colin/hickory-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

introduce LookupOptions in Authority to allow dnssec feature off

Browse Source
This commit is contained in:
Benjamin Fry 2021-06-06 11:12:01 -07:00
parent 0cc7874201
commit a7778fbf16
17 changed files with 393 additions and 404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -15,6 +15,8 @@ All notes should be prepended with the location of the change, e.g. `(proto)` or
### Changed
- (client) the feature `dnssec` is no longer enabled by default, use `dnssec-ring` or `dnssec-openssl` #1506
- (server) dnssec functions of `Authority` moved into `DnsSecAuthority` #1506
- (all) Most public enum types are now marked `#[non_exaustive]` #1426
- (resolver) DnsRequestOptions and ResolverOpts now `#[non_exaustive]` #1426
- (proto) all I/O Streams now use `BufDnsStreamHandle` rather than generic `DnsStreamHandle` #1433

102
crates/server/src/authority/auth_lookup.rs
View File

@ -9,9 +9,10 @@ use std::iter::Chain;
use std::slice::Iter;
use std::sync::Arc;
use crate::authority::LookupObject;
use cfg_if::cfg_if;
use crate::authority::{LookupObject, LookupOptions};
use crate::client::rr::LowerName;
use crate::proto::rr::dnssec::SupportedAlgorithms;
use crate::proto::rr::{Record, RecordSet, RecordType, RrsetRecords};
/// The result of a lookup on an Authority
@ -185,8 +186,7 @@ impl From<LookupRecords> for AuthLookup {
/// * `'q` - the lifetime of the query/request
#[derive(Debug)]
pub struct AnyRecords {
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
rrsets: Vec<Arc<RecordSet>>,
rrset: Option<Arc<RecordSet>>,
records: Option<Arc<RecordSet>>,
@ -197,16 +197,14 @@ pub struct AnyRecords {
impl AnyRecords {
/// construct a new lookup of any set of records
pub fn new(
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
// TODO: potentially very expensive
rrsets: Vec<Arc<RecordSet>>,
query_type: RecordType,
query_name: LowerName,
) -> Self {
AnyRecords {
is_secure,
supported_algorithms,
lookup_options,
rrsets,
rrset: None,
records: None,
@ -226,8 +224,7 @@ impl<'r> IntoIterator for &'r AnyRecords {
fn into_iter(self) -> Self::IntoIter {
AnyRecordsIter {
is_secure: self.is_secure,
supported_algorithms: self.supported_algorithms,
lookup_options: self.lookup_options,
// TODO: potentially very expensive
rrsets: self.rrsets.iter(),
rrset: None,
@ -239,9 +236,9 @@ impl<'r> IntoIterator for &'r AnyRecords {
}
/// An iteration over a lookup for any Records
#[allow(unused)]
pub struct AnyRecordsIter<'r> {
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
rrsets: Iter<'r, Arc<RecordSet>>,
rrset: Option<&'r RecordSet>,
records: Option<RrsetRecords<'r>>,
@ -281,11 +278,17 @@ impl<'r> Iterator for AnyRecordsIter<'r> {
self.rrset?;
// getting here, we must have exhausted our records from the rrset
self.records = Some(
self.rrset
.expect("rrset should not be None at this point")
.records(self.is_secure, self.supported_algorithms),
);
cfg_if! {
if #[cfg(feature = "dnssec")] {
self.records = Some(
self.rrset
.expect("rrset should not be None at this point")
.records(self.lookup_options.is_dnssec(), self.lookup_options.supported_algorithms()),
);
} else {
self.records = Some(self.rrset.expect("rrset should not be None at this point").records_without_rrsigs());
}
}
}
}
}
@ -297,15 +300,13 @@ pub enum LookupRecords {
Empty,
/// The associate records
Records {
/// was the search a secure search
is_secure: bool,
/// what are the requests supported algorithms
supported_algorithms: SupportedAlgorithms,
/// LookupOptions for the request, e.g. dnssec and supported algorithms
lookup_options: LookupOptions,
/// the records found based on the query
records: Arc<RecordSet>,
},
/// Vec of disjoint record sets
ManyRecords(bool, SupportedAlgorithms, Vec<Arc<RecordSet>>),
ManyRecords(LookupOptions, Vec<Arc<RecordSet>>),
// TODO: need a better option for very large zone xfrs...
/// A generic lookup response where anything is desired
AnyRecords(AnyRecords),
@ -313,27 +314,18 @@ pub enum LookupRecords {
impl LookupRecords {
/// Construct a new LookupRecords
pub fn new(
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
records: Arc<RecordSet>,
) -> Self {
pub fn new(lookup_options: LookupOptions, records: Arc<RecordSet>) -> Self {
LookupRecords::Records {
is_secure,
supported_algorithms,
lookup_options,
records,
}
}
/// Construct a new LookupRecords over a set of ResordSets
pub fn many(
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
mut records: Vec<Arc<RecordSet>>,
) -> Self {
pub fn many(lookup_options: LookupOptions, mut records: Vec<Arc<RecordSet>>) -> Self {
// we're reversing the records because they are output in reverse order, via pop()
records.reverse();
LookupRecords::ManyRecords(is_secure, supported_algorithms, records)
LookupRecords::ManyRecords(lookup_options, records)
}
/// This is an NxDomain or NameExists, and has no associated records
@ -363,17 +355,37 @@ impl<'a> IntoIterator for &'a LookupRecords {
match self {
LookupRecords::Empty => LookupRecordsIter::Empty,
LookupRecords::Records {
is_secure,
supported_algorithms,
lookup_options,
records,
} => LookupRecordsIter::RecordsIter(records.records(*is_secure, *supported_algorithms)),
LookupRecords::ManyRecords(is_secure, supported_algorithms, r) => {
LookupRecordsIter::ManyRecordsIter(
r.iter()
.map(|r| r.records(*is_secure, *supported_algorithms))
.collect(),
None,
)
} => {
cfg_if! {
if #[cfg(feature = "dnssec")] {
LookupRecordsIter::RecordsIter(records.records(
lookup_options.is_dnssec(),
lookup_options.supported_algorithms(),
))
} else {
LookupRecordsIter::RecordsIter(records.records_without_rrsigs())
}
}
}
LookupRecords::ManyRecords(lookup_options, r) => {
cfg_if! {
if #[cfg(feature = "dnssec")] {
LookupRecordsIter::ManyRecordsIter(
r.iter().map(|r| r.records(
lookup_options.is_dnssec(),
lookup_options.supported_algorithms(),
)).collect(),
None,
)
} else {
LookupRecordsIter::ManyRecordsIter(
r.iter().map(|r| r.records_without_rrsigs()).collect(),
None,
)
}
}
}
LookupRecords::AnyRecords(r) => LookupRecordsIter::AnyRecordsIter(r.iter()),
}

