Commit edc518f7 authored by Stephane Bortzmeyer's avatar Stephane Bortzmeyer
Browse files

* DNSSEC is now an option

* Always send the AD bit, like dig does
parent 581e492b
......@@ -38,6 +38,8 @@ verbose = False
insecure = False
post = False
head = False
dnssec = False
edns = True
rtype = 'AAAA'
vhostname = None
tests = 1 # Number of repeated tests
......@@ -168,8 +170,9 @@ def validate_hostname(hostname, cert):
class RequestDoT:
def __init__(self, qname, qtype=rtype):
self.message = dns.message.make_query(qname, dns.rdatatype.from_text(qtype), use_edns=True, want_dnssec=True)
def __init__(self, qname, qtype=rtype, use_edns=edns, want_dnssec=dnssec):
self.message = dns.message.make_query(qname, dns.rdatatype.from_text(qtype), use_edns=use_edns, want_dnssec=want_dnssec)
self.message.flags |= dns.flags.AD # Ask for validation
self.data = self.message.to_wire()
def check_response(self):
......@@ -178,9 +181,10 @@ class RequestDoT:
class RequestDoH:
def __init__(self, qname, qtype=rtype):
self.message = dns.message.make_query(qname, dns.rdatatype.from_text(qtype), use_edns=True, want_dnssec=True)
def __init__(self, qname, qtype=rtype, use_edns=edns, want_dnssec=dnssec):
self.message = dns.message.make_query(qname, dns.rdatatype.from_text(qtype), use_edns=use_edns, want_dnssec=want_dnssec)
self.message.id = 0 # DoH requests that
self.message.flags |= dns.flags.AD # Ask for validation
self.data = self.message.to_wire()
def create_handle(self, curl_opt):
......@@ -384,7 +388,7 @@ class ConnectionDoT(Connection):
self.request.response = dns.message.from_wire(buf)
def do_test(self, qname, qtype=rtype):
self.request = RequestDoT(qname, qtype)
self.request = RequestDoT(qname, qtype, want_dnssec=dnssec, use_edns=edns)
self.send_data(self.request.data)
self.receive_data()
self.request.check_response()
......@@ -423,12 +427,12 @@ class ConnectionDoH(Connection):
self.request.close_handle()
def prepare_test_get(self, qname, qtype):
self.request = RequestDoH(qname, qtype)
self.request = RequestDoH(qname, qtype, want_dnssec=dnssec, use_edns=edns)
dns_req = base64.urlsafe_b64encode(self.request.data).decode('UTF8').rstrip('=')
self.curl_opt[pycurl.URL] = self.server + ("?dns=%s" % dns_req)
def prepare_test_post(self, qname, qtype):
self.request = RequestDoH(qname, qtype)
self.request = RequestDoH(qname, qtype, want_dnssec=dnssec, use_edns=edns)
self.curl_opt[pycurl.POST] = True
self.curl_opt[pycurl.POSTFIELDS] = self.request.data
self.curl_opt[pycurl.URL] = self.server
......@@ -458,8 +462,9 @@ if not monitoring:
message = None
try:
optlist, args = getopt.getopt (sys.argv[1:], "hvPkeV:r:f:d:t46",
["help", "verbose", "dot", "head", "insecure", "POST", "vhost=",
"repeat=", "file=", "delay=", "v4only", "v6only"])
["help", "verbose", "dot", "head",
"insecure", "POST", "vhost=",
"dnssec", "noedns","repeat=", "file=", "delay=", "v4only", "v6only"])
for option, value in optlist:
if option == "--help" or option == "-h":
usage()
......@@ -476,6 +481,10 @@ if not monitoring:
vhostname = value
elif option == "--insecure" or option == "-k":
insecure = True
elif option == "--dnssec":
dnssec = True
elif option == "--noedns":
edns = False
elif option == "--repeat" or option == "-r":
tests = int(value)
if tests <= 1:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment