EXAMPLES - dnsruby-1.70.0 Documentation

# This file shows how to do common tasks with Dnsruby :

require ‘rubygems’ require ‘dnsruby’ include Dnsruby

# Use the system configured nameservers to run a query res = Resolver.new ret = res.query(“example.com”) # Defaults to A record a_recs = ret.answer.rrset(“A”)

# Use a defined nameserver to run an asynchronous query # with no recursion res = Resolver.new({:nameserver => [“a.iana-servers.net”,

"b.iana-servers.net"]})

queue = Queue.new m = Message.new(“example.com”, Types.NS) m.header.rd = false res.send_async(m, queue, 1) # … do some other stuff … id, reply, error = queue.pop if (error)

print "Error : #{error}\n"

else

# See where the answer came from
print "Got response from : #{reply.answerfrom}, #{reply.answerip}\n"

end

# Use a Recursor to recursively query authoritative nameservers, # starting from the root. Note that a cache of authoritative servers # is built up for use by future queries by any Recursors. rec = Recursor.new ret = rec.query(“uk-dnssec.nic.uk”, “NS”)

# Ask Dnsruby to send the query without using the cache. m.do_caching = false ret = res.send_message(m)

# Ask Dnsruby to send a Message without doing any pre- or post-processing ret = res.send_plain_message(Message.new(“example.com”))

# Send a TSIG signed dynamic update to a resolver # and verify the response res = Dnsruby::Resolver.new(“ns0.validation-test-servers.nominet.org.uk”) res.dnssec = false tsig = Dnsruby::RR.create({

  :name        => "rubytsig",
  :type        => "TSIG",
  :ttl         => 0,
  :klass       => "ANY",
  :algorithm   => "hmac-md5",
  :fudge       => 300,
  :key         => "8n6gugn4aJ7MazyNlMccGKH1WxD2B3UvN/O/RA6iBupO2/03u9CTa3Ewz3gBWTSBCH3crY4Kk+tigNdeJBAvrw==",
  :error       => 0
})

update = Dnsruby::Update.new(“validation-test-servers.nominet.org.uk”) # … add stuff to the update update.absent(“notthere.update.validation-test-servers.nominet.org.uk”, ‘TXT’) tsig.apply(update) response = res.send_message(update) print “TSIG response was verified? : #{response.verified?}n”

# # DNSSEC stuff #

# Load the ISC DLV key and query some signed zones dlv_key = RR.create(“dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh”) Dnssec.add_dlv_key(dlv_key) res = Recursor.new ret = res.query(“frobbit.se”, “NS”) print “Security level for signed zone from DLV : #{ret.security_level}n” frobbit_servers = ret.answer.rrset(“frobbit.se”, Types.NS)

# and query for a zone which is not signed r = Resolver.new ret = r.query(“ed.ac.uk”) print “Security level of unsigned zone : #{ret.security_level}n”

res = Resolver.new frobbit_servers.rrs.each {|s| print “Adding nameserver : #{s.nsdname}n”; res.add_server(s.nsdname)}

# and some non-existent domains in signed ones res.send_async(Message.new(“notthere.frobbit.se”), queue, 2) id, reply, error = queue.pop print “Error returned from non-existent name in signed zone : #{error}, security level : #{reply.security_level}n”

# Clear the keys and caches Dnsruby::Dnssec.clear_trusted_keys Dnsruby::Dnssec.clear_trust_anchors Dnsruby::PacketSender.clear_caches Dnsruby::Recursor.clear_caches

# Load a specific trust anchor and query some signed zones trusted_key = Dnsruby::RR.create({:name => “uk-dnssec.nic.uk.”,

  :type => Dnsruby::Types.DNSKEY,
  :flags => 257,
  :protocol => 3,
  :algorithm => 5,
  :key=> "AQPJO6LjrCHhzSF9PIVV7YoQ8iE31FXvghx+14E+jsv4uWJR9jLrxMYm sFOGAKWhiis832ISbPTYtF8sxbNVEotgf9eePruAFPIg6ZixG4yMO9XG LXmcKTQ/cVudqkU00V7M0cUzsYrhc4gPH/NKfQJBC5dbBkbIXJkksPLv Fe8lReKYqocYP6Bng1eBTtkA+N+6mSXzCwSApbNysFnm6yfQwtKlr75p m+pd0/Um+uBkR4nJQGYNt0mPuw4QVBu1TfF5mQYIFoDYASLiDQpvNRN3 US0U5DEG9mARulKSSw448urHvOBwT9Gx5qF2NE4H9ySjOdftjpj62kjb Lmc8/v+z"
})

Dnssec.add_trust_anchor(trusted_key) res = Dnsruby::Resolver.new(“dnssec.nominet.org.uk”) r = res.query(“aaa.bigzone.uk-dnssec.nic.uk”, Dnsruby::Types.DNSKEY) print “Security level of signed zone under manually install trusted key : #{r.security_level}n”

# See if we are using a Recursor for DNSSEC queries print “Using recursion to validate DNSSEC responses? : #{Dnssec.do_validation_with_recursor?}n”