108
crates/server/src/authority/authority.rs
View File

@ -1,4 +1,4 @@
// Copyright 2015-2018 Benjamin Fry <benjaminfry@me.com>
// Copyright 2015-2021 Benjamin Fry <benjaminfry@me.com>
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
@ -11,11 +11,78 @@ use std::pin::Pin;
use crate::client::op::LowerQuery;
use crate::client::proto::rr::dnssec::rdata::key::KEY;
use crate::client::rr::dnssec::{DnsSecError, DnsSecResult, SigSigner, SupportedAlgorithms};
#[cfg(feature = "dnssec")]
use crate::client::rr::dnssec::SupportedAlgorithms;
use crate::client::rr::dnssec::{DnsSecError, DnsSecResult, SigSigner};
use crate::client::rr::{LowerName, Name, RecordType};
use crate::authority::{LookupError, MessageRequest, UpdateResult, ZoneType};
/// LookupOptions that specify different options from the client to include or exclude various records in the response.
///
/// For example, `is_dnssec` will include `RRSIG` in the response, `supported_algorithms` will only include a subset of
/// `RRSIG` based on the algorithms supported by the request.
#[derive(Clone, Copy, Debug)]
pub struct LookupOptions {
is_dnssec: bool,
#[cfg(feature = "dnssec")]
supported_algorithms: SupportedAlgorithms,
}
impl Default for LookupOptions {
/// Returns a LookupOptions with all default values, i.e. DNSSEC will be disabled.
fn default() -> Self {
LookupOptions {
is_dnssec: false,
#[cfg(feature = "dnssec")]
supported_algorithms: SupportedAlgorithms::default(),
}
}
}
/// Lookup Options for the request to the authority
impl LookupOptions {
/// Return a new LookupOptions
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
pub fn for_dnssec(is_dnssec: bool, supported_algorithms: SupportedAlgorithms) -> Self {
LookupOptions {
is_dnssec,
supported_algorithms,
}
}
/// Specify that this lookup should return DNSSEC related records as well, e.g. RRSIG
pub fn set_is_dnssec(self, val: bool) -> Self {
Self {
is_dnssec: val,
..self
}
}
/// If true this lookup should return DNSSEC related records as well, e.g. RRSIG
pub fn is_dnssec(&self) -> bool {
self.is_dnssec
}
/// Specify the algorithms for which DNSSEC records should be returned
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
pub fn set_supported_algorithms(self, val: SupportedAlgorithms) -> Self {
Self {
supported_algorithms: val,
..self
}
}
/// The algorithms for which DNSSEC records should be returned
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
pub fn supported_algorithms(&self) -> SupportedAlgorithms {
self.supported_algorithms
}
}
/// Authority implementations can be used with a `Catalog`
pub trait Authority: Send {
/// Result of a lookup
@ -53,8 +120,7 @@ pub trait Authority: Send {
&self,
name: &LowerName,
rtype: RecordType,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>>;
/// Using the specified query, perform a lookup against this zone.
@ -71,22 +137,15 @@ pub trait Authority: Send {
fn search(
&self,
query: &LowerQuery,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>>;
/// Get the NS, NameServer, record for the zone
fn ns(
&self,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
self.lookup(
self.origin(),
RecordType::NS,
is_secure,
supported_algorithms,
)
self.lookup(self.origin(), RecordType::NS, lookup_options)
}
/// Return the NSEC records based on the given name
@ -99,8 +158,7 @@ pub trait Authority: Send {
fn get_nsec_records(
&self,
name: &LowerName,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>>;
/// Returns the SOA of the authority.
@ -109,29 +167,17 @@ pub trait Authority: Send {
/// should be used, see `soa_secure()`, which will optionally return RRSIGs.
fn soa(&self) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
// SOA should be origin|SOA
self.lookup(
self.origin(),
RecordType::SOA,
false,
SupportedAlgorithms::new(),
)
self.lookup(self.origin(), RecordType::SOA, LookupOptions::default())
}
/// Returns the SOA record for the zone
fn soa_secure(
&self,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
self.lookup(
self.origin(),
RecordType::SOA,
is_secure,
supported_algorithms,
)
self.lookup(self.origin(), RecordType::SOA, lookup_options)
}
// TODO: this should probably be a general purpose higher level component?
/// Add a (Sig0) key that is authorized to perform updates against this authority
fn add_update_auth_key(&mut self, _name: Name, _key: KEY) -> DnsSecResult<()> {
Err(DnsSecError::from(

74
crates/server/src/authority/authority_object.rs
View File

@ -15,13 +15,14 @@ use std::task::{Context, Poll};
use futures_util::{future, TryFutureExt};
use log::debug;
use crate::authority::{
Authority, LookupError, LookupOptions, MessageRequest, UpdateResult, ZoneType,
};
use crate::client::op::LowerQuery;
use crate::client::proto::rr::dnssec::rdata::key::KEY;
use crate::client::rr::dnssec::{DnsSecError, DnsSecResult, SigSigner, SupportedAlgorithms};
use crate::client::rr::dnssec::{DnsSecError, DnsSecResult, SigSigner};
use crate::client::rr::{LowerName, Name, Record, RecordType};
use crate::authority::{Authority, LookupError, MessageRequest, UpdateResult, ZoneType};
/// An Object safe Authority
pub trait AuthorityObject: Send + Sync {
/// Clone the object
@ -57,8 +58,7 @@ pub trait AuthorityObject: Send + Sync {
&self,
name: &LowerName,
rtype: RecordType,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> BoxedLookupFuture;
/// Using the specified query, perform a lookup against this zone.
@ -72,21 +72,11 @@ pub trait AuthorityObject: Send + Sync {
///
/// Returns a vectory containing the results of the query, it will be empty if not found. If
/// `is_secure` is true, in the case of no records found then NSEC records will be returned.
fn search(
&self,
query: &LowerQuery,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
) -> BoxedLookupFuture;
fn search(&self, query: &LowerQuery, lookup_options: LookupOptions) -> BoxedLookupFuture;
/// Get the NS, NameServer, record for the zone
fn ns(&self, is_secure: bool, supported_algorithms: SupportedAlgorithms) -> BoxedLookupFuture {
self.lookup(
&self.origin(),
RecordType::NS,
is_secure,
supported_algorithms,
)
fn ns(&self, lookup_options: LookupOptions) -> BoxedLookupFuture {
self.lookup(&self.origin(), RecordType::NS, lookup_options)
}
/// Return the NSEC records based on the given name
@ -99,8 +89,7 @@ pub trait AuthorityObject: Send + Sync {
fn get_nsec_records(
&self,
name: &LowerName,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> BoxedLookupFuture;
/// Returns the SOA of the authority.
@ -109,26 +98,12 @@ pub trait AuthorityObject: Send + Sync {
/// should be used, see `soa_secure()`, which will optionally return RRSIGs.
fn soa(&self) -> BoxedLookupFuture {
// SOA should be origin|SOA
self.lookup(
&self.origin(),
RecordType::SOA,
false,
SupportedAlgorithms::new(),
)
self.lookup(&self.origin(), RecordType::SOA, LookupOptions::default())
}
/// Returns the SOA record for the zone
fn soa_secure(
&self,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
) -> BoxedLookupFuture {
self.lookup(
&self.origin(),
RecordType::SOA,
is_secure,
supported_algorithms,
)
fn soa_secure(&self, lookup_options: LookupOptions) -> BoxedLookupFuture {
self.lookup(&self.origin(), RecordType::SOA, lookup_options)
}
// TODO: this should probably be a general purpose higher level component?
@ -202,11 +177,10 @@ where
&self,
name: &LowerName,
rtype: RecordType,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> BoxedLookupFuture {
let this = self.read().expect("poisoned");
let lookup = Authority::lookup(&*this, name, rtype, is_secure, supported_algorithms);
let lookup = Authority::lookup(&*this, name, rtype, lookup_options);
BoxedLookupFuture::from(lookup.map_ok(|l| Box::new(l) as Box<dyn LookupObject>))
}
@ -221,15 +195,10 @@ where
///
/// Returns a vectory containing the results of the query, it will be empty if not found. If
/// `is_secure` is true, in the case of no records found then NSEC records will be returned.
fn search(
&self,
query: &LowerQuery,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
) -> BoxedLookupFuture {
fn search(&self, query: &LowerQuery, lookup_options: LookupOptions) -> BoxedLookupFuture {
let this = self.read().expect("poisoned");
debug!("performing {} on {}", query, this.origin());
let lookup = Authority::search(&*this, query, is_secure, supported_algorithms);
let lookup = Authority::search(&*this, query, lookup_options);
BoxedLookupFuture::from(lookup.map_ok(|l| Box::new(l) as Box<dyn LookupObject>))
}
@ -243,15 +212,10 @@ where
fn get_nsec_records(
&self,
name: &LowerName,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> BoxedLookupFuture {
let lookup = Authority::get_nsec_records(
&*self.read().expect("poisoned"),
name,
is_secure,
supported_algorithms,
);
let lookup =
Authority::get_nsec_records(&*self.read().expect("poisoned"), name, lookup_options);
BoxedLookupFuture::from(lookup.map_ok(|l| Box::new(l) as Box<dyn LookupObject>))
}

93
crates/server/src/authority/catalog.rs
View File

@ -1,18 +1,10 @@
/*
* Copyright (C) 2015 Benjamin Fry <benjaminfry@me.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Copyright 2015-2021 Benjamin Fry <benjaminfry@me.com>
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
// TODO, I've implemented this as a separate entity from the cache, but I wonder if the cache
// should be the only "front-end" for lookups, where if that misses, then we go to the catalog
// then, if requested, do a recursive lookup... i.e. the catalog would only point to files.
@ -22,17 +14,21 @@ use std::future::Future;
use std::io;
use std::pin::Pin;
use cfg_if::cfg_if;
use log::{debug, error, info, trace, warn};
use crate::authority::{
AuthLookup, MessageRequest, MessageResponse, MessageResponseBuilder, ZoneType,
};
use crate::authority::{
AuthorityObject, BoxedLookupFuture, EmptyLookup, LookupError, LookupObject,
AuthorityObject, BoxedLookupFuture, EmptyLookup, LookupError, LookupObject, LookupOptions,
};
use crate::client::op::{Edns, Header, LowerQuery, MessageType, OpCode, ResponseCode};
use crate::client::rr::dnssec::{Algorithm, SupportedAlgorithms};
use crate::client::rr::rdata::opt::{EdnsCode, EdnsOption};
#[cfg(feature = "dnssec")]
use crate::client::rr::{
dnssec::{Algorithm, SupportedAlgorithms},
rdata::opt::{EdnsCode, EdnsOption},
};
use crate::client::rr::{LowerName, RecordType};
use crate::server::{Request, RequestHandler, ResponseHandler};
@ -47,10 +43,11 @@ fn send_response<R: ResponseHandler>(
mut response: MessageResponse<'_, '_>,
mut response_handle: R,
) -> io::Result<()> {
#[cfg(feature = "dnssec")]
if let Some(mut resp_edns) = response_edns {
// set edns DAU and DHU
// send along the algorithms which are supported by this authority
let mut algorithms = SupportedAlgorithms::new();
let mut algorithms = SupportedAlgorithms::default();
algorithms.set(Algorithm::RSASHA256);
algorithms.set(Algorithm::ECDSAP256SHA256);
algorithms.set(Algorithm::ECDSAP384SHA384);
@ -428,30 +425,42 @@ async fn lookup<R: ResponseHandler + Unpin>(
}
}
fn lookup_options_for_edns(edns: Option<&Edns>) -> LookupOptions {
let edns = match edns {
Some(edns) => edns,
None => return LookupOptions::default(),
};
cfg_if! {
if #[cfg(feature = "dnssec")] {
let supported_algorithms = if let Some(&EdnsOption::DAU(algs)) = edns.option(EdnsCode::DAU)
{
algs
} else {
debug!("no DAU in request, used default SupportAlgorithms");
Default::default()
};
LookupOptions::for_dnssec(edns.dnssec_ok(), supported_algorithms)
} else {
LookupOptions::default()
}
}
}
async fn build_response(
authority: &dyn AuthorityObject,
request_id: u16,
query: &LowerQuery,
edns: Option<&Edns>,
) -> (Header, LookupSections) {
let (is_dnssec, supported_algorithms) =
edns.map_or((false, SupportedAlgorithms::new()), |edns| {
let supported_algorithms =
if let Some(&EdnsOption::DAU(algs)) = edns.option(EdnsCode::DAU) {
algs
} else {
debug!("no DAU in request, used default SupportAlgorithms");
Default::default()
};
(edns.dnssec_ok(), supported_algorithms)
});
let lookup_options = lookup_options_for_edns(edns);
// log algorithms being requested
if is_dnssec {
if lookup_options.is_dnssec() {
info!(
"request: {} supported_algs: {}",
request_id, supported_algorithms
"request: {} lookup_options: {:?}",
request_id, lookup_options
);
}
@ -462,7 +471,7 @@ async fn build_response(
response_header.set_authoritative(authority.zone_type().is_authoritative());
debug!("performing {} on {}", query, authority.origin());
let future = authority.search(query, is_dnssec, supported_algorithms);
let future = authority.search(query, lookup_options);
#[allow(deprecated)]
let sections = match authority.zone_type() {
@ -471,8 +480,7 @@ async fn build_response(
future,
authority,
&mut response_header,
is_dnssec,
supported_algorithms,
lookup_options,
request_id,
&query,
)
@ -490,8 +498,7 @@ async fn send_authoritative_response(
future: BoxedLookupFuture,
authority: &dyn AuthorityObject,
response_header: &mut Header,
is_dnssec: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
request_id: u16,
query: &LowerQuery,
) -> LookupSections {
@ -529,7 +536,7 @@ async fn send_authoritative_response(
let (ns, soa) = if answers.is_some() {
// This was a successful authoritative lookup:
// get the NS records
match authority.ns(is_dnssec, supported_algorithms).await {
match authority.ns(lookup_options).await {
Ok(ns) => (Some(ns), None),
Err(e) => {
warn!("ns_lookup errored: {}", e);
@ -537,11 +544,11 @@ async fn send_authoritative_response(
}
}
} else {
let nsecs = if is_dnssec {
let nsecs = if lookup_options.is_dnssec() {
// in the dnssec case, nsec records should exist, we return NoError + NoData + NSec...
debug!("request: {} non-existent adding nsecs", request_id);
// run the nsec lookup future, and then transition to get soa
let future = authority.get_nsec_records(query.name(), true, supported_algorithms);
let future = authority.get_nsec_records(query.name(), lookup_options);
match future.await {
// run the soa lookup
Ok(nsecs) => Some(nsecs),
@ -554,7 +561,7 @@ async fn send_authoritative_response(
None
};
match authority.soa_secure(is_dnssec, supported_algorithms).await {
match authority.soa_secure(lookup_options).await {
Ok(soa) => (nsecs, Some(soa)),
Err(e) => {
warn!("failed to lookup soa: {}", e);

2
crates/server/src/authority/mod.rs
View File

@ -25,7 +25,7 @@ mod zone_type;
pub use self::auth_lookup::{
AnyRecords, AuthLookup, AuthLookupIter, LookupRecords, LookupRecordsIter,
};
pub use self::authority::Authority;
pub use self::authority::{Authority, LookupOptions};
pub use self::authority_object::{AuthorityObject, BoxedLookupFuture, EmptyLookup, LookupObject};
pub use self::catalog::Catalog;
pub use self::error::{LookupError, LookupResult};

