explore
: generate bind.keys
w/o querying resolver
this avoids the resolver caching any query. that way `tshark` can observe all the messages involved in DNSSEC validating a query "from scratch"
This commit is contained in:
parent
1aab8812df
commit
5d15aa2228
|
@ -1,4 +1,5 @@
|
|||
use std::env;
|
||||
use std::net::Ipv4Addr;
|
||||
use std::sync::mpsc;
|
||||
|
||||
use dns_test::client::Client;
|
||||
|
@ -65,6 +66,19 @@ fn main() -> Result<()> {
|
|||
|
||||
println!("DONE");
|
||||
|
||||
let client = Client::new(&network)?;
|
||||
if args.dnssec {
|
||||
// this will send queries to the loopback address and fail because there's no resolver
|
||||
// but as a side-effect it will generate the `/etc/bind.keys` file we want
|
||||
// ignore the expected error
|
||||
let _ = client.delv(
|
||||
Ipv4Addr::new(127, 0, 0, 1),
|
||||
RecordType::SOA,
|
||||
&FQDN::ROOT,
|
||||
&trust_anchor,
|
||||
)?;
|
||||
}
|
||||
|
||||
println!("building docker image...");
|
||||
let resolver = Resolver::new(
|
||||
&network,
|
||||
|
@ -74,14 +88,6 @@ fn main() -> Result<()> {
|
|||
.start(&dns_test::SUBJECT)?;
|
||||
println!("DONE\n\n");
|
||||
|
||||
let resolver_addr = resolver.ipv4_addr();
|
||||
let client = Client::new(&network)?;
|
||||
|
||||
if args.dnssec {
|
||||
// generate `/etc/bind.keys`
|
||||
client.delv(resolver_addr, RecordType::SOA, &FQDN::ROOT, &trust_anchor)?;
|
||||
}
|
||||
|
||||
let (tx, rx) = mpsc::channel();
|
||||
|
||||
ctrlc::set_handler(move || tx.send(()).expect("could not forward signal"))?;
|
||||
|
@ -107,7 +113,8 @@ fn main() -> Result<()> {
|
|||
nameservers_ns.container_id()
|
||||
);
|
||||
|
||||
println!("resolver's IP address: {resolver_addr}");
|
||||
let resolver_addr = resolver.ipv4_addr();
|
||||
println!("resolver's IP address: {resolver_addr}",);
|
||||
println!(
|
||||
"attach to this container with: `docker exec -it {} bash`\n",
|
||||
resolver.container_id()
|
||||
|
|
Loading…
Reference in New Issue
Block a user