def detect_dnssec_type(zone, queryprovider, attempts=5):
log.info("detecting zone type...")
i = 0
while attempts == 0 or i < attempts:
label_gen = name.label_generator(name.hex_label,
init=randint(0, 0xFFFFFFFFFFFFFFFF))
dname = name.DomainName(label_gen.next()[0], *zone.labels)
result = queryprovider.query(dname, rrtype='A')
# check for NSEC/3 records even if we got a NOERROR response
# to try and avoid loops when the zone contains a wildcard domain
if len(result.find_NSEC()) > 0:
log.info("zone uses NSEC records")
return 'nsec'
elif len(result.find_NSEC3()) > 0:
log.info("zone uses NSEC3 records")
return 'nsec3'
if result.status() == "NXDOMAIN":
raise N3MapError, "zone doesn't seem to be DNSSEC-enabled"
elif result.status() != "NOERROR":
raise N3MapError, ("unexpected response status: ", result.status())
# result.status() == "NOERROR":
log.info("hit an existing owner name")
i += 1
raise N3MapError, "failed to detect zone type after {0:d} attempt(s), terminating.".format(
attempts)
def _get_end(self, endname):
if endname is None:
end = None
else:
end = name.DomainName(*(name.domainname_from_text(endname).labels +
self.zone.labels))
return end
def _get_start(self, startname):
if len(self.nsec_chain) > 0:
return self.nsec_chain[-1].next_owner
if startname is None:
return self.zone
else:
return name.DomainName(
*(name.domainname_from_text(startname).labels +
self.zone.labels))
def _find_uncovered_dn(self, generator, break_early=False):
is_covered = self.nsec3_chain.covers
while True:
for ptlabel,dn_hash in self._prehash_iter:
if not is_covered(dn_hash):
dn = name.DomainName(name.Label(ptlabel), *self.zone.labels)
owner_b32 = util.base32_ext_hex_encode( dn_hash).lower()
hashed_dn = name.DomainName( name.Label(owner_b32), *self.zone.labels)
log.debug3('found uncovered dn: ', str(dn), '; hashed: ', str(hashed_dn))
return dn,dn_hash
self.stats['tested_hashes'] += len(self._prehash_list)
hashes, label_counter_state = self._hash_queues.next().recv()
if self._label_counter_state < label_counter_state:
self._label_counter_state = label_counter_state
self._prehash_list = hashes
self._prehash_iter = iter(hashes)
log.update()
if break_early:
return None,None
def _map_zone(self):
generator = name.label_generator(name.hex_label, self._label_counter_init)
while self.nsec3_chain.size() == 0:
query_dn = name.DomainName(generator.next()[0], *self.zone.labels)
res = self.queryprovider.query(query_dn, rrtype='A')
self._process_query_result(query_dn, res)
self._start_prehashing()
if self._aggressive > 0:
self._map_aggressive(generator)
else:
self._map_normal(generator)
self._write_number_of_records(self.nsec3_chain.size())
self._stop_prehashing()
self._stop_predictor()
def detect_dnssec_type(zone, queryprovider):
log.info("detecting zone type...")
label_gen = name.label_generator(name.hex_label,
init=randint(0, 0xFFFFFFFFFFFFFFFF))
while True:
dname = name.DomainName(label_gen.next()[0], *zone.labels)
result = queryprovider.query(dname, rrtype='A')
if result.status() == "NOERROR":
log.info("hit an existing owner name")
continue
elif result.status() == "NXDOMAIN":
if len(result.find_NSEC()) > 0:
log.info("zone uses NSEC records")
return 'nsec'
elif len(result.find_NSEC3()) > 0:
log.info("zone uses NSEC3 records")
return 'nsec3'
else:
raise N3MapError, "zone doesn't seem to be DNSSEC-enabled"
else:
raise N3MapError, ("unexpected response status: ", result.status())