14
crates/server/src/config/dnssec.rs
View File

@ -16,12 +16,12 @@ use rustls::{Certificate, PrivateKey};
use serde::Deserialize;
use crate::client::error::ParseResult;
use crate::client::rr::dnssec::Algorithm;
#[cfg(any(feature = "dns-over-tls", feature = "dnssec"))]
use crate::client::rr::dnssec::{KeyFormat, KeyPair, Private, SigSigner};
#[cfg(feature = "dnssec")]
use crate::client::rr::domain::IntoName;
use crate::client::rr::domain::Name;
#[cfg(feature = "dnssec")]
use crate::client::rr::{
dnssec::{Algorithm, KeyFormat, KeyPair, Private, SigSigner},
domain::IntoName,
};
/// Key pair configuration for DNSSec keys for signing a zone
#[derive(Deserialize, PartialEq, Debug)]
@ -51,6 +51,8 @@ impl KeyConfig {
/// * `signer_name` - the name to use when signing records, e.g. ns.example.com
/// * `is_zone_signing_key` - specify that this key should be used for signing a zone
/// * `is_zone_update_auth` - specifies that this key can be used for dynamic updates in the zone
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
pub fn new(
key_path: String,
password: Option<String>,
@ -107,6 +109,8 @@ impl KeyConfig {
}
/// algorithm for for the key, see `Algorithm` for supported algorithms.
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
pub fn algorithm(&self) -> ParseResult<Algorithm> {
match self.algorithm.as_str() {
"RSASHA1" => Ok(Algorithm::RSASHA1),

19
crates/server/src/config/mod.rs
View File

@ -16,6 +16,7 @@ use std::path::{Path, PathBuf};
use std::str::FromStr;
use std::time::Duration;
use cfg_if::cfg_if;
use log;
use serde::{self, Deserialize};
use toml;
@ -139,7 +140,13 @@ impl Config {
/// the tls certificate to use for accepting tls connections
pub fn get_tls_cert(&self) -> Option<&dnssec::TlsCertConfig> {
self.tls_cert.as_ref()
cfg_if! {
if #[cfg(feature = "dnssec")] {
self.tls_cert.as_ref()
} else {
None
}
}
}
}
@ -239,10 +246,18 @@ impl ZoneConfig {
/// declare that this zone should be signed, see keys for configuration of the keys for signing
pub fn is_dnssec_enabled(&self) -> bool {
self.enable_dnssec.unwrap_or(false)
cfg_if! {
if #[cfg(feature = "dnssec")] {
self.enable_dnssec.unwrap_or(false)
} else {
false
}
}
}
/// the configuration for the keys used for auth and/or dnssec zone signing.
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
pub fn get_keys(&self) -> &[dnssec::KeyConfig] {
&self.keys
}

38
crates/server/src/store/file/authority.rs
View File

@ -17,10 +17,12 @@ use std::pin::Pin;
use log::{debug, info};
use crate::authority::{Authority, LookupError, MessageRequest, UpdateResult, ZoneType};
use crate::authority::{
Authority, LookupError, LookupOptions, MessageRequest, UpdateResult, ZoneType,
};
use crate::client::op::LowerQuery;
use crate::client::proto::rr::dnssec::rdata::key::KEY;
use crate::client::rr::dnssec::{DnsSecResult, SigSigner, SupportedAlgorithms};
use crate::client::rr::dnssec::{DnsSecResult, SigSigner};
use crate::client::rr::{LowerName, Name, RecordSet, RecordType, RrKey};
use crate::client::serialize::txt::{Lexer, Parser, Token};
use crate::store::file::FileConfig;
@ -268,10 +270,9 @@ impl Authority for FileAuthority {
&self,
name: &LowerName,
rtype: RecordType,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
Box::pin(self.0.lookup(name, rtype, is_secure, supported_algorithms))
Box::pin(self.0.lookup(name, rtype, lookup_options))
}
/// Using the specified query, perform a lookup against this zone.
@ -288,19 +289,17 @@ impl Authority for FileAuthority {
fn search(
&self,
query: &LowerQuery,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
Box::pin(self.0.search(query, is_secure, supported_algorithms))
Box::pin(self.0.search(query, lookup_options))
}
/// Get the NS, NameServer, record for the zone
fn ns(
&self,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
self.0.ns(is_secure, supported_algorithms)
self.0.ns(lookup_options)
}
/// Return the NSEC records based on the given name
@ -313,11 +312,9 @@ impl Authority for FileAuthority {
fn get_nsec_records(
&self,
name: &LowerName,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
self.0
.get_nsec_records(name, is_secure, supported_algorithms)
self.0.get_nsec_records(name, lookup_options)
}
/// Returns the SOA of the authority.
@ -331,10 +328,9 @@ impl Authority for FileAuthority {
/// Returns the SOA record for the zone
fn soa_secure(
&self,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
self.0.soa_secure(is_secure, supported_algorithms)
self.0.soa_secure(lookup_options)
}
/// Add a (Sig0) key that is authorized to perform updates against this authority
@ -382,8 +378,7 @@ mod tests {
&authority,
&LowerName::from_str("www.example.com.").unwrap(),
RecordType::A,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.expect("lookup failed");
@ -401,8 +396,7 @@ mod tests {
&authority,
&LowerName::from_str("include.alias.example.com.").unwrap(),
RecordType::A,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.expect("INCLUDE lookup failed");

19
crates/server/src/store/forwarder/authority.rs
View File

@ -15,7 +15,6 @@ use log::info;
use crate::client::op::LowerQuery;
use crate::client::op::ResponseCode;
use crate::client::rr::dnssec::SupportedAlgorithms;
use crate::client::rr::{LowerName, Name, Record, RecordType};
use crate::resolver::config::ResolverConfig;
use crate::resolver::error::ResolveError;
@ -23,7 +22,7 @@ use crate::resolver::lookup::Lookup as ResolverLookup;
use crate::resolver::{TokioAsyncResolver, TokioHandle};
use crate::authority::{
Authority, LookupError, LookupObject, MessageRequest, UpdateResult, ZoneType,
Authority, LookupError, LookupObject, LookupOptions, MessageRequest, UpdateResult, ZoneType,
};
use crate::store::forwarder::ForwardConfig;
@ -106,8 +105,7 @@ impl Authority for ForwardAuthority {
&self,
name: &LowerName,
rtype: RecordType,
_is_secure: bool,
_supported_algorithms: SupportedAlgorithms,
_lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
// TODO: make this an error?
assert!(self.origin.zone_of(name));
@ -124,22 +122,15 @@ impl Authority for ForwardAuthority {
fn search(
&self,
query: &LowerQuery,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
Box::pin(self.lookup(
query.name(),
query.query_type(),
is_secure,
supported_algorithms,
))
Box::pin(self.lookup(query.name(), query.query_type(), lookup_options))
}
fn get_nsec_records(
&self,
_name: &LowerName,
_is_secure: bool,
_supported_algorithms: SupportedAlgorithms,
_lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
Box::pin(future::err(LookupError::from(io::Error::new(
io::ErrorKind::Other,

