New upstream version 0.9.4
Ondřej Surý
1 year, 3 months ago
0 | 0 | Metadata-Version: 1.1 |
1 | 1 | Name: dnsviz |
2 | Version: 0.9.3 | |
2 | Version: 0.9.4 | |
3 | 3 | Summary: DNS analysis and visualization tool suite |
4 | 4 | Home-page: https://github.com/dnsviz/dnsviz/ |
5 | 5 | Author: Casey Deccio |
57 | 57 | %{_mandir}/man1/%{name}-query.1* |
58 | 58 | |
59 | 59 | %changelog |
60 | * Mon Sep 27 2021 Casey Deccio | |
61 | 0.9.4 release | |
60 | 62 | * Thu Mar 11 2021 Casey Deccio |
61 | 63 | 0.9.3 release |
62 | 64 | * Fri Feb 5 2021 Casey Deccio |
1628 | 1628 | required_params = [] |
1629 | 1629 | |
1630 | 1630 | class MissingRRSIGForAlg(ResponseError): |
1631 | description_template = 'The %(source)s RRset for the zone included algorithm %(algorithm)s (%(algorithm_text)s), but no RRSIG with algorithm %(algorithm)d covering the RRset was returned in the response.' | |
1631 | description_template = 'The %(source)s RRset for the zone included algorithm %(algorithm)d (%(algorithm_text)s), but no RRSIG with algorithm %(algorithm)d covering the RRset was returned in the response.' | |
1632 | 1632 | references = ['RFC 4035, Sec. 2.2', 'RFC 6840, Sec. 5.11'] |
1633 | 1633 | required_params = ['algorithm'] |
1634 | 1634 | source = None |
1902 | 1902 | |
1903 | 1903 | _abstract = False |
1904 | 1904 | code = 'MISSING_SEP_FOR_ALG' |
1905 | description_template = "The %(source)s RRset for the zone included algorithm %(algorithm)s (%(algorithm_text)s), but no %(source)s RR matched a DNSKEY with algorithm %(algorithm)d that signs the zone's DNSKEY RRset." | |
1905 | description_template = "The %(source)s RRset for the zone included algorithm %(algorithm)d (%(algorithm_text)s), but no %(source)s RR matched a DNSKEY with algorithm %(algorithm)d that signs the zone's DNSKEY RRset." | |
1906 | 1906 | references = ['RFC 4035, Sec. 2.2', 'RFC 6840, Sec. 5.11'] |
1907 | 1907 | required_params = ['algorithm'] |
1908 | 1908 |
1574 | 1574 | rrset_info.rrset.rdtype != dns.rdatatype.DS and \ |
1575 | 1575 | rrsig_status.dnskey is not None: |
1576 | 1576 | if rrset_info.rrset.rdtype == dns.rdatatype.DNSKEY: |
1577 | self.ksks.add(rrsig_status.dnskey) | |
1577 | if self.ksks is not None: | |
1578 | self.ksks.add(rrsig_status.dnskey) | |
1578 | 1579 | else: |
1579 | self.zsks.add(rrsig_status.dnskey) | |
1580 | if self.zsks is not None: | |
1581 | self.zsks.add(rrsig_status.dnskey) | |
1580 | 1582 | |
1581 | 1583 | key = rrsig_status.rrset, rrsig_status.rrsig |
1582 | 1584 | break |
1684 | 1686 | self.response_errors = {} |
1685 | 1687 | self.response_warnings = {} |
1686 | 1688 | |
1687 | if self.is_zone(): | |
1689 | if (self.name, dns.rdatatype.DNSKEY) in self.queries: | |
1688 | 1690 | self.zsks = set() |
1689 | 1691 | self.ksks = set() |
1690 | 1692 | |
1713 | 1715 | self._populate_invalid_response_status(query) |
1714 | 1716 | |
1715 | 1717 | def _finalize_key_roles(self): |
1716 | if self.is_zone(): | |
1718 | if (self.name, dns.rdatatype.DNSKEY) in self.queries: | |
1717 | 1719 | self.published_keys = set(self.get_dnskeys()).difference(self.zsks.union(self.ksks)) |
1718 | 1720 | self.revoked_keys = set([x for x in self.get_dnskeys() if x.rdata.flags & fmt.DNSKEY_FLAGS['revoke']]) |
1719 | 1721 |
1030 | 1030 | for cname in self.cname_targets: |
1031 | 1031 | for target in self.cname_targets[cname]: |
1032 | 1032 | self.cname_targets[cname][target] = self.__class__.deserialize(target, d, cache=cache) |
1033 | # these are optional | |
1033 | 1034 | for signer in self.external_signers: |
