 
Net_DNS2->sendPacket(Object(Net_DNS2_Packet_Request), false)
#1 /home/.../test.php(18): Net_DNS2_Resolver->query('domain.tld', 'A')
#2 {main}
  thrown in /usr/share/php/Net/DNS2.php on line 1180

Original issue reported on code.google.com by [email protected] on 12 Jun 2013 at 7:31

Fatal error (pear not working)

Hi!
I use version 1.4.0.

Code with error:

$result = $r->query('google.com', 'MX');

I see:

Fatal error: in C:\OpenServer\modules\php\PHP-5.5\PEAR\pear\Net\DNS2.php on line 1304

Zone transfer (AXFR) not working under windows if extension php_sockets.dll is loaded

What steps will reproduce the problem?
1. Install php 5.3 for windows
2. Enable extension extension=php_sockets.dll
3. try zone transfer.

What is the expected output? What do you see instead?

When php_sockets.dll is enabled we get the following errors when we try zone 
transfer:

Exception1:
failed to parse resource record: failed to expand name.

Exception2: 
failed to parse resource record: packet too small.

We are still unable to figure out when it shows the first error and when the 
second one, but they start appearing when we enable php_sockets.dll and only 
under Windows.



What version of the product are you using? On what operating system?

windows server 2008R2
windows XP
Tested with php 5.3.22 and php 5.3.1

Original issue reported on code.google.com by [email protected] on 6 Mar 2013 at 9:29

Net_DNS2_Cache_File facilitates POP attack on vulnerable code bases

An application that (a) unserializes user data and (b) exposes Net_DNS2_Cache_File on auto-load is vulnerable to attack, as follows.

On the victim machine, we have an innocent, but naïve, script:

<?php // index.php
require 'vendor/autoload.php'; // makes Net_DNS2_Cache_File autoloadable, even though
                               // that class not used in this script
$data = unserialize($_GET['data']);
if (is_array($data)) {
    // ...
} else {
    die('Sorry');
}

On the attacker machine, we have code to serialize a Net_DNS2_Cache_File and send it to our victim:

<?php // this runs on a completely different machine
$victim ='http://victim.org/index.php?data=%s';
$i = 0;
$cache = new \Net_DNS2_Cache_File;
while (++$i) {
    $cache->open('/tmp/target', PHP_INT_MAX, 'serialize');
    $cache->put($i, 'bye-bye');
    file_get_contents(sprintf($victim, urlencode(serialize($cache)))); // this is an HTTP GET call,
                                                                       // sending crafted serialized object over the wire
}

This works as follows:

The attacking machine crafts a serialized form of a Net_DNS2_Cache_File object.
The attacker sends this crafted serialized string to the victim, over the wire.
On the victim machine, index.php unserializes the Net_DNS2_Cache_File (as its available by the autoloader, though not explicitly used in index.php). The resurrected Net_DNS2_Cache_File object hangs around until it goes out of scope, at which point it writes the data the attacker chose into the file the attacker chose.
The attacker repeats this attack, changing the cache key each time, which causes the cache file on the victim machine to grow and grow and grow.

This is a property-oriented programming (POP)-style attack, which relies on the fact that Net_DNS2_Cache_File has a file write operation in a magic method.

The recommended fix is to move the file write operation into an explicit close method. While this proposed close method may still be called with attack data, the key difference is that it's done explicitly by the developer rather than magically.

Props to Evonide for inspiring me to check for this kind of vulnerability.

Invalid domains containing whitespace unexpectedly return results as if valid

What steps will reproduce the problem?
1. Lookup records of type A for ' hotmail.com'

What is the expected output? What do you see instead?
Expected: No results (invalid domain)
Got: Results for 'hotmail.com'

What version of the product are you using? On what operating system?
1.3.2 (via composer)


Please provide any additional information below.
The issue appears to be caused by New\DNS2\Packet\Request::set trimming 
whitespace and null characters from the specified domain. It looks like the 
intention here is to allow lookups for ".hotmail.com" or "hotmail.com." to 
return results, in which case I'd recommend specifying only the '.' character 
to trim.

