/**
  * This resolver works when it is: 1. Enabled 2. The query is absolute 3. The name/address is not
  * in a Eucalyptus controlled subdomain
  *
  * @see com.eucalyptus.util.dns.DnsResolvers.DnsResolver#checkAccepts(Record, org.xbill.DNS.Name,
  *     InetAddress)
  */
 @Override
 public boolean checkAccepts(Record query, InetAddress source) {
   if (!Bootstrap.isOperational() || !enabled) {
     return false;
   } else if ((RequestType.A.apply(query) || RequestType.AAAA.apply(query))
       && query.getName().isAbsolute()
       && !DomainNames.isSystemSubdomain(query.getName())) {
     return true;
   } else if (RequestType.PTR.apply(query)
       && !Subnets.isSystemManagedAddress(
           DomainNameRecords.inAddrArpaToInetAddress(query.getName()))) {
     return true;
   }
   return false;
 }
  private static String createQuery(final Record query) {
    if (query != null && query.getName() != null) {
      final String qname = query.getName().toString();
      final String qtype = Type.string(query.getType());
      final String qclass = DClass.string(query.getDClass());

      return new StringBuilder()
          .append("fqdn=")
          .append(qname)
          .append(" type=")
          .append(qtype)
          .append(" class=")
          .append(qclass)
          .toString();
    }
    return "";
  }
Example #3
0
  /*
   * Look for SOA records corresponding to the request
   * TODO: Add cache coherency to SOA records?
   */
  protected synchronized Record checkForSoaRecord(String questionName) {
    if (!questionName.endsWith(".")) questionName += ".";

    if (soaRecords == null) {
      DnsRecord[] getRecs = null;
      // load all SOA records...
      try {
        getRecs = proxy.getDNSByType(Type.SOA);

        if (getRecs == null || getRecs.length == 0) soaRecords = Collections.emptyMap();
        else {
          soaRecords = new HashMap<String, Record>();

          for (DnsRecord rec : getRecs) {
            Record newRec =
                Record.newRecord(
                    Name.fromString(rec.getName()),
                    Type.SOA,
                    rec.getDclass(),
                    rec.getTtl(),
                    rec.getData());

            soaRecords.put(newRec.getName().toString(), newRec);
          }
        }
      } catch (Exception e) {
        LOGGER.error("Failed to load SOA records from config service.");
      }
    }

    Record retVal = null;
    if (soaRecords.size() > 0) {
      // look for the record by question name

      retVal = soaRecords.get(questionName);
      if (retVal == null) {
        // start taking apart the question name . by .
        int index = -1;
        while ((index = questionName.indexOf(".")) > 0 && index < (questionName.length() - 1)) {
          questionName = questionName.substring(index + 1);
          retVal = soaRecords.get(questionName);
          if (retVal != null) break;
        }
      }
    }

    return retVal;
  }
Example #4
0
 public static SetResponse findRecords(
     final Message response, final Record queryRecord, final InetAddress source) {
   final Name name = queryRecord.getName();
   final int type = queryRecord.getType();
   try {
     if (!enabled || !Bootstrap.isOperational()) {
       return SetResponse.ofType(SetResponse.UNKNOWN);
     } else {
       final Iterable<DnsResolver> resolverList = DnsResolvers.resolversFor(queryRecord, source);
       LOG.debug("DnsResolvers.findRecords(): resolvers for " + name + " are: " + resolverList);
       if (Iterables.isEmpty(resolverList)) {
         return SetResponse.ofType(SetResponse.UNKNOWN);
       } else {
         return DnsResolvers.lookupRecords(response, queryRecord, source);
       }
     }
   } catch (final Exception ex) {
     LOG.error(ex);
     LOG.trace(ex, ex);
   }
   return SetResponse.ofType(SetResponse.UNKNOWN);
 }
Example #5
0
 private static SetResponse lookupRecords(
     final Message response, final Record query, final InetAddress source) {
   final Name name = query.getName();
   final int type = query.getType();
   response.getHeader().setFlag(Flags.RA); // always mark the response w/ the recursion available
   // bit
   LOG.debug("DnsResolver: " + RequestType.typeOf(type) + " " + name);
   for (final DnsResolver r : DnsResolvers.resolversFor(query, source)) {
     try {
       final DnsResponse reply = r.lookupRecords(query);
       if (reply == null) {
         LOG.debug("DnsResolver: returned null " + name + " using " + r);
         continue;
       }
       if (reply.isAuthoritative()) { // mark
         response.getHeader().setFlag(Flags.AA);
       }
       if (reply.isNxdomain()) {
         addRRset(name, response, new Record[] {DomainNameRecords.sourceOfAuthority(name)}, type);
         response.getHeader().setRcode(Rcode.NXDOMAIN);
         return SetResponse.ofType(SetResponse.NXDOMAIN);
       } else if (reply.hasAnswer()) {
         for (ResponseSection s : ResponseSection.values()) {
           Record[] records = reply.section(s);
           if (records != null) {
             addRRset(name, response, records, s.section());
           }
         }
         return SetResponse.ofType(SetResponse.SUCCESSFUL);
       }
     } catch (final Exception ex) {
       LOG.debug(
           "DnsResolver: failed for " + name + " using " + r + " because of: " + ex.getMessage(),
           ex);
     }
   }
   return SetResponse.ofType(SetResponse.UNKNOWN); // no dice, return unknown
 }
  @SuppressWarnings("unchecked")
  public void execute() throws Exception {
    // Read in the zone
    List<Record> records = ZoneUtils.readZoneFile(state.inputfile, null);
    if (records == null || records.size() == 0) {
      System.err.println("error: empty RRset file");
      state.usage();
    }
    // Construct the RRset. Complain if the records in the input file
    // consist of more than one RRset.
    RRset rrset = null;

    for (Record r : records) {
      // skip RRSIGs
      if (r.getType() == Type.RRSIG || r.getType() == Type.SIG) {
        continue;
      }

      // Handle the first record.
      if (rrset == null) {
        rrset = new RRset();
        rrset.addRR(r);
        continue;
      }
      // Ensure that the remaining records all belong to the same rrset.
      if (rrset.getName().equals(r.getName())
          && rrset.getType() == r.getType()
          && rrset.getDClass() == r.getDClass()) {
        rrset.addRR(r);
      } else {
        System.err.println("Records do not all belong to the same RRset.");
        state.usage();
      }
    }

    if (rrset.size() == 0) {
      System.err.println("No records found in inputfile.");
      state.usage();
    }

    // Load the key pairs.

    if (state.keyFiles.length == 0) {
      System.err.println("error: at least one keyfile must be specified");
      state.usage();
    }

    List<DnsKeyPair> keypairs = getKeys(state.keyFiles, 0, state.keyDirectory);

    // Make sure that all the keypairs have the same name.
    // This will be used as the zone name, too.

    Name keysetName = null;
    for (DnsKeyPair pair : keypairs) {
      if (keysetName == null) {
        keysetName = pair.getDNSKEYName();
        continue;
      }
      if (!pair.getDNSKEYName().equals(keysetName)) {
        System.err.println("Keys do not all have the same name.");
        state.usage();
      }
    }

    // default the output file, if not set.
    if (state.outputfile == null && !state.inputfile.equals("-")) {
      state.outputfile = state.inputfile + ".signed";
    }

    JCEDnsSecSigner signer = new JCEDnsSecSigner();

    List<RRSIGRecord> sigs = signer.signRRset(rrset, keypairs, state.start, state.expire);
    for (RRSIGRecord s : sigs) {
      rrset.addRR(s);
    }

    // write out the signed RRset
    List<Record> signed_records = new ArrayList<Record>();
    for (Iterator<Record> i = rrset.rrs(); i.hasNext(); ) {
      signed_records.add(i.next());
    }
    for (Iterator<Record> i = rrset.sigs(); i.hasNext(); ) {
      signed_records.add(i.next());
    }

    // write out the signed zone
    ZoneUtils.writeZoneFile(signed_records, state.outputfile);

    if (state.verifySigs) {
      log.fine("verifying generated signatures");
      boolean res = verifySigs(keysetName, signed_records, keypairs);

      if (res) {
        System.out.println("Generated signatures verified");
        // log.info("Generated signatures verified");
      } else {
        System.out.println("Generated signatures did not verify.");
        // log.warn("Generated signatures did not verify.");
      }
    }
  }
Example #7
0
  /** {@inheritDoc} */
  @SuppressWarnings("unchecked")
  @Override
  public Message get(Message request) throws DNSException {
    LOGGER.trace("get(Message) Entered");
    /* for testing time out cases
    try
    {
    	Thread.sleep(1000000);
    }
    catch (Exception e)
    {

    }
       */
    if (request == null) throw new DNSException(DNSError.newError(Rcode.FORMERR));

    Header header = request.getHeader();
    if (header.getFlag(Flags.QR) || header.getRcode() != Rcode.NOERROR)
      throw new DNSException(DNSError.newError(Rcode.FORMERR));

    if (header.getOpcode() != Opcode.QUERY) throw new DNSException(DNSError.newError(Rcode.NOTIMP));

    Record question = request.getQuestion();

    if (question == null || question.getDClass() != DClass.IN) {
      throw new DNSException(DNSError.newError(Rcode.NOTIMP));
    }

    Record queryRecord = request.getQuestion();
    Name name = queryRecord.getName();
    int type = queryRecord.getType();

    if (LOGGER.isDebugEnabled()) {
      StringBuilder builder = new StringBuilder("Recieved Query Request:");
      builder.append("\r\n\tName: " + name.toString());
      builder.append("\r\n\tType: " + type);
      builder.append("\r\n\tDClass: " + queryRecord.getDClass());
      LOGGER.debug(builder.toString());
    }