86
crates/server/src/store/in_memory/authority.rs
View File

@ -13,11 +13,14 @@ use std::future::Future;
use std::pin::Pin;
use std::sync::Arc;
use cfg_if::cfg_if;
use futures_util::future::{self, TryFutureExt};
use log::{debug, error};
use crate::client::op::{LowerQuery, ResponseCode};
use crate::client::rr::dnssec::{DnsSecResult, SigSigner, SupportedAlgorithms};
#[cfg(feature = "dnssec")]
use crate::client::rr::dnssec::SupportedAlgorithms;
use crate::client::rr::dnssec::{DnsSecResult, SigSigner};
use crate::client::rr::rdata::key::KEY;
#[cfg(feature = "dnssec")]
use crate::client::rr::rdata::DNSSECRData;
@ -25,8 +28,8 @@ use crate::client::rr::rdata::SOA;
use crate::client::rr::{DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey};
use crate::authority::{
AnyRecords, AuthLookup, Authority, LookupError, LookupRecords, LookupResult, MessageRequest,
UpdateResult, ZoneType,
AnyRecords, AuthLookup, Authority, LookupError, LookupOptions, LookupRecords, LookupResult,
MessageRequest, UpdateResult, ZoneType,
};
/// InMemoryAuthority is responsible for storing the resource records for a particular zone.
@ -189,8 +192,7 @@ impl InMemoryAuthority {
&self,
name: &LowerName,
record_type: RecordType,
and_rrsigs: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Option<Arc<RecordSet>> {
// this range covers all the records for any of the RecordTypes at a given label.
let start_range_key = RrKey::new(name.clone(), RecordType::Unknown(u16::min_value()));
@ -214,7 +216,7 @@ impl InMemoryAuthority {
// TODO: maybe unwrap this recursion.
match lookup {
None => self.inner_lookup_wildcard(name, record_type, and_rrsigs, supported_algorithms),
None => self.inner_lookup_wildcard(name, record_type, lookup_options),
l => l.cloned(),
}
}
@ -223,8 +225,7 @@ impl InMemoryAuthority {
&self,
name: &LowerName,
record_type: RecordType,
and_rrsigs: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Option<Arc<RecordSet>> {
// if this is a wildcard or a root, both should break continued lookups
let wildcard = if name.is_wildcard() || name.is_root() {
@ -233,15 +234,27 @@ impl InMemoryAuthority {
name.clone().into_wildcard()
};
self.inner_lookup(&wildcard, record_type, and_rrsigs, supported_algorithms)
self.inner_lookup(&wildcard, record_type, lookup_options)
// we need to change the name to the query name in the result set since this was a wildcard
.map(|rrset| {
let mut new_answer =
RecordSet::new(name.borrow(), rrset.record_type(), rrset.ttl());
let (records, _rrsigs): (Vec<&Record>, Vec<&Record>) = rrset
.records(and_rrsigs, supported_algorithms)
.partition(|r| r.record_type() != RecordType::RRSIG);
let records;
let _rrsigs: Vec<&Record>;
cfg_if! {
if #[cfg(feature = "dnssec")] {
let (records_tmp, rrsigs_tmp) = rrset
.records(lookup_options.is_dnssec(), lookup_options.supported_algorithms())
.partition(|r| r.record_type() != RecordType::RRSIG);
records = records_tmp;
_rrsigs = rrsigs_tmp;
} else {
let (records_tmp, rrsigs_tmp) = (rrset.records_without_rrsigs(), Vec::with_capacity(0));
records = records_tmp;
_rrsigs = rrsigs_tmp;
}
};
for record in records {
new_answer.add_rdata(record.rdata().clone());
@ -268,8 +281,7 @@ impl InMemoryAuthority {
query_type: RecordType,
next_name: LowerName,
_search_type: RecordType,
and_rrsigs: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Option<Vec<Arc<RecordSet>>> {
let mut additionals: Vec<Arc<RecordSet>> = vec![];
@ -287,8 +299,7 @@ impl InMemoryAuthority {
// loop and collect any additional records to send
let mut next_name = Some(next_name.clone());
while let Some(search) = next_name.take() {
let additional =
self.inner_lookup(&search, *query_type, and_rrsigs, supported_algorithms);
let additional = self.inner_lookup(&search, *query_type, lookup_options);
let mut continue_name = None;
if let Some(additional) = additional {
@ -786,16 +797,14 @@ impl Authority for InMemoryAuthority {
&self,
name: &LowerName,
query_type: RecordType,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
// Collect the records from each rr_set
let (result, additionals): (LookupResult<LookupRecords>, Option<LookupRecords>) =
match query_type {
RecordType::AXFR | RecordType::ANY => {
let result = AnyRecords::new(
is_secure,
supported_algorithms,
lookup_options,
self.records.values().cloned().collect(),
query_type,
name.clone(),
@ -804,8 +813,7 @@ impl Authority for InMemoryAuthority {
}
_ => {
// perform the lookup
let answer =
self.inner_lookup(name, query_type, is_secure, supported_algorithms);
let answer = self.inner_lookup(name, query_type, lookup_options);
// evaluate any cnames for additional inclusion
let additionals_root_chain_type: Option<(_, _)> = answer
@ -816,8 +824,7 @@ impl Authority for InMemoryAuthority {
query_type,
search_name,
search_type,
is_secure,
supported_algorithms,
lookup_options,
)
.map(|adds| (adds, search_type))
});
@ -877,7 +884,7 @@ impl Authority for InMemoryAuthority {
use log::warn;
// ANAME's are constructed on demand, so need to be signed before return
if is_secure {
if lookup_options.is_dnssec() {
Self::sign_rrset(
&mut new_answer,
self.secure_keys(),
@ -906,11 +913,10 @@ impl Authority for InMemoryAuthority {
// map the answer to a result
let answer = answer
.map_or(Err(LookupError::from(ResponseCode::NXDomain)), |rr_set| {
Ok(LookupRecords::new(is_secure, supported_algorithms, rr_set))
Ok(LookupRecords::new(lookup_options, rr_set))
});
let additionals = additionals
.map(|a| LookupRecords::many(is_secure, supported_algorithms, a));
let additionals = additionals.map(|a| LookupRecords::many(lookup_options, a));
(answer, additionals)
}
@ -950,8 +956,7 @@ impl Authority for InMemoryAuthority {
fn search(
&self,
query: &LowerQuery,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
debug!("searching InMemoryAuthority for: {}", query);
@ -976,16 +981,14 @@ impl Authority for InMemoryAuthority {
// perform the actual lookup
match record_type {
RecordType::SOA => {
Box::pin(self.lookup(self.origin(), record_type, is_secure, supported_algorithms))
}
RecordType::SOA => Box::pin(self.lookup(self.origin(), record_type, lookup_options)),
RecordType::AXFR => {
// TODO: shouldn't these SOA's be secure? at least the first, perhaps not the last?
let lookup = future::try_join3(
// TODO: maybe switch this to be an soa_inner type call?
self.soa_secure(is_secure, supported_algorithms),
self.soa_secure(lookup_options),
self.soa(),
self.lookup(lookup_name, record_type, is_secure, supported_algorithms),
self.lookup(lookup_name, record_type, lookup_options),
)
.map_ok(|(start_soa, end_soa, records)| match start_soa {
l @ AuthLookup::Empty => l,
@ -999,7 +1002,7 @@ impl Authority for InMemoryAuthority {
Box::pin(lookup)
}
// A standard Lookup path
_ => Box::pin(self.lookup(lookup_name, record_type, is_secure, supported_algorithms)),
_ => Box::pin(self.lookup(lookup_name, record_type, lookup_options)),
}
}
@ -1014,8 +1017,7 @@ impl Authority for InMemoryAuthority {
fn get_nsec_records(
&self,
name: &LowerName,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
fn is_nsec_rrset(rr_set: &RecordSet) -> bool {
rr_set.record_type() == RecordType::NSEC
@ -1026,7 +1028,7 @@ impl Authority for InMemoryAuthority {
let no_data = self
.records
.get(&rr_key)
.map(|rr_set| LookupRecords::new(is_secure, supported_algorithms, rr_set.clone()));
.map(|rr_set| LookupRecords::new(lookup_options, rr_set.clone()));
if let Some(no_data) = no_data {
return Box::pin(future::ready(Ok(no_data.into())));
@ -1088,8 +1090,7 @@ impl Authority for InMemoryAuthority {
};
Box::pin(future::ready(Ok(LookupRecords::many(
is_secure,
supported_algorithms,
lookup_options,
proofs,
)
.into())))
@ -1099,8 +1100,7 @@ impl Authority for InMemoryAuthority {
fn get_nsec_records(
&self,
_name: &LowerName,
_is_secure: bool,
_supported_algorithms: SupportedAlgorithms,
_lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
Box::pin(future::ok(AuthLookup::default()))
}