Original issue reported on code.google.com by AllenBrooker on 9 Sep 2014 at 8:22

TSIG: support SHA-family ++

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 20 May 2013 at 11:48

Attachments:

TSIG-sha-family.patch

Problem with tcp fallback

What steps will reproduce the problem?
1. Try to retrieve a large response from a DNS server
2. The tc bit will be set, so a retry using TCP has to be performed
3. However an exception will be thrown before this can be checked


<?php
require_once('Net/DNS2.php');
require_once('Net/DNS2/Resolver.php');

$resolver = new Net_DNS2_Resolver();

// problem doesn't always occur but it does with this nameserver
$ns = array('80.69.67.67'); //ns0.transip.nl
$resolver->setServers($ns);

$response = $resolver->query('transip.nl', 'RRSIG', 'IN');

print_r($response);


Yields an exception.

The code is in DNS2 sendPacket()

                //
                // create the packet object
                //
                $response = new Net_DNS2_Packet_Response($result, $size);
                if (is_null($response)) {

                    throw new Net_DNS2_Exception(
                        'empty response object', Net_DNS2_Lookups::E_NS_FAILED
                    );
                }

                //
                // check the packet header for a trucated bit; if it was truncated,
                // then re-send the request as TCP.
                //

                if ($response->header->tc == 1) {

                    $tcp_fallback = true;
                    continue;
                }

The problem is that the Net_DNS2_Packet_Response() constructor throws an 
exception before the $response->header->tc bit can be checked.

To fix the problem, either add an exception handler, or modify the set() method 
of the Response object:

After

$this->header = new Net_DNS2_Header($this);

Add this line 

if ($this->header->tc == 1) return null;

Original issue reported on code.google.com by [email protected] on 20 Jan 2013 at 1:57

timeout on socket_connect

When trying to connect to a DNS server that does not respond, the timeout 
setting does not work, especially (only?) when using TCP to a server that does 
not support TCP.

This might be solved by switching the socket_set_nonblock() and 
socket_connect() lines in Net_DNS2_Socket_Sockets->open()

But to be honest I cannot stipulate if this would have any side effects.

Original issue reported on code.google.com by [email protected] on 29 Sep 2012 at 2:51

Little problems encountered

Im using the latest svn version (rev 43) on 64bit Fedora 12 with 
2.6.32.14-127.fc12.x86_64 kernel

I have problems with the following files:

DNS2/Updater.php & DNS2/Question.php: 
Error: Stripped "n" from domain name if it starts with "n"
Fix: Used " instead of '

DNS2/Socket/Sockets.php & DNS2/Socket/Streams.php:
Error: Had problems with an extra tcp packet when sending TCP Length alone.  
Also had a problem when sending packets larger than 256 bytes.
Fix: Included TCP Length with data packet

Attached a svn diff for the mods.

Thanks for the library!! Works great!!

Original issue reported on code.google.com by [email protected] on 27 Sep 2010 at 6:09

Attachments:

net_dns2.diff

Tagged releases aren't making it into packagist's database

Looks like tagged releases aren't reflected by packagist: https://packagist.org/packages/pear/net_dns2

This makes it hard to use Net_DNS2 with composer.

malformed UTF8 when caching breaks the cache

What steps will reproduce the problem?
1. use the resolver to resolve 'nu.nl' with JSON caching enabled


What is the expected output? What do you see instead?
an IP addrsss

What version of the product are you using? On what operating system?
current on PHP5.3+

Please provide any additional information below.

Doing a simple cached resolving:
$hostname = 'nu.nl';
$options = array(
        'cache_type' => 'file',
        'cache_file' => sys_get_temp_dir().'/'.$hostname.'.cache.json',
        'cache_size' => 100000,
        'cache_serializer' => 'json'
);
$resolver = new Net_DNS2_Resolver($options);
try {
    $response = $resolver->query($hostname, 'A');
    foreach ($response->answer as $rr) {
        if (!empty($rr->address)) {
            echo $rr->address;
            break;
        }
    }
} catch (Exception $e) {
    echo 'ERROR'. $e->getMessage();
}
echo 'JSON-ERROR '.json_last_error_msg();

There seems to be something in the record (the rData field), which doesnt break 
when using the PHP serializer...

