Object
Dnsruby::Recursor - Perform recursive dns lookups
require 'Dnsruby' rec = Dnsruby::Recursor.new() answer = rec.recurse("rob.com.au")
This module uses a Dnsruby::Resolver to perform recursive queries.
Rob Brown, bbb@cpan.org Alex Dalitz, alexd@nominet.org.uk
Copyright © 2002, Rob Brown. All rights reserved. Portions Copyright © 2005, Olaf M Kolkman. Ruby version with caching and validation Copyright © 2008, AlexD (Nominet UK)
Example lookup process:
[root@box root]# dig +trace www.rob.com.au.
; <<>> DiG 9.2.0 <<>> +trace www.rob.com.au. ;; global options: printcmd . 507343 IN NS C.ROOT-SERVERS.NET. . 507343 IN NS D.ROOT-SERVERS.NET. . 507343 IN NS E.ROOT-SERVERS.NET. . 507343 IN NS F.ROOT-SERVERS.NET. . 507343 IN NS G.ROOT-SERVERS.NET. . 507343 IN NS H.ROOT-SERVERS.NET. . 507343 IN NS I.ROOT-SERVERS.NET. . 507343 IN NS J.ROOT-SERVERS.NET. . 507343 IN NS K.ROOT-SERVERS.NET. . 507343 IN NS L.ROOT-SERVERS.NET. . 507343 IN NS M.ROOT-SERVERS.NET. . 507343 IN NS A.ROOT-SERVERS.NET. . 507343 IN NS B.ROOT-SERVERS.NET. ;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 9 ms
;;; But these should be hard coded as the hints ;;; Ask H.ROOT-SERVERS.NET gave:
au. 172800 IN NS NS2.BERKELEY.EDU. au. 172800 IN NS NS1.BERKELEY.EDU. au. 172800 IN NS NS.UU.NET. au. 172800 IN NS BOX2.AUNIC.NET. au. 172800 IN NS SEC1.APNIC.NET. au. 172800 IN NS SEC3.APNIC.NET. ;; Received 300 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 322 ms
;;; A little closer than before ;;; Ask NS2.BERKELEY.EDU gave:
com.au. 259200 IN NS ns4.ausregistry.net. com.au. 259200 IN NS dns1.telstra.net. com.au. 259200 IN NS au2ld.CSIRO.au. com.au. 259200 IN NS audns01.syd.optus.net. com.au. 259200 IN NS ns.ripe.net. com.au. 259200 IN NS ns1.ausregistry.net. com.au. 259200 IN NS ns2.ausregistry.net. com.au. 259200 IN NS ns3.ausregistry.net. com.au. 259200 IN NS ns3.melbourneit.com. ;; Received 387 bytes from 128.32.206.12#53(NS2.BERKELEY.EDU) in 10312 ms
;;; A little closer than before ;;; Ask ns4.ausregistry.net gave:
com.au. 259200 IN NS ns1.ausregistry.net. com.au. 259200 IN NS ns2.ausregistry.net. com.au. 259200 IN NS ns3.ausregistry.net. com.au. 259200 IN NS ns4.ausregistry.net. com.au. 259200 IN NS ns3.melbourneit.com. com.au. 259200 IN NS dns1.telstra.net. com.au. 259200 IN NS au2ld.CSIRO.au. com.au. 259200 IN NS ns.ripe.net. com.au. 259200 IN NS audns01.syd.optus.net. ;; Received 259 bytes from 137.39.1.3#53(ns4.ausregistry.net) in 606 ms
;;; Uh... yeah... I already knew this ;;; from what NS2.BERKELEY.EDU told me. ;;; ns4.ausregistry.net must have brain damage ;;; Ask ns1.ausregistry.net gave:
rob.com.au. 86400 IN NS sy-dns02.tmns.net.au. rob.com.au. 86400 IN NS sy-dns01.tmns.net.au. ;; Received 87 bytes from 203.18.56.41#53(ns1.ausregistry.net) in 372 ms
;;; Ah, much better. Something more useful. ;;; Ask sy-dns02.tmns.net.au gave:
www.rob.com.au. 7200 IN A 139.134.5.123 rob.com.au. 7200 IN NS sy-dns01.tmns.net.au. rob.com.au. 7200 IN NS sy-dns02.tmns.net.au. ;; Received 135 bytes from 139.134.2.18#53(sy-dns02.tmns.net.au) in 525 ms
;;; FINALLY, THE ANSWER! Now,DNSSEC validation is performed (unless disabled).