    Collection<Record> lookupRecords = null;
    switch (question.getType()) {
      case Type.A:
      case Type.MX:
      case Type.SOA:
      case Type.SRV:
      case Type.NS:
      case Type.CNAME:
        {
          try {
            final RRset set = processGenericRecordRequest(name.toString(), type);

            if (set != null) {
              lookupRecords = new ArrayList<Record>();
              Iterator<Record> iter = set.rrs();
              while (iter.hasNext()) lookupRecords.add(iter.next());
            }

          } catch (Exception e) {
            throw new DNSException(
                DNSError.newError(Rcode.SERVFAIL),
                "DNS service proxy call failed: " + e.getMessage(),
                e);
          }
          break;
        }
      case Type.CERT:
        {
          final RRset set = processCERTRecordRequest(name.toString());

          if (set != null) {
            lookupRecords = new ArrayList<Record>();
            Iterator<Record> iter = set.rrs();
            while (iter.hasNext()) lookupRecords.add(iter.next());
          }

          break;
        }
      case Type.ANY:
        {
          Collection<Record> genRecs = processGenericANYRecordRequest(name.toString());
          RRset certRecs = processCERTRecordRequest(name.toString());

          if (genRecs != null || certRecs != null) {
            lookupRecords = new ArrayList<Record>();
            if (genRecs != null) lookupRecords.addAll(genRecs);

            if (certRecs != null) {
              Iterator<Record> iter = certRecs.rrs();
              while (iter.hasNext()) lookupRecords.add(iter.next());
            }
          }

          break;
        }
      default:
        {
          LOGGER.debug("Query Type " + type + " not implemented");
          throw new DNSException(
              DNSError.newError(Rcode.NOTIMP), "Query Type " + type + " not implemented");
        }
    }

    if (lookupRecords == null || lookupRecords.size() == 0) {
      LOGGER.debug("No records found.");
      return null;
    }

    final Message response = new Message(request.getHeader().getID());
    response.getHeader().setFlag(Flags.QR);
    if (request.getHeader().getFlag(Flags.RD)) response.getHeader().setFlag(Flags.RD);
    response.addRecord(queryRecord, Section.QUESTION);

    final Iterator<Record> iter = lookupRecords.iterator();
    while (iter.hasNext()) response.addRecord(iter.next(), Section.ANSWER);

    // we are authoritative only
    response.getHeader().setFlag(Flags.AA);
    // look for an SOA record
    final Record soaRecord = checkForSoaRecord(name.toString());
    if (soaRecord != null) response.addRecord(soaRecord, Section.AUTHORITY);

    LOGGER.trace("get(Message) Exit");

    return response;
  }
 @Override
 public DnsResponse lookupRecords(final Record query) {
   final Name name = query.getName();
   final int type = query.getType();
   final Cache cache = new Cache();
   Lookup aLookup = new Lookup(name, type);
   aLookup.setCache(cache);
   Record[] found = aLookup.run();
   List<Record> queriedrrs = Arrays.asList(found != null ? found : new Record[] {});
   List<Name> cnames =
       (List<Name>)
           (aLookup.getAliases().length > 0
               ? Arrays.asList(aLookup.getAliases())
               : Lists.newArrayList());
   List<Record> answer = Lists.newArrayList();
   List<Record> authority = Lists.newArrayList();
   List<Record> additional = Lists.newArrayList();
   for (Name cnameRec : cnames) {
     SetResponse sr = cache.lookupRecords(cnameRec, Type.CNAME, Credibility.ANY);
     if (sr != null && sr.isSuccessful() && sr.answers() != null) {
       for (RRset result : sr.answers()) {
         Iterator rrs = result.rrs(false);
         if (rrs != null) {
           for (Object record : ImmutableSet.copyOf(rrs)) {
             answer.add((Record) record);
           }
         }
       }
     }
   }
   for (Record queriedRec : queriedrrs) {
     SetResponse sr =
         cache.lookupRecords(queriedRec.getName(), queriedRec.getType(), Credibility.ANY);
     if (sr != null && sr.isSuccessful() && sr.answers() != null) {
       for (RRset result : sr.answers()) {
         Iterator rrs = result.rrs(false);
         if (rrs != null) {
           for (Object record : ImmutableSet.copyOf(rrs)) {
             answer.add((Record) record);
           }
         }
       }
     }
   }
   for (Record aRec : queriedrrs) {
     List<Record> nsRecs = lookupNSRecords(aRec.getName(), cache);
     for (Record nsRec : nsRecs) {
       authority.add(nsRec);
       Lookup nsLookup = new Lookup(((NSRecord) nsRec).getTarget(), Type.A);
       nsLookup.setCache(cache);
       Record[] nsAnswers = nsLookup.run();
       if (nsAnswers != null) {
         additional.addAll(Arrays.asList(nsAnswers));
       }
     }
   }
   return DnsResponse.forName(query.getName())
       .recursive()
       .withAuthority(authority)
       .withAdditional(additional)
       .answer(answer);
 }