1034 | self.external_signers[signer] = self.__class__.deserialize(signer, d, cache=cache) | |
1035 | ||
1036 | # these two are optional | |
1035 | if lb2s(signer.canonicalize().to_text()) in d: | |
1036 | self.external_signers[signer] = self.__class__.deserialize(signer, d, cache=cache) | |
1037 | 1037 | for target in self.ns_dependencies: |
1038 | 1038 | if lb2s(target.canonicalize().to_text()) in d: |
1039 | 1039 | self.ns_dependencies[target] = self.__class__.deserialize(target, d, cache=cache) |
1541 | 1541 | # If this was a network error, determine if it was a binding |
1542 | 1542 | # error |
1543 | 1543 | if err == RESPONSE_ERROR_NETWORK_ERROR: |
1544 | if errno1 == errno.EADDRNOTAVAIL: | |
1545 | # Address not unavailable | |
1546 | if qh._client is not None: | |
1547 | raise SourceAddressBindError('Unable to bind to local address %s (%s)' % (qh._client, errno.errorcode[errno1])) | |
1548 | else: | |
1549 | raise SourceAddressBindError('Unable to bind to local address (%s)' % (errno.errorcode[errno1])) | |
1544 | if errno1 == errno.EADDRNOTAVAIL and qh._client is not None: | |
1545 | raise SourceAddressBindError('Unable to bind to local address %s (%s)' % (qh._client, errno.errorcode[errno1])) | |
1550 | 1546 | elif errno1 == errno.EADDRINUSE or \ |
1551 | 1547 | (errno1 == errno.EACCES and qtm.src is None): |
1552 | 1548 | # Address/port in use (EADDRINUSE) or insufficient |
1555 | 1551 | raise PortBindError('Unable to bind to local port %d (%s)' % (qh.params['sport'], errno.errorcode[errno1])) |
1556 | 1552 | else: |
1557 | 1553 | raise PortBindError('Unable to bind to local port (%s)' % (errno.errorcode[errno1])) |
1558 | elif qtm.src is None and errno1 not in (errno.EHOSTUNREACH, errno.ENETUNREACH, errno.EAFNOSUPPORT): | |
1559 | # If source is None it didn't bind properly. If the | |
1560 | # errno1 value after bind() is EHOSTUNREACH or | |
1561 | # ENETUNREACH, it is because there was no proper IPv4 | |
1562 | # or IPv6 connectivity (which is handled elsewhere). | |
1563 | # If socket() failed and resulted in an errno value of | |
1564 | # EAFNOSUPPORT, then likewise there is not IPv6 | |
1565 | # support. In other cases, it was something unknown, so | |
1554 | elif qtm.src is None and errno1 not in (errno.EHOSTUNREACH, errno.ENETUNREACH, errno.EAFNOSUPPORT, errno.EADDRNOTAVAIL): | |
1555 | # If source is None it didn't bind properly. There are several sub-cases: | |
1556 | # 1. If the bind() failed and resulted in an errno | |
1557 | # value of EHOSTUNREACH, it is because there was no | |
1558 | # proper IPv4 or IPv6 connectivity; the error for | |
1559 | # this is handled elsewhere). | |
1560 | # 2. If socket() failed and resulted in an errno value | |
1561 | # of EAFNOSUPPORT, then there is no IPv6 support. | |
1562 | # 3. If connect() failed and resulted in an errno value | |
1563 | # of EADDRNOTAVAIL, then there is no IPv6 support. | |
1564 | # In other cases, it was something unknown, so | |
1566 | 1565 | # raise an error. |
1567 | 1566 | raise BindError('Unable to bind to local address (%s)' % (errno.errorcode.get(errno1, "unknown"))) |
1568 | 1567 |
811 | 811 | |
812 | 812 | def init_req(self): |
813 | 813 | data = self._post_data() |
814 | self.msg_send = codecs.encode('POST %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: DNSViz/0.9.3\r\nAccept: application/json\r\n%sContent-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n%s' % (self.path, self.host, self._authentication_header(), len(data), data), 'latin1') | |