Original issue reported on code.google.com by [email protected] on 26 Nov 2013 at 2:43

AAAA records from en.wikipedia.org

What steps will reproduce the problem?
1. My code:

                include 'libraries/Net_DNS2-1.2.1/Net/DNS2.php';

                $host = 'en.wikipedia.org';
                $ns = array('8.8.8.8', '8.8.4.4');
                $type = "AAAA";
                $rs = new \Net_DNS2_Resolver(array('nameservers' => $ns));

                try {
                        $result = $rs->query($host, $type);
                } catch (\InvalidArgumentException $e) {
                        echo "Failed to query: " . $e->getMessage() . "\n";
                }

                var_dump($result->answer);

2. My output:

array(2) {
  [0]=>
  object(Net_DNS2_RR_CNAME)#717 (7) {
    ["cname"]=>
    string(26) "wikipedia-lb.wikimedia.org"
    ["name"]=>
    string(16) "en.wikipedia.org"
    ["type"]=>
    string(5) "CNAME"
    ["class"]=>
    string(2) "IN"
    ["ttl"]=>
    int(1704)
    ["rdlength"]=>
    int(25)
    ["rdata"]=>
    string(25) "wikipedia-lb   wikimedia��"
  }
  [1]=>
  object(Net_DNS2_RR_CNAME)#719 (7) {
    ["cname"]=>
    string(32) "wikipedia-lb.eqiad.wikimedia.org"
    ["name"]=>
    string(26) "wikipedia-lb.wikimedia.org"
    ["type"]=>
    string(5) "CNAME"
    ["class"]=>
    string(2) "IN"
    ["ttl"]=>
    int(483)
    ["rdlength"]=>
    int(21)
    ["rdata"]=>
    string(21) "wikipedia-lb�eqiad�;"
  }
}

3.

What is the expected output? What do you see instead?

I expect AAAA results (using nslookup.exe -q=aaaa en.wikipedia.org shows that 
no one exists) but I see CNAME records in output.



What version of the product are you using? On what operating system?

Net_DNS2-1.2.1, Windows, PHP 5.3.8

Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 8 May 2012 at 9:50

Off-by-one error in Bitmap calculation

Certain RR types will yield a faulty bitmap, this is caused by an off-by-one 
error in the bitmap calculation. If the array ends with a RR type which has an 
id divisible by 8, it will be ignored.

What is the expected output? What do you see instead?

<?php
require_once('Net/DNS2/BitMap.php');
require_once('Net/DNS2/Lookups.php');

$bm = new Net_DNS2_BitMap();

// DNSKEY has id 48 so this will trigger the bug
$data = array('NS', 'SOA', 'MX', 'RRSIG', 'NSEC', 'DNSKEY');
$bits = $bm->arrayToBitMap($data);
for($i=0; $i<strlen($bits);$i++) {
    printf ("%02x ", ord(substr($bits,$i,1)));
}

prints :
00 06 22 01 00 00 00 03

while it should print :
00 07 22 01 00 00 00 03 80

Fix is in BitMap.php line 198

-            $bm[$current_window]['length'] = ceil($max / 8);
+            $bm[$current_window]['length'] = ceil(($max+1) / 8);

Original issue reported on code.google.com by [email protected] on 19 Jan 2013 at 8:17

Signature verification API

Is there interest in an API to verify signatures, like dig +sigchase?

It's easily implemented using the existing record infrastructure, but it's not clear to me where that API would best fit. Ideas to open the conversation.

// always verify signatures
// Note 1: all these API changes imply setting $resolver->dnssec = true;
// Note 2: signature verification uses BOTTOM_UP as default
$resolver = new \Net_DNS2_Resolver();
$resolver->setSignatureVerification(\Net_DNS2_Resolver::TOP_DOWN); // also available BOTTOM_UP

// optionally, add in root keys? If not given, a TLD DNSKEY call will be made
// necessary to support islands of security?
// Note 1: Maybe the root keys should be an argument to {set,with}SignatureVerification()
$resolver->setRootKeys(array (  'ABCDEF...' ));

// or per-query
try {
    $resolver
        ->withRootKeys(array ('ABCDEF...')) // optional
        ->withSignatureVerification() // can also supply TOP_DOWN or BOTTOM_UP
        ->query('example.com', 'SSHFP')
    ;
} catch (\Net_DNS2_Exception_SignatureInvalid $ex) {
}

Perhaps an exception isn't a good idea. Maybe the answer should instead have a flag indicating the result?