# File lib/Dnsruby/Recursor.rb, line 291 291: def Recursor.clear_caches(resolver = Resolver.new) 292: Recursor.set_hints(Hash.new, resolver) 293: @@zones_cache = Hash.new # key zone_name, values Hash of servers and AddressCaches 294: @@zones_cache["."] = @@hints 295: 296: @@authority_cache = Hash.new 297: end
# File lib/Dnsruby/Recursor.rb, line 166 166: def initialize(res = Resolver.new) 167: @resolver = res 168: @ipv6_ok = false 169: end
# File lib/Dnsruby/Recursor.rb, line 185 185: def Recursor.set_hints(hints, resolver) 186: TheLog.debug(";; hints(#{hints.inspect})\n") 187: if (!hints && @@nameservers) 188: @@hints=(@@nameservers) 189: else 190: @@nameservers=(hints) 191: end 192: TheLog.debug(";; verifying (root) zone...\n") 193: # bind always asks one of the hint servers 194: # for who it thinks is authoritative for 195: # the (root) zone as a sanity check. 196: # Nice idea. 197: 198: resolver.recurse=(1) 199: packet=resolver.query_no_validation_or_recursion(".", "NS", "IN") 200: hints = Hash.new 201: if (packet) 202: if (ans = packet.answer) 203: ans.each do |rr| 204: if (rr.name.to_s =~ /^\.?$/ and 205: rr.type == Types::NS) 206: # Found root authority 207: server = rr.nsdname.to_s.downcase 208: server.sub!(/\.$/,"") 209: TheLog.debug(";; FOUND HINT: #{server}\n") 210: hints[server] = AddressCache.new 211: end 212: end 213: packet.additional.each do |rr| 214: TheLog.debug(";; ADDITIONAL: "+rr.inspect+"\n") 215: server = rr.name.to_s.downcase 216: server.sub!(/\.$/,"") 217: if (server) 218: if ( rr.type == Types::A) 219: #print ";; ADDITIONAL HELP: $server -> [".$rr->rdatastr."]\n" if $self->{'debug'}; 220: if (hints[server]!=nil) 221: TheLog.debug(";; STORING IP: #{server} IN A "+rr.address.to_s+"\n") 222: hints[server].push([rr.address.to_s, rr.ttl]) 223: end 224: end 225: if ( rr.type == Types::AAAA) 226: #print ";; ADDITIONAL HELP: $server -> [".$rr->rdatastr."]\n" if $self->{'debug'}; 227: if (hints[server]) 228: TheLog.debug(";; STORING IP6: #{server} IN AAAA "+rr.address.to_s+"\n") 229: hints[server].push([rr.address.to_s, rr.ttl]) 230: end 231: end 232: 233: end 234: end 235: end 236: # foreach my $server (keys %hints) { 237: hints.keys.each do |server| 238: if (!hints[server] || hints[server].length == 0) 239: # Wipe the servers without lookups 240: hints.delete(server) 241: end 242: end 243: @@hints = hints 244: else 245: @@hints = {} 246: end 247: if (@@hints.size > 0) 248: if (@debug) 249: TheLog.info(";; USING THE FOLLOWING HINT IPS:\n") 250: @@hints.values.each do |ips| 251: ips.each do |server| 252: TheLog.info(";; #{server}\n") 253: end 254: end 255: end 256: else 257: warn "Server ["+(@@nameservers)[0].to_s+".] did not give answers" 258: end 259: 260: # Disable recursion flag. 261: resolver.recurse=(0) 262: 263: # return $self->nameservers( map { @{ $_ } } values %{ $self->{'hints'} } ); 264: @@nameservers = @@hints.values 265: return @@nameservers 266: end
Initialize the hint servers. Recursive queries need a starting name server to work off of. This method takes a list of IP addresses to use as the starting servers. These name servers should be authoritative for the root (.) zone.
res.hints=(ips)
If no hints are passed, the default nameserver is asked for the hints. Normally these IPs can be obtained from the following location:
ftp://ftp.internic.net/domain/named.root
# File lib/Dnsruby/Recursor.rb, line 182 182: def hints=(hints) 183: Recursor.set_hints(hints, @resolver) 184: end
# File lib/Dnsruby/Recursor.rb, line 653 653: def prune_rrsets_to_rfc5452(packet, zone) 654: # Now prune the response of any unrelated rrsets (RFC5452 section6) 655: # "One very simple way to achieve this is to only accept data if it is 656: # part of the domain for which the query was intended." 657: if (!packet.header.aa) 658: return 659: end 660: if (!packet.question()[0]) 661: return 662: end 663: 664: section_rrsets = packet.section_rrsets 665: section_rrsets.keys.each {|section| 666: section_rrsets[section].each {|rrset| 667: n = Name.create(rrset.name) 668: n.absolute = true 669: if ((n.to_s == zone) || (n.to_s == Name.create(zone).to_s) || 670: (n.subdomain_of?(Name.create(zone))) || 671: (rrset.type == Types::OPT)) 672: # # @TODO@ Leave in the response if it is an SOA, NSEC or RRSIGfor the parent zone 673: ## elsif ((query_name.subdomain_of?rrset.name) && 674: # elsif ((rrset.type == Types.SOA) || (rrset.type == Types.NSEC) || (rrset.type == Types.NSEC3)) #) 675: else 676: TheLog.debug"Removing #{rrset.name}, #{rrset.type} from response from server for #{zone}" 677: packet.send(section).remove_rrset(rrset.name, rrset.type) 678: end 679: } 680: } 681: end
This method is much like the normal query() method except it disables the recurse flag in the packet and explicitly performs the recursion.
packet = res.query( "www.netscape.com.", "A") packet = res.query( "www.netscape.com.", "A", "IN", true) # no validation
The Recursor maintains a cache of known nameservers. DNSSEC validation is performed unless true is passed as the fourth parameter.
# File lib/Dnsruby/Recursor.rb, line 311 311: def query(name, type=Types.A, klass=Classes.IN, no_validation = false) 312: # @TODO@ PROVIDE AN ASYNCHRONOUS SEND WHICH RETURNS MESSAGE WITH ERROR!!! 313: 314: # Make sure the hint servers are initialized. 315: @@mutex.synchronize { 316: self.hints=(Hash.new) unless @@hints 317: } 318: @resolver.recurse=(0) 319: # Make sure the authority cache is clean. 320: # It is only used to store A and AAAA records of 321: # the suposedly authoritative name servers. 322: # TTLs are respected 323: @@mutex.synchronize { 324: if (!@@zones_cache) 325: Recursor.clear_caches(@resolver) 326: end 327: } 328: 329: # So we have normal hashes, but the array of addresses at the end is now an AddressCache 330: # which respects the ttls of the A/AAAA records 331: 332: # Now see if we already know the zone in question 333: # Otherwise, see if we know any of its parents (will know at least ".") 334: known_zone, known_authorities = get_closest_known_zone_authorities_for(name) # ".", @hints if nothing else 335: 336: # Seed name servers with the closest known authority 337: # ret = _dorecursion( name, type, klass, ".", @hints, 0) 338: ret = _dorecursion( name, type, klass, known_zone, known_authorities, 0, no_validation) 339: Dnssec.validate(ret) if !no_validation 340: # print "\n\nRESPONSE:\n#{ret}\n" 341: return ret 342: end
# File lib/Dnsruby/Recursor.rb, line 287 287: def recursion_callback 288: return @callback 289: end
This method takes a code reference, which is then invoked each time a packet is received during the recursive lookup. For example to emulate dig’s C<+trace> function:
res.recursion_callback(Proc.new { |packet| print packet.additional.inspect print";; Received %d bytes from %s\n\n", packetanswersize, packet.answerfrom); })
# File lib/Dnsruby/Recursor.rb, line 281 281: def recursion_callback=(sub) 282: # if (sub && UNIVERSAL::isa(sub, 'CODE')) 283: @callback = sub 284: # end 285: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.