814 | self.msg_send = codecs.encode('POST %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: DNSViz/0.9.4\r\nAccept: application/json\r\n%sContent-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n%s' % (self.path, self.host, self._authentication_header(), len(data), data), 'latin1') | |
815 | 815 | self.msg_send_len = len(self.msg_send) |
816 | 816 | self.msg_send_index = 0 |
817 | 817 |
1295 | 1295 | for signed_keys, rrset_info in name_obj.get_dnskey_sets(): |
1296 | 1296 | for rrsig in name_obj.rrsig_status[rrset_info]: |
1297 | 1297 | signer_obj = name_obj.get_name(rrsig.signer) |
1298 | if rrsig.signer != name_obj.name and not is_dlv: | |
1299 | self.graph_zone_auth(signer_obj, False) | |
1298 | if signer_obj is not None: | |
1299 | # if we have the analysis corresponding to the signer, then | |
1300 | # graph it too, if it was different from what we were | |
1301 | # expecting | |
1302 | if rrsig.signer != name_obj.name and not is_dlv: | |
1303 | self.graph_zone_auth(signer_obj, False) | |
1300 | 1304 | for dnskey in name_obj.rrsig_status[rrset_info][rrsig]: |
1301 | 1305 | rrsig_status = name_obj.rrsig_status[rrset_info][rrsig][dnskey] |
1302 | 1306 | if dnskey is None: |
0 | 0 | Metadata-Version: 1.1 |
1 | 1 | Name: dnsviz |
2 | Version: 0.9.3 | |
2 | Version: 0.9.4 | |
3 | 3 | Summary: DNS analysis and visualization tool suite |
4 | 4 | Home-page: https://github.com/dnsviz/dnsviz/ |
5 | 5 | Author: Casey Deccio |
19 | 19 | .\" You should have received a copy of the GNU General Public License along |
20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
21 | 21 | .\" |
22 | .TH dnsviz-probe 1 "11 Mar 2021" "0.9.3" | |
22 | .TH dnsviz-probe 1 "27 Sep 2021" "0.9.4" | |
23 | 23 | .SH NAME |
24 | 24 | dnsviz-graph \- graph the assessment of diagnostic DNS queries |
25 | 25 | .SH SYNOPSIS |
19 | 19 | .\" You should have received a copy of the GNU General Public License along |
20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
21 | 21 | .\" |
22 | .TH dnsviz-grok 1 "11 Mar 2021" "0.9.3" | |
22 | .TH dnsviz-grok 1 "27 Sep 2021" "0.9.4" | |
23 | 23 | .SH NAME |
24 | 24 | dnsviz-grok \- assess diagnostic DNS queries |
25 | 25 | .SH SYNOPSIS |
19 | 19 | .\" You should have received a copy of the GNU General Public License along |
20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
21 | 21 | .\" |
22 | .TH dnsviz-print 1 "11 Mar 2021" "0.9.3" | |
22 | .TH dnsviz-print 1 "27 Sep 2021" "0.9.4" | |
23 | 23 | .SH NAME |
24 | 24 | dnsviz-print \- print the assessment of diagnostic DNS queries |
25 | 25 | .SH SYNOPSIS |
19 | 19 | .\" You should have received a copy of the GNU General Public License along |
20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
21 | 21 | .\" |
22 | .TH dnsviz-probe 1 "11 Mar 2021" "0.9.3" | |
22 | .TH dnsviz-probe 1 "27 Sep 2021" "0.9.4" | |
23 | 23 | .SH NAME |
24 | 24 | dnsviz-probe \- issue diagnostic DNS queries |
25 | 25 | .SH SYNOPSIS |
19 | 19 | .\" You should have received a copy of the GNU General Public License along |
20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
21 | 21 | .\" |
22 | .TH dnsviz-query 1 "11 Mar 2021" "0.9.3" | |
22 | .TH dnsviz-query 1 "27 Sep 2021" "0.9.4" | |
23 | 23 | .SH NAME |
24 | 24 | dnsviz-query \- assess a DNS query |
25 | 25 | .SH SYNOPSIS |
19 | 19 | .\" You should have received a copy of the GNU General Public License along |
20 | 20 | .\" with DNSViz. If not, see <http://www.gnu.org/licenses/>. |
21 | 21 | .\" |
22 | .TH dnsviz 1 "11 Mar 2021" "0.9.3" | |
22 | .TH dnsviz 1 "27 Sep 2021" "0.9.4" | |
23 | 23 | .SH NAME |
24 | 24 | dnsviz \- issue and assess diagnostic DNS queries |
25 | 25 | .SH SYNOPSIS |