From 5d15aa222820309894ee78ac8885a38df594dcaa Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Fri, 1 Mar 2024 19:13:58 +0100 Subject: [PATCH] `explore`: generate `bind.keys` w/o querying resolver this avoids the resolver caching any query. that way `tshark` can observe all the messages involved in DNSSEC validating a query "from scratch" --- packages/dns-test/examples/explore.rs | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/packages/dns-test/examples/explore.rs b/packages/dns-test/examples/explore.rs index 0047bf7e..bc13d63a 100644 --- a/packages/dns-test/examples/explore.rs +++ b/packages/dns-test/examples/explore.rs @@ -1,4 +1,5 @@ use std::env; +use std::net::Ipv4Addr; use std::sync::mpsc; use dns_test::client::Client; @@ -65,6 +66,19 @@ fn main() -> Result<()> { println!("DONE"); + let client = Client::new(&network)?; + if args.dnssec { + // this will send queries to the loopback address and fail because there's no resolver + // but as a side-effect it will generate the `/etc/bind.keys` file we want + // ignore the expected error + let _ = client.delv( + Ipv4Addr::new(127, 0, 0, 1), + RecordType::SOA, + &FQDN::ROOT, + &trust_anchor, + )?; + } + println!("building docker image..."); let resolver = Resolver::new( &network, @@ -74,14 +88,6 @@ fn main() -> Result<()> { .start(&dns_test::SUBJECT)?; println!("DONE\n\n"); - let resolver_addr = resolver.ipv4_addr(); - let client = Client::new(&network)?; - - if args.dnssec { - // generate `/etc/bind.keys` - client.delv(resolver_addr, RecordType::SOA, &FQDN::ROOT, &trust_anchor)?; - } - let (tx, rx) = mpsc::channel(); ctrlc::set_handler(move || tx.send(()).expect("could not forward signal"))?; @@ -107,7 +113,8 @@ fn main() -> Result<()> { nameservers_ns.container_id() ); - println!("resolver's IP address: {resolver_addr}"); + let resolver_addr = resolver.ipv4_addr(); + println!("resolver's IP address: {resolver_addr}",); println!( "attach to this container with: `docker exec -it {} bash`\n", resolver.container_id()