47
crates/server/src/store/sqlite/authority.rs
View File

@ -16,7 +16,7 @@ use std::sync::Arc;
use log::{error, info, warn};
use crate::client::op::LowerQuery;
use crate::client::rr::dnssec::{DnsSecResult, SigSigner, SupportedAlgorithms};
use crate::client::rr::dnssec::{DnsSecResult, SigSigner};
use crate::client::rr::{LowerName, RrKey};
use crate::proto::op::ResponseCode;
use crate::proto::rr::dnssec::rdata::key::KEY;
@ -24,7 +24,9 @@ use crate::proto::rr::{DNSClass, Name, RData, Record, RecordSet, RecordType};
#[cfg(feature = "dnssec")]
use crate::authority::UpdateRequest;
use crate::authority::{Authority, LookupError, MessageRequest, UpdateResult, ZoneType};
use crate::authority::{
Authority, LookupError, LookupOptions, MessageRequest, UpdateResult, ZoneType,
};
use crate::error::{PersistenceErrorKind, PersistenceResult};
use crate::store::in_memory::InMemoryAuthority;
use crate::store::sqlite::{Journal, SqliteConfig};
@ -313,8 +315,7 @@ impl SqliteAuthority {
if block_on(self.lookup(
&required_name,
RecordType::ANY,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap_or_default()
.was_empty()
@ -330,8 +331,7 @@ impl SqliteAuthority {
if block_on(self.lookup(
&required_name,
rrset,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap_or_default()
.was_empty()
@ -355,8 +355,7 @@ impl SqliteAuthority {
if !block_on(self.lookup(
&required_name,
RecordType::ANY,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap_or_default()
.was_empty()
@ -372,8 +371,7 @@ impl SqliteAuthority {
if !block_on(self.lookup(
&required_name,
rrset,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap_or_default()
.was_empty()
@ -395,8 +393,7 @@ impl SqliteAuthority {
if !block_on(self.lookup(
&required_name,
require.rr_type(),
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap_or_default()
.iter()
@ -482,12 +479,8 @@ impl SqliteAuthority {
.any(|sig| {
let name = LowerName::from(sig.signer_name());
// TODO: updates should be async as well.
let keys = block_on(self.lookup(
&name,
RecordType::KEY,
false,
SupportedAlgorithms::new(),
));
let keys =
block_on(self.lookup(&name, RecordType::KEY, LookupOptions::default()));
let keys = match keys {
Ok(keys) => keys,
@ -940,21 +933,17 @@ impl Authority for SqliteAuthority {
&self,
name: &LowerName,
rtype: RecordType,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
self.in_memory
.lookup(name, rtype, is_secure, supported_algorithms)
self.in_memory.lookup(name, rtype, lookup_options)
}
fn search(
&self,
query: &LowerQuery,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
self.in_memory
.search(query, is_secure, supported_algorithms)
self.in_memory.search(query, lookup_options)
}
/// Return the NSEC records based on the given name
@ -967,11 +956,9 @@ impl Authority for SqliteAuthority {
fn get_nsec_records(
&self,
name: &LowerName,
is_secure: bool,
supported_algorithms: SupportedAlgorithms,
lookup_options: LookupOptions,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
self.in_memory
.get_nsec_records(name, is_secure, supported_algorithms)
self.in_memory.get_nsec_records(name, lookup_options)
}
fn add_update_auth_key(&mut self, name: Name, key: KEY) -> DnsSecResult<()> {

60
crates/server/tests/authority_battery/basic.rs
View File

@ -9,13 +9,14 @@ use futures_executor::block_on;
use trust_dns_client::op::{Message, Query, ResponseCode};
use trust_dns_client::rr::dnssec::SupportedAlgorithms;
use trust_dns_client::rr::{Name, RData, Record, RecordType};
use trust_dns_server::authority::{AuthLookup, Authority, LookupError, MessageRequest};
use trust_dns_server::authority::{
AuthLookup, Authority, LookupError, LookupOptions, MessageRequest,
};
pub fn test_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
let query = Query::query(Name::from_str("www.example.com.").unwrap(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
match lookup
.into_iter()
@ -52,7 +53,7 @@ pub fn test_soa<A: Authority<Lookup = AuthLookup>>(authority: A) {
}
pub fn test_ns<A: Authority<Lookup = AuthLookup>>(authority: A) {
let lookup = block_on(authority.ns(false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.ns(LookupOptions::default())).unwrap();
match lookup
.into_iter()
@ -68,8 +69,7 @@ pub fn test_ns<A: Authority<Lookup = AuthLookup>>(authority: A) {
pub fn test_ns_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
let query = Query::query(Name::from_str("example.com.").unwrap(), RecordType::NS);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let additionals = dbg!(lookup
.take_additionals()
@ -98,8 +98,7 @@ pub fn test_ns_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
pub fn test_mx<A: Authority<Lookup = AuthLookup>>(authority: A) {
let query = Query::query(Name::from_str("example.com.").unwrap(), RecordType::MX);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let additionals = dbg!(lookup
.take_additionals()
@ -152,8 +151,7 @@ pub fn test_mx_to_null<A: Authority<Lookup = AuthLookup>>(authority: A) {
RecordType::MX,
);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
// In this case there should be no additional records
assert!(lookup.take_additionals().is_none());
@ -175,8 +173,7 @@ pub fn test_cname<A: Authority<Lookup = AuthLookup>>(authority: A) {
RecordType::CNAME,
);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let cname = lookup
.into_iter()
@ -192,8 +189,7 @@ pub fn test_cname<A: Authority<Lookup = AuthLookup>>(authority: A) {
pub fn test_cname_alias<A: Authority<Lookup = AuthLookup>>(authority: A) {
let query = Query::query(Name::from_str("alias.example.com.").unwrap(), RecordType::A);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let additionals = lookup
.take_additionals()
@ -227,8 +223,7 @@ pub fn test_cname_chain<A: Authority<Lookup = AuthLookup>>(authority: A) {
RecordType::A,
);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let additionals = lookup
.take_additionals()
@ -270,8 +265,7 @@ pub fn test_cname_chain<A: Authority<Lookup = AuthLookup>>(authority: A) {
pub fn test_aname<A: Authority<Lookup = AuthLookup>>(authority: A) {
let query = Query::query(Name::from_str("example.com.").unwrap(), RecordType::ANAME);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let additionals = lookup
.take_additionals()
@ -311,8 +305,7 @@ pub fn test_aname<A: Authority<Lookup = AuthLookup>>(authority: A) {
pub fn test_aname_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
let query = Query::query(Name::from_str("example.com.").unwrap(), RecordType::A);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let additionals = lookup.take_additionals().expect("no additionals for aname");
@ -348,8 +341,7 @@ pub fn test_aname_chain<A: Authority<Lookup = AuthLookup>>(authority: A) {
RecordType::A,
);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let additionals = lookup.take_additionals().expect("no additionals");
@ -408,8 +400,7 @@ pub fn test_dots_in_name<A: Authority<Lookup = AuthLookup>>(authority: A) {
Name::from_str("this.has.dots.example.com.").unwrap(),
RecordType::A,
);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(
*lookup
@ -427,15 +418,13 @@ pub fn test_dots_in_name<A: Authority<Lookup = AuthLookup>>(authority: A) {
Name::from_str("has.dots.example.com.").unwrap(),
RecordType::A,
);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap_err();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap_err();
assert!(lookup.is_name_exists(), "lookup: {}", lookup);
// the rest should all be NameExists
let query = Query::query(Name::from_str("dots.example.com.").unwrap(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap_err();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap_err();
assert!(lookup.is_name_exists());
@ -444,8 +433,7 @@ pub fn test_dots_in_name<A: Authority<Lookup = AuthLookup>>(authority: A) {
Name::from_str("not.this.has.dots.example.com.").unwrap(),
RecordType::A,
);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap_err();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap_err();
assert!(lookup.is_nx_domain());
}
@ -456,8 +444,7 @@ pub fn test_wildcard<A: Authority<Lookup = AuthLookup>>(authority: A) {
Name::from_str("*.wildcard.example.com.").unwrap(),
RecordType::CNAME,
);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(
*lookup
@ -475,7 +462,7 @@ pub fn test_wildcard<A: Authority<Lookup = AuthLookup>>(authority: A) {
Name::from_str("www.wildcard.example.com.").unwrap(),
RecordType::CNAME,
);
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()))
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()))
.expect("lookup of www.wildcard.example.com. failed");
assert_eq!(
@ -503,7 +490,7 @@ pub fn test_wildcard_chain<A: Authority<Lookup = AuthLookup>>(authority: A) {
Name::from_str("www.wildcard.example.com.").unwrap(),
RecordType::A,
);
let mut lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()))
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default()))
.expect("lookup of www.wildcard.example.com. failed");
// the name should match the lookup, not the A records
@ -536,8 +523,7 @@ pub fn test_srv<A: Authority<Lookup = AuthLookup>>(authority: A) {
RecordType::SRV,
);
let mut lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
let additionals = dbg!(lookup
.take_additionals()
@ -584,7 +570,7 @@ pub fn test_srv<A: Authority<Lookup = AuthLookup>>(authority: A) {
pub fn test_invalid_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
let query = Query::query(Name::from_str("www.google.com.").unwrap(), RecordType::A);
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()));
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()));
let err = lookup.expect_err("Lookup for www.google.com succeeded");
match err {

46
crates/server/tests/authority_battery/dnssec.rs
View File

@ -10,13 +10,16 @@ use trust_dns_client::rr::dnssec::{Algorithm, SupportedAlgorithms, Verifier};
use trust_dns_client::rr::{DNSClass, Name, Record, RecordType};
use trust_dns_proto::rr::dnssec::rdata::DNSKEY;
use trust_dns_proto::xfer;
use trust_dns_server::authority::{AuthLookup, Authority};
use trust_dns_server::authority::{AuthLookup, Authority, LookupOptions};
pub fn test_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]) {
let query = Query::query(Name::from_str("www.example.com.").unwrap(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), true, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(
&query.into(),
LookupOptions::for_dnssec(true, SupportedAlgorithms::new()),
))
.unwrap();
let (a_records, other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
@ -33,7 +36,9 @@ pub fn test_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DN
#[allow(clippy::unreadable_literal)]
pub fn test_soa<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]) {
let lookup = block_on(authority.soa_secure(true, SupportedAlgorithms::new())).unwrap();
let lookup =
block_on(authority.soa_secure(LookupOptions::for_dnssec(true, SupportedAlgorithms::new())))
.unwrap();
let (soa_records, other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
@ -61,7 +66,9 @@ pub fn test_soa<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]
}
pub fn test_ns<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]) {
let lookup = block_on(authority.ns(true, SupportedAlgorithms::new())).unwrap();
let lookup =
block_on(authority.ns(LookupOptions::for_dnssec(true, SupportedAlgorithms::new())))
.unwrap();
let (ns_records, other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
@ -87,8 +94,11 @@ pub fn test_aname_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys:
RecordType::A,
);
let lookup =
block_on(authority.search(&query.into(), true, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(
&query.into(),
LookupOptions::for_dnssec(true, SupportedAlgorithms::new()),
))
.unwrap();
let (a_records, other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
@ -109,8 +119,11 @@ pub fn test_wildcard<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DN
Name::from_str("www.wildcard.example.com.").unwrap(),
RecordType::CNAME,
);
let lookup = block_on(authority.search(&query.into(), true, SupportedAlgorithms::new()))
.expect("lookup of www.wildcard.example.com. failed");
let lookup = block_on(authority.search(
&query.into(),
LookupOptions::for_dnssec(true, SupportedAlgorithms::new()),
))
.expect("lookup of www.wildcard.example.com. failed");
let (cname_records, other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
@ -134,8 +147,7 @@ pub fn test_nsec_nodata<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &
let name = Name::from_str("www.example.com.").unwrap();
let lookup = block_on(authority.get_nsec_records(
&name.clone().into(),
true,
SupportedAlgorithms::all(),
LookupOptions::for_dnssec(true, SupportedAlgorithms::all()),
))
.unwrap();
@ -165,8 +177,7 @@ pub fn test_nsec_nxdomain_start<A: Authority<Lookup = AuthLookup>>(authority: A,
let name = Name::from_str("aaa.example.com.").unwrap();
let lookup = block_on(authority.get_nsec_records(
&name.clone().into(),
true,
SupportedAlgorithms::all(),
LookupOptions::for_dnssec(true, SupportedAlgorithms::all()),
))
.unwrap();
@ -198,8 +209,7 @@ pub fn test_nsec_nxdomain_middle<A: Authority<Lookup = AuthLookup>>(authority: A
let name = Name::from_str("ccc.example.com.").unwrap();
let lookup = block_on(authority.get_nsec_records(
&name.clone().into(),
true,
SupportedAlgorithms::all(),
LookupOptions::for_dnssec(true, SupportedAlgorithms::all()),
))
.unwrap();
@ -233,8 +243,7 @@ pub fn test_nsec_nxdomain_wraps_end<A: Authority<Lookup = AuthLookup>>(
let name = Name::from_str("zzz.example.com.").unwrap();
let lookup = block_on(authority.get_nsec_records(
&name.clone().into(),
true,
SupportedAlgorithms::all(),
LookupOptions::for_dnssec(true, SupportedAlgorithms::all()),
))
.unwrap();
@ -272,8 +281,7 @@ pub fn test_rfc_6975_supported_algorithms<A: Authority<Lookup = AuthLookup>>(
let lookup = block_on(authority.search(
&query.into(),
true,
SupportedAlgorithms::from(key.algorithm()),
LookupOptions::for_dnssec(true, SupportedAlgorithms::from(key.algorithm())),
))
.unwrap();

47
crates/server/tests/authority_battery/dynamic_update.rs
View File

@ -12,7 +12,7 @@ use trust_dns_client::proto::rr::{DNSClass, Name, RData, Record, RecordSet, Reco
use trust_dns_client::rr::dnssec::{Algorithm, SigSigner, SupportedAlgorithms, Verifier};
use trust_dns_client::serialize::binary::{BinDecodable, BinEncodable, BinSerializable};
use trust_dns_server::authority::{
AuthLookup, Authority, LookupError, MessageRequest, UpdateResult,
AuthLookup, Authority, LookupError, LookupOptions, MessageRequest, UpdateResult,
};
fn update_authority<A: Authority<Lookup = AuthLookup>>(
@ -44,8 +44,7 @@ pub fn test_create<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys: &[
assert!(update_authority(message, key, &mut authority).expect("create failed"));
let query = Query::query(name, RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
match lookup
.into_iter()
@ -92,8 +91,7 @@ pub fn test_create_multi<A: Authority<Lookup = AuthLookup>>(mut authority: A, ke
assert!(update_authority(message, key, &mut authority).expect("create failed"));
let query = Query::query(name, RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert!(lookup.iter().any(|rr| *rr == record));
assert!(lookup.iter().any(|rr| *rr == record2));
@ -142,8 +140,7 @@ pub fn test_append<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys: &[
// verify record contents
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 1);
assert!(lookup.iter().any(|rr| *rr == record));
@ -161,8 +158,7 @@ pub fn test_append<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys: &[
assert!(update_authority(message, key, &mut authority).expect("append failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 2);
@ -179,8 +175,7 @@ pub fn test_append<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys: &[
assert!(!update_authority(message, key, &mut authority).expect("append failed"));
let query = Query::query(name, RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 2);
@ -229,8 +224,7 @@ pub fn test_append_multi<A: Authority<Lookup = AuthLookup>>(mut authority: A, ke
assert!(update_authority(message, key, &mut authority).expect("append failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 3);
@ -249,8 +243,7 @@ pub fn test_append_multi<A: Authority<Lookup = AuthLookup>>(mut authority: A, ke
assert!(!update_authority(message, key, &mut authority).expect("append failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 3);
@ -297,8 +290,7 @@ pub fn test_compare_and_swap<A: Authority<Lookup = AuthLookup>>(
assert!(update_authority(message, key, &mut authority).expect("compare_and_swap failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 1);
assert!(lookup.iter().any(|rr| *rr == new));
@ -321,8 +313,7 @@ pub fn test_compare_and_swap<A: Authority<Lookup = AuthLookup>>(
);
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 1);
assert!(lookup.iter().any(|rr| *rr == new));
@ -378,8 +369,7 @@ pub fn test_compare_and_swap_multi<A: Authority<Lookup = AuthLookup>>(
assert!(update_authority(message, key, &mut authority).expect("compare_and_swap failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 2);
assert!(lookup.iter().any(|rr| *rr == new1));
@ -404,8 +394,7 @@ pub fn test_compare_and_swap_multi<A: Authority<Lookup = AuthLookup>>(
);
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 2);
assert!(lookup.iter().any(|rr| *rr == new1));
@ -463,8 +452,7 @@ pub fn test_delete_by_rdata<A: Authority<Lookup = AuthLookup>>(
assert!(update_authority(message, key, &mut authority).expect("delete_by_rdata failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 1);
assert!(lookup.iter().any(|rr| *rr == record1));
@ -536,8 +524,7 @@ pub fn test_delete_by_rdata_multi<A: Authority<Lookup = AuthLookup>>(
assert!(update_authority(message, key, &mut authority).expect("delete_by_rdata failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup =
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
assert_eq!(lookup.iter().count(), 2);
assert!(!lookup.iter().any(|rr| *rr == record1));
@ -594,7 +581,7 @@ pub fn test_delete_rrset<A: Authority<Lookup = AuthLookup>>(mut authority: A, ke
assert!(update_authority(message, key, &mut authority).expect("delete_rrset failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()));
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()));
assert_eq!(
*lookup.unwrap_err().as_response_code().unwrap(),
@ -652,14 +639,14 @@ pub fn test_delete_all<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys
assert!(update_authority(message, key, &mut authority).expect("delete_all failed"));
let query = Query::query(name.clone(), RecordType::A);
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()));
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()));
assert_eq!(
*lookup.unwrap_err().as_response_code().unwrap(),
ResponseCode::NXDomain
);
let query = Query::query(name.clone(), RecordType::AAAA);
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()));
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()));
assert_eq!(
*lookup.unwrap_err().as_response_code().unwrap(),
ResponseCode::NXDomain

1
crates/server/tests/forwarder.rs
View File

@ -24,7 +24,6 @@ fn test_lookup() {
.block_on(forwarder.lookup(
&Name::from_str("www.example.com.").unwrap().into(),
RecordType::A,
false,
Default::default(),
))
.unwrap();

39
crates/server/tests/txt_tests.rs
View File

@ -4,10 +4,9 @@ use std::str::FromStr;
use futures_executor::block_on;
use trust_dns_client::proto::rr::rdata::tlsa::*;
use trust_dns_client::rr::dnssec::*;
use trust_dns_client::rr::*;
use trust_dns_client::serialize::txt::*;
use trust_dns_server::authority::{Authority, ZoneType};
use trust_dns_server::authority::{Authority, LookupOptions, ZoneType};
use trust_dns_server::store::in_memory::InMemoryAuthority;
// TODO: split this test up to test each thing separately
@ -100,8 +99,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let lowercase_record = block_on(authority.lookup(
&Name::from_str("tech.").unwrap().into(),
RecordType::SOA,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -132,8 +130,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let mut ns_records: Vec<Record> = block_on(authority.lookup(
&Name::from_str("isi.edu").unwrap().into(),
RecordType::NS,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -166,8 +163,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let mut mx_records: Vec<Record> = block_on(authority.lookup(
&Name::from_str("isi.edu").unwrap().into(),
RecordType::MX,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -199,8 +195,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let a_record: Record = block_on(authority.lookup(
&Name::from_str("a.isi.edu").unwrap().into(),
RecordType::A,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -221,8 +216,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let aaaa_record: Record = block_on(authority.lookup(
&Name::from_str("aaaa.isi.edu").unwrap().into(),
RecordType::AAAA,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -243,8 +237,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let short_record: Record = block_on(authority.lookup(
&Name::from_str("short.isi.edu").unwrap().into(),
RecordType::A,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -266,8 +259,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let mut txt_records: Vec<Record> = block_on(authority.lookup(
&Name::from_str("a.isi.edu").unwrap().into(),
RecordType::TXT,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -311,8 +303,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let ptr_record: Record = block_on(authority.lookup(
&Name::from_str("103.0.3.26.in-addr.arpa").unwrap().into(),
RecordType::PTR,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -329,8 +320,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let srv_record: Record = block_on(authority.lookup(
&Name::from_str("_ldap._tcp.service.isi.edu").unwrap().into(),
RecordType::SRV,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -350,8 +340,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let idna_record: Record = block_on(authority.lookup(
&Name::from_str("rust-❤️-🦀.isi.edu").unwrap().into(),
RecordType::A,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -372,8 +361,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
let caa_record: Record = block_on(authority.lookup(
&Name::parse("nocerts.isi.edu.", None).unwrap().into(),
RecordType::CAA,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
))
.unwrap()
.iter()
@ -395,8 +383,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
.unwrap()
.into(),
RecordType::TLSA,
false,
SupportedAlgorithms::new(),
LookupOptions::default(),
),
)
.unwrap()