Oh, and would the same API suffice for authenticated denial of existence, (ie NSEC3)?

Add support for asynchronous sockets

Net::DNS2 is currently not particularly friendly for PHP based server applications and wherever bulk lookups are needed due to only offering synchronous (aka blocking) sockets to users of the class. My current workaround is to start background processes and then do the DNS lookups from there. Of course, while it works, that's not a very efficient use of system resources. It would be nice to tighten up some of my code.

Please add support for asynchronous (aka non-blocking) sockets.

Looking briefly at your code, async support will probably require a significant rewrite of sendPacket() and the various calls it makes to separate the various interests. Async support generally works best as a state engine with transitioning between different states ('connecting', 'send request', 'get response', etc) and the async-enabled application repeatedly calls some sort of "resume" function/method to move through the various states whenever the application determines that the conditions for resuming have possibly been met (e.g. select() returns an indication that data might be available to be read). The state engine, during each resume call, tries to move through as many states as possible. When done properly, turning async support that uses a state engine into synchronous logic is usually just one line of code.

There are some odd issues that crop up when moving to async that, if you've never worked with async sockets before, you might find useful to know. One issue is that a connection can appear to be "connected" but reading/writing might not be fully available because a TCP handshake hasn't completed (yet). As a result, the class might need to hang around in the 'connecting' state across multiple calls. Other states might have similar issues. Just something to be aware of in order to keep each state small, light, fast, and bug-free. Socket timeouts also have some gotchas when using async sockets. (Note: Under the hood, all sockets and file descriptors are actually asynchronous, but OSes and various languages add synchronous layers to make them easier to comprehend/use.)

The best async implementations also require exposing some class internals to the application or other classes. Specifically, the underlying socket handle and the current internal request state need to be accessible. This is necessary because async capable classes are rarely used in isolation and it is usually up to the application to orchestrate the appropriate state transitions, manage global timeouts, etc. - information which is generally beyond the scope of a single class. For example, my own PHP MultiAsyncHelper class calls select() on all registered file and socket handles:

https://github.com/cubiclesoft/ultimate-web-scraper/blob/master/support/multi_async_helper.php

That class allows me to mix multiple handles for different classes and track ownership over the lifetime of each handle. For MultiAsyncHelper (and other classes like it) to work, there needs to be a way to easily access underlying socket information. I usually just bind MultiAsyncHelper support directly into my other classes, which, in turn, makes using async operations extremely simple and elegant at the application layer since I only use MultiAsyncHelper. However, I don't necessarily recommend forcing MultiAsyncHelper on your users - I was just demonstrating the need for having methods to expose certain internal information for use by the application and other classes.

Net_DNS2_Exception is incompatible with PHP 5.2

We are using Net_DNS2 1.3.1 on Ubuntu 10.04 and 12.04. (I just saw that 
Net_DNS2 1.3.2 exists but the changelog does not mention this issue).

Net/DNS2/Exception.php line 95 contains:

        parent::__construct($message, $code, $previous);

When run under PHP 5.2, this causes a PHP Fatal Error because the $previous 
argument does not exist:

# /usr/local/php5.2/bin/php -r 
'require("/usr/share/php/Net/DNS2/Exception.php"); try { throw new 
Net_DNS2_Exception("a", 0); } catch (Exception $e) {}'

Fatal error: Wrong parameters for Exception([string $exception [, long $code 
]]) in /usr/share/php/Net/DNS2/Exception.php on line 95
#

It works fine under PHP 5.3:

# /usr/local/php5.3/bin/php -r 
'require("/usr/share/php/Net/DNS2/Exception.php"); try { throw new 
Net_DNS2_Exception("a", 0); } catch (Exception $e) {}'
#

Original issue reported on code.google.com by [email protected] on 7 Dec 2013 at 4:32

First nameserver failed => whole query failed.

I have a question if this is by design or a bug. If the first nameserver failed 
then the whole query failed. So the second nameserver is never queried.

For example this code:

$r = new Net_DNS2_Resolver(array('nameservers' => 
array('98.138.11.157','216.239.34.10')));
try {
    $response = $r->query('www.google.com', 'a');
    print_r($response);
} catch(Net_DNS2_Exception $e) {
    print_r($e);
}

My environment: php5.3 on windows and net_dns2 1.3.2

Regards, Paul

Original issue reported on code.google.com by [email protected] on 28 Jul 2014 at 4:30

Typo in constant name

What steps will reproduce the problem?
1. Constant Net_DNS2_Lookup::E_PACKET_INVALID is used in file 
NET/DNS2/Packet/Request.php but the proper name is:  
Net_DNS2_Lookups::E_PACKET_INVALID (with "s"!)
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 6 May 2012 at 9:08

PSR-4 autoloading

greetings
i changed the structure to psr-4.

Orgoth/netdns2@b871ef0

you don't need a separate autoloader anymore.
when someone adds your package to his composer, the autoload will be done by the composer.

I have also merge the pull request from bishop
Orgoth/netdns2@ef39022

if you are interessted, you are welcome
if not, close the ticket

setServers( Net_DNS2::RESOLV_CONF ); not clearing existing nameservers

What steps will reproduce the problem?

$resolv = new Net_DNS2_Resolver();
$resolv->setServers( '127.0.0.1' );
print_r( $resolv->nameservers );
// Array(
//    '127.0.0.1'
// )
$resolv->setServers( Net_DNS2::RESOLV_CONF );
print_r( $resolv->nameservers );
// Array(
//    '127.0.0.1',
//    '8.8.8.8'
// )

What is the expected output?

print_r( $resolv->nameservers );
// Array(
//    '8.8.8.8'
// )

What version of the product are you using? On what operating system?

1.3.2, Debian

Please provide any additional information below.

It just needs a reset of the variable before iterating through the resolv.conf 
file

Original issue reported on code.google.com by [email protected] on 11 Apr 2014 at 4:27

Support a loggable interface

DNS query tools like dig provide a trace option that shows exactly what the resolver is doing. While many simple queries don't benefit too much from traces, recursive queries do. For example, validating a signature requires many sub-queries and it'd be helpful to see the full trace for diagnostics.

The recommend logging mechanism for PHP is defined in PSR-3, which has a reference interface implementation. However, the reference version requires PHP 5.3+, while the Net_DNS2 package requires 5.1.2+. Since 5.1.2 was released 10 years ago, and it's not a good use of time reinventing wheels, and generally since it's becoming increasingly difficult to rely on modern libraries because of this low requirement, it seems reasonable to require 5.3+ for all consumers. Such a requirement would need to bump the library API to version 2, as it breaks BC.

Net_DNS2 may fail to parse records if mbstring.func_overload is active for string functions

When the PHP INI settings have function overloading enabled, Net_DNS2 may no longer have byte-level access to strings and users may receive bogus Parse errors or infinite loops. For example, on my test machine, tests/Net_DNS2_ParserTest.php enters an infinite loop and crashes after memory exhaustion.

The README should mention that some values of this INI setting are incompatible with Net_DNS2. Run-time checks seem like unnecessary overhead, but there may be an argument in favor of that.

Note that Net_DNS2 is not the only package afflicted by this setting. For example, Symfony has a similar issue.

exception codes needed

Hi Mike,

I'm trying to update my package to use Net_DNS2 (vs. Net_DNS), but I ran into a 
small issue.

I'm using DNS-lookups against a dnsbl to determine if IPs are of known 
offenders. E.g. in case an IP is not listed, it returns NXDOMAIN and then your 
code throws an exception.

Can you introduce a code to match on this exception? Otherwise I'd have to 
match on your 'error message', which could change, which would then break my 
code.

I'm proposing a new class constant:

const ERR_NXDOMAIN = 'nd2x001';

I could then:

if ($e->getCode() == Net_DNS2::ERR_NXDOMAIN) {
    // do something else
} else {
    // some other issue
}

What steps will reproduce the problem?
1. Use Net_DNS2_Resolver::query() on a non-existant host. 
2. Get exception.

What is the expected output? What do you see instead?

Exception code is null, I expect something else.

What version of the product are you using? On what operating system?

