Commit 6f6987bf authored by Stephane Bortzmeyer's avatar Stephane Bortzmeyer
Browse files

Disable ECS by default. Closes #6

parent bf02bcbe
......@@ -51,6 +51,9 @@ Possible options, besides `--dot`:
* --insecure or -k: Does not check the certificate
* -4: Uses only IPv4
* -6: Uses only IPv6
* --dnssec: requests DNSSEC data (signatures)
* --noedns: no EDNS (default is to indicate EDNS support)
* --ecs: send ECS, my subnet to auth. servers (default is to refuse it)
* --check: Run a set of tests (see below)
### Check
......
......@@ -41,6 +41,7 @@ post = False
head = False
dnssec = False
edns = True
no_ecs = True
rtype = 'AAAA'
vhostname = None
tests = 1 # Number of repeated tests
......@@ -197,8 +198,13 @@ class CustomException(Exception):
class Request:
def __init__(self, qname, qtype=rtype, use_edns=edns, want_dnssec=dnssec):
if no_ecs:
opt = dns.edns.ECSOption(address='', srclen=0) # Disable ECS (RFC 7871, section 7.1.2)
options = [opt]
else:
options = None
self.message = dns.message.make_query(qname, dns.rdatatype.from_text(qtype),
use_edns=use_edns, want_dnssec=want_dnssec)
use_edns=use_edns, want_dnssec=want_dnssec, options=options)
self.message.flags |= dns.flags.AD # Ask for validation
self.ok = True
......@@ -698,7 +704,8 @@ if not monitoring:
optlist, args = getopt.getopt (sys.argv[1:], "hvPkeV:r:f:d:t46",
["help", "verbose", "dot", "head",
"insecure", "POST", "vhost=",
"dnssec", "noedns","repeat=", "file=", "delay=", "v4only", "v6only",
"dnssec", "noedns", "ecs", "repeat=", "file=", "delay=",
"v4only", "v6only",
"check", "mandatory-level="])
for option, value in optlist:
if option == "--help" or option == "-h":
......@@ -718,8 +725,13 @@ if not monitoring:
insecure = True
elif option == "--dnssec":
dnssec = True
elif option == "--noedns":
elif option == "--noedns": # Warning: it will mean the
# resolver may send ECS
# information to the
# authoritative name servers.
edns = False
elif option == "--ecs":
no_ecs = False
elif option == "--repeat" or option == "-r":
tests = int(value)
if tests <= 1:
......@@ -751,6 +763,9 @@ if not monitoring:
if dot and (post or head):
usage("POST or HEAD makes non sense for DoT")
sys.exit(1)
if not edns and not no_ecs:
usage("ECS requires EDNS")
sys.exit(1)
if mandatory_level is not None and \
mandatory_level not in mandatory_levels.keys():
usage("Unknown mandatory level \"%s\"" % mandatory_level)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment