New upstream version 0.9.4
Ondřej Surý
1 year, 3 months ago
| 0 | 0 | Metadata-Version: 1.1 |
| 1 | 1 | Name: dnsviz |
| 2 | Version: 0.9.3 | |
| 2 | Version: 0.9.4 | |
| 3 | 3 | Summary: DNS analysis and visualization tool suite |
| 4 | 4 | Home-page: https://github.com/dnsviz/dnsviz/ |
| 5 | 5 | Author: Casey Deccio |
| 57 | 57 | %{_mandir}/man1/%{name}-query.1* |
| 58 | 58 | |
| 59 | 59 | %changelog |
| 60 | * Mon Sep 27 2021 Casey Deccio | |
| 61 | 0.9.4 release | |
| 60 | 62 | * Thu Mar 11 2021 Casey Deccio |
| 61 | 63 | 0.9.3 release |
| 62 | 64 | * Fri Feb 5 2021 Casey Deccio |
| 1628 | 1628 | required_params = [] |
| 1629 | 1629 | |
| 1630 | 1630 | class MissingRRSIGForAlg(ResponseError): |
| 1631 | description_template = 'The %(source)s RRset for the zone included algorithm %(algorithm)s (%(algorithm_text)s), but no RRSIG with algorithm %(algorithm)d covering the RRset was returned in the response.' | |
| 1631 | description_template = 'The %(source)s RRset for the zone included algorithm %(algorithm)d (%(algorithm_text)s), but no RRSIG with algorithm %(algorithm)d covering the RRset was returned in the response.' | |
| 1632 | 1632 | references = ['RFC 4035, Sec. 2.2', 'RFC 6840, Sec. 5.11'] |
| 1633 | 1633 | required_params = ['algorithm'] |
| 1634 | 1634 | source = None |
| 1902 | 1902 | |
| 1903 | 1903 | _abstract = False |
| 1904 | 1904 | code = 'MISSING_SEP_FOR_ALG' |
| 1905 | description_template = "The %(source)s RRset for the zone included algorithm %(algorithm)s (%(algorithm_text)s), but no %(source)s RR matched a DNSKEY with algorithm %(algorithm)d that signs the zone's DNSKEY RRset." | |
| 1905 | description_template = "The %(source)s RRset for the zone included algorithm %(algorithm)d (%(algorithm_text)s), but no %(source)s RR matched a DNSKEY with algorithm %(algorithm)d that signs the zone's DNSKEY RRset." | |
| 1906 | 1906 | references = ['RFC 4035, Sec. 2.2', 'RFC 6840, Sec. 5.11'] |
| 1907 | 1907 | required_params = ['algorithm'] |
| 1908 | 1908 | |
| 1574 | 1574 | rrset_info.rrset.rdtype != dns.rdatatype.DS and \ |
| 1575 | 1575 | rrsig_status.dnskey is not None: |
| 1576 | 1576 | if rrset_info.rrset.rdtype == dns.rdatatype.DNSKEY: |
| 1577 | self.ksks.add(rrsig_status.dnskey) | |
| 1577 | if self.ksks is not None: | |
| 1578 | self.ksks.add(rrsig_status.dnskey) | |
| 1578 | 1579 | else: |
| 1579 | self.zsks.add(rrsig_status.dnskey) | |
| 1580 | if self.zsks is not None: | |
| 1581 | self.zsks.add(rrsig_status.dnskey) | |
| 1580 | 1582 | |
| 1581 | 1583 | key = rrsig_status.rrset, rrsig_status.rrsig |
| 1582 | 1584 | break |
| 1684 | 1686 | self.response_errors = {} |
| 1685 | 1687 | self.response_warnings = {} |
| 1686 | 1688 | |
| 1687 | if self.is_zone(): | |
| 1689 | if (self.name, dns.rdatatype.DNSKEY) in self.queries: | |
| 1688 | 1690 | self.zsks = set() |
| 1689 | 1691 | self.ksks = set() |
| 1690 | 1692 | |
| 1713 | 1715 | self._populate_invalid_response_status(query) |
| 1714 | 1716 | |
| 1715 | 1717 | def _finalize_key_roles(self): |
| 1716 | if self.is_zone(): | |
| 1718 | if (self.name, dns.rdatatype.DNSKEY) in self.queries: | |
| 1717 | 1719 | self.published_keys = set(self.get_dnskeys()).difference(self.zsks.union(self.ksks)) |
| 1718 | 1720 | self.revoked_keys = set([x for x in self.get_dnskeys() if x.rdata.flags & fmt.DNSKEY_FLAGS['revoke']]) |
| 1719 | 1721 | |
| 1030 | 1030 | for cname in self.cname_targets: |
| 1031 | 1031 | for target in self.cname_targets[cname]: |
| 1032 | 1032 | self.cname_targets[cname][target] = self.__class__.deserialize(target, d, cache=cache) |
| 1033 | # these are optional | |
| 1033 | 1034 | for signer in self.external_signers: |
| 1034 | self.external_signers[signer] = self.__class__.deserialize(signer, d, cache=cache) | |
| 1035 | ||
| 1036 | # these two are optional | |
| 1035 | if lb2s(signer.canonicalize().to_text()) in d: | |
| 1036 | self.external_signers[signer] = self.__class__.deserialize(signer, d, cache=cache) | |
| 1037 | 1037 | for target in self.ns_dependencies: |
| 1038 | 1038 | if lb2s(target.canonicalize().to_text()) in d: |
| 1039 | 1039 | self.ns_dependencies[target] = self.__class__.deserialize(target, d, cache=cache) |
| 1541 | 1541 | # If this was a network error, determine if it was a binding |
| 1542 | 1542 | # error |
| 1543 | 1543 | if err == RESPONSE_ERROR_NETWORK_ERROR: |
| 1544 | if errno1 == errno.EADDRNOTAVAIL: | |
| 1545 | # Address not unavailable | |
| 1546 | if qh._client is not None: | |
| 1547 | raise SourceAddressBindError('Unable to bind to local address %s (%s)' % (qh._client, errno.errorcode[errno1])) | |
| 1548 | else: | |
| 1549 | raise SourceAddressBindError('Unable to bind to local address (%s)' % (errno.errorcode[errno1])) | |
| 1544 | if errno1 == errno.EADDRNOTAVAIL and qh._client is not None: | |
| 1545 | raise SourceAddressBindError('Unable to bind to local address %s (%s)' % (qh._client, errno.errorcode[errno1])) | |
| 1550 | 1546 | elif errno1 == errno.EADDRINUSE or \ |
| 1551 | 1547 | (errno1 == errno.EACCES and qtm.src is None): |
| 1552 | 1548 | # Address/port in use (EADDRINUSE) or insufficient |
| 1555 | 1551 | raise PortBindError('Unable to bind to local port %d (%s)' % (qh.params['sport'], errno.errorcode[errno1])) |
| 1556 | 1552 | else: |
| 1557 | 1553 | raise PortBindError('Unable to bind to local port (%s)' % (errno.errorcode[errno1])) |
| 1558 | elif qtm.src is None and errno1 not in (errno.EHOSTUNREACH, errno.ENETUNREACH, errno.EAFNOSUPPORT): | |
| 1559 | # If source is None it didn't bind properly. If the | |
| 1560 | # errno1 value after bind() is EHOSTUNREACH or | |
| 1561 | # ENETUNREACH, it is because there was no proper IPv4 | |
| 1562 | # or IPv6 connectivity (which is handled elsewhere). | |
| 1563 | # If socket() failed and resulted in an errno value of | |
| 1564 | # EAFNOSUPPORT, then likewise there is not IPv6 | |
| 1565 | # support. In other cases, it was something unknown, so | |
| 1554 | elif qtm.src is None and errno1 not in (errno.EHOSTUNREACH, errno.ENETUNREACH, errno.EAFNOSUPPORT, errno.EADDRNOTAVAIL): | |
| 1555 | # If source is None it didn't bind properly. There are several sub-cases: | |
| 1556 | # 1. If the bind() failed and resulted in an errno | |
| 1557 | # value of EHOSTUNREACH, it is because there was no | |
| 1558 | # proper IPv4 or IPv6 connectivity; the error for | |
| 1559 | # this is handled elsewhere). | |
| 1560 | # 2. If socket() failed and resulted in an errno value | |
| 1561 | # of EAFNOSUPPORT, then there is no IPv6 support. | |
| 1562 | # 3. If connect() failed and resulted in an errno value | |
| 1563 | # of EADDRNOTAVAIL, then there is no IPv6 support. | |
| 1564 | # In other cases, it was something unknown, so | |
| 1566 | 1565 | # raise an error. |
| 1567 | 1566 | raise BindError('Unable to bind to local address (%s)' % (errno.errorcode.get(errno1, "unknown"))) |
| 1568 | 1567 | |
| 811 | 811 | |
| 812 | 812 | def init_req(self): |
| 813 | 813 | data = self._post_data() |
| 814 | self.msg_send = codecs.encode('POST %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: DNSViz/0.9.3\r\nAccept: application/json\r\n%sContent-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n%s' % (self.path, self.host, self._authentication_header(), len(data), data), 'latin1') | |