SVN/latest stable

Original issue reported on code.google.com by [email protected] on 30 Oct 2011 at 2:28

Typo

I found a typo:

https://code.google.com/p/netdns2/source/browse/trunk/Net/DNS2/Resolver.php#85 
-> the line should be:

* @return Net_DNS2_RR object 

instead of

* @return Net_DNS_RR object

Original issue reported on code.google.com by [email protected] on 1 Sep 2014 at 8:56

TXT records does not display

$record->cname ==> results in the CNAME in the ANSWER section of the query
similarly
$record->address ==> results in the IP address in the ANSWER section of the query
Whereas
$record->text results in the response "Array"

Is this an issue in the code or i am initialising incorrectly.
The initialising is done as following ..
$result = $r->query($FQDN, 'TXT');

File Cache - array_merge() is not an array.

What steps will reproduce the problem?
1. enable file cache
2. query ebay.com for record type A
3. result is random does not always happen but about 50% of the time.

Error Received is as follows.
Warning: array_merge(): Argument #2 is not an array in 
/usr/share/php/Net/DNS2/Cache/File.php on line 167

What is the expected output? What do you see instead?
Nothing it is just a warning.

What version of the product are you using? On what operating system?
Debian 6,
@version   SVN: $Id: DNS2.php 150 2012-03-02 01:17:16Z mike.pultz $

Please provide any additional information below.

$NS_LookupServers = array ("127.0.0.1");
    include_once("/usr/share/php/Net/DNS2.php");
    $r = new Net_DNS2_Resolver(array(
        'nameservers' => $NS_LookupServers,
        'cache_type'    => 'file',
        'cache_file'    => '/tmp/net_dns2.cache',
        'cache_size'    => 100000,
        'cache_serializer'    => 'json'
        ));
    try {
        $result = $r->query('ebay.com', 'A');
    } catch(Net_DNS2_Exception $e) {
        echo "::query() failed: ", $e->getMessage(), "\n";
    }

Original issue reported on code.google.com by [email protected] on 18 Jun 2012 at 10:35

Cache_Lite

It would be nice if Cache_Lite would be supported caching. Could open the door 
to more cache backends.

Original issue reported on code.google.com by [email protected] on 30 Oct 2011 at 6:40

SSHFP RR supports neither ECDSA algorithm nor SHA-256 fingerprint defined by RFC 6594.

The following code should work, but fails because kyhwana.org exposes both the ECDSA algorithm and SHA-256 fingerprint.

$google = new \Net_DNS2_Resolver(['nameservers' => ['8.8.8.8', '8.8.4.4']]);
$google->dnssec = true;
try {
    $result = $google->query('kyhwana.org', 'SSHFP');
} catch(\Net_DNS2_Exception $ex) {
    die($ex->getMessage());
}

foreach ($result->answer as $answer) {
    if ($answer instanceof \Net_DNS2_RR_SSHFP) {
        printf(
            '%s %d %s %s %d %d %s' . PHP_EOL,
            $answer->name,
            $answer->ttl,
            $answer->class,
            $answer->type,
            $answer->algorithm,
            $answer->fp_type,
            $answer->fingerprint
        );
    }
}

See also this post on SO, which led me to the problem in the first place.

IETF RFC 7929 DANE-OpenPGP released yesterday

Hi,

The IETF RFC 7929 - DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP has been released yesterday.

This allows DNSSEC-secured look-ups of public OpenPGP-keys with Net_DNS2. ;-)

@mikepultz Please check for changes in the final document and add a code example for OpenPGP-key look-ups at https://netdns2.com/documentation/examples/.

autoloader throws errors on include fail

What steps will reproduce the problem?
1. instantiate NetDNS2
2. register another autoloader elsewhere
3. load class with "_" in filename via 2nd autoloader

What is the expected output? What do you see instead?
No errors thrown by autoloaders

What version of the product are you using? On what operating system?
NA

Please provide any additional information below.
If you have multiple autoloaders registered, and one (or more) throws an 
exception before a later autoloader loads the class, stacked exceptions are 
thrown (and must be caught) even though the class was loaded successfully.

Original issue reported on code.google.com by [email protected] on 29 Apr 2011 at 12:18

Not possible to get RRs from root zone

Hi,
I want to get the DNSKEY RR (as well as the NS RR) from the root zone.
That works fine with dig:
dig DNSKEY .
dig NS .
However when trying to specify something similar in netdns2 I just get the error:
"empty query string provided"
How can I query any root zone resource records?