| 814 | self.msg_send = codecs.encode('POST %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: DNSViz/0.9.4\r\nAccept: application/json\r\n%sContent-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n%s' % (self.path, self.host, self._authentication_header(), len(data), data), 'latin1') | |
| 815 | 815 | self.msg_send_len = len(self.msg_send) |
| 816 | 816 | self.msg_send_index = 0 |
| 817 | 817 |
| 1295 | 1295 | for signed_keys, rrset_info in name_obj.get_dnskey_sets(): |
| 1296 | 1296 | for rrsig in name_obj.rrsig_status[rrset_info]: |
| 1297 | 1297 | signer_obj = name_obj.get_name(rrsig.signer) |
| 1298 | if rrsig.signer != name_obj.name and not is_dlv: | |
| 1299 | self.graph_zone_auth(signer_obj, False) | |
| 1298 | if signer_obj is not None: | |
| 1299 | # if we have the analysis corresponding to the signer, then | |
| 1300 | # graph it too, if it was different from what we were | |
| 1301 | # expecting | |
| 1302 | if rrsig.signer != name_obj.name and not is_dlv: | |
| 1303 | self.graph_zone_auth(signer_obj, False) | |
| 1300 | 1304 | for dnskey in name_obj.rrsig_status[rrset_info][rrsig]: |
| 1301 | 1305 | rrsig_status = name_obj.rrsig_status[rrset_info][rrsig][dnskey] |
| 1302 | 1306 | if dnskey is None: |
| 0 | 0 | Metadata-Version: 1.1 |
| 1 | 1 | Name: dnsviz |
| 2 | Version: 0.9.3 | |
| 2 | Version: 0.9.4 | |
| 3 | 3 | Summary: DNS analysis and visualization tool suite |
| 4 | 4 | Home-page: https://github.com/dnsviz/dnsviz/ |
| 5 | 5 | Author: Casey Deccio |
| 19 | 19 | .\" You should have received a copy of the GNU General Public License along |
| 20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
| 21 | 21 | .\" |
| 22 | .TH dnsviz-probe 1 "11 Mar 2021" "0.9.3" | |
| 22 | .TH dnsviz-probe 1 "27 Sep 2021" "0.9.4" | |
| 23 | 23 | .SH NAME |
| 24 | 24 | dnsviz-graph \- graph the assessment of diagnostic DNS queries |
| 25 | 25 | .SH SYNOPSIS |
| 19 | 19 | .\" You should have received a copy of the GNU General Public License along |
| 20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
| 21 | 21 | .\" |
| 22 | .TH dnsviz-grok 1 "11 Mar 2021" "0.9.3" | |
| 22 | .TH dnsviz-grok 1 "27 Sep 2021" "0.9.4" | |
| 23 | 23 | .SH NAME |
| 24 | 24 | dnsviz-grok \- assess diagnostic DNS queries |
| 25 | 25 | .SH SYNOPSIS |
| 19 | 19 | .\" You should have received a copy of the GNU General Public License along |
| 20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
| 21 | 21 | .\" |
| 22 | .TH dnsviz-print 1 "11 Mar 2021" "0.9.3" | |
| 22 | .TH dnsviz-print 1 "27 Sep 2021" "0.9.4" | |
| 23 | 23 | .SH NAME |
| 24 | 24 | dnsviz-print \- print the assessment of diagnostic DNS queries |
| 25 | 25 | .SH SYNOPSIS |
| 19 | 19 | .\" You should have received a copy of the GNU General Public License along |
| 20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
| 21 | 21 | .\" |
| 22 | .TH dnsviz-probe 1 "11 Mar 2021" "0.9.3" | |
| 22 | .TH dnsviz-probe 1 "27 Sep 2021" "0.9.4" | |
| 23 | 23 | .SH NAME |
| 24 | 24 | dnsviz-probe \- issue diagnostic DNS queries |
| 25 | 25 | .SH SYNOPSIS |
| 19 | 19 | .\" You should have received a copy of the GNU General Public License along |
| 20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
| 21 | 21 | .\" |
| 22 | .TH dnsviz-query 1 "11 Mar 2021" "0.9.3" | |
| 22 | .TH dnsviz-query 1 "27 Sep 2021" "0.9.4" | |
| 23 | 23 | .SH NAME |
| 24 | 24 | dnsviz-query \- assess a DNS query |
| 25 | 25 | .SH SYNOPSIS |
| 19 | 19 | .\" You should have received a copy of the GNU General Public License along |
| 20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
| 21 | 21 | .\" |
| 22 | .TH dnsviz 1 "11 Mar 2021" "0.9.3" | |
| 22 | .TH dnsviz 1 "27 Sep 2021" "0.9.4" | |
| 23 | 23 | .SH NAME |
| 24 | 24 | dnsviz \- issue and assess diagnostic DNS queries |
| 25 | 25 | .SH SYNOPSIS |