diff options
| author | Casey Deccio <casey@deccio.net> | 2019-03-07 21:12:59 +0300 |
|---|---|---|
| committer | Casey Deccio <casey@deccio.net> | 2019-03-07 21:13:32 +0300 |
| commit | d4d4a92913c7eecc8b75d6bdcfb2849ed16dd534 (patch) | |
| tree | d216c815f9e62ee1ece852c57c1753b67693ceee | |
| parent | d0d043656837202f038df4936b732a574531e3fe (diff) | |
Handle DS referrals differently
Fixes #11.
| -rw-r--r-- | dnsviz/analysis/errors.py | 12 | ||||
| -rw-r--r-- | dnsviz/analysis/offline.py | 23 |
2 files changed, 33 insertions, 2 deletions
diff --git a/dnsviz/analysis/errors.py b/dnsviz/analysis/errors.py index 1400dc9..f52c442 100644 --- a/dnsviz/analysis/errors.py +++ b/dnsviz/analysis/errors.py @@ -448,6 +448,18 @@ class RRSIGBadLengthEd448(RRSIGBadLengthEdDSA): class DSError(DomainNameAnalysisError): pass +class ReferralForDSQuery(DSError): + ''' + >>> e = ReferralForDSQuery(parent='baz.') + >>> e.description + 'The server(s) for the parent zone (baz.) responded with a referral instead of answering authoritatively for the DS RR type.' + ''' + _abstract = False + code = 'REFERRAL_FOR_DS_QUERY' + description_template = 'The server(s) for the parent zone (%(parent)s) responded with a referral instead of answering authoritatively for the DS RR type.' + references = ['RFC 4034, Sec. 5'] + required_params = ['parent'] + class DSDigestAlgorithmIgnored(DSError): ''' >>> e = DSDigestAlgorithmIgnored(algorithm=1, new_algorithm=2) diff --git a/dnsviz/analysis/offline.py b/dnsviz/analysis/offline.py index 9937066..3ec0bcc 100644 --- a/dnsviz/analysis/offline.py +++ b/dnsviz/analysis/offline.py @@ -1288,6 +1288,8 @@ class OfflineDomainNameAnalysis(OnlineDomainNameAnalysis): Errors.DomainNameAnalysisError.insert_into_list(cookie_err, warnings, server, client, response) def _populate_response_errors(self, qname_obj, response, server, client, warnings, errors): + query = response.query + if qname_obj is not None: # if the response was complete (not truncated), then mark any # response flag issues as errors. Otherwise, mark them as @@ -1298,7 +1300,17 @@ class OfflineDomainNameAnalysis(OnlineDomainNameAnalysis): group = warnings if qname_obj.analysis_type == ANALYSIS_TYPE_AUTHORITATIVE: if not response.is_authoritative(): - Errors.DomainNameAnalysisError.insert_into_list(Errors.NotAuthoritative(), group, server, client, response) + ds_referral = False + if query.rdtype == dns.rdatatype.DS: + # handle DS as a special case + if response.is_referral(query.qname, query.rdtype, query.rdclass, qname_obj.name): + ds_referral = True + + if ds_referral: + Errors.DomainNameAnalysisError.insert_into_list(Errors.ReferralForDSQuery(parent=fmt.humanize_name(qname_obj.name)), group, server, client, response) + else: + Errors.DomainNameAnalysisError.insert_into_list(Errors.NotAuthoritative(), group, server, client, response) + elif qname_obj.analysis_type == ANALYSIS_TYPE_RECURSIVE: if response.recursion_desired() and not response.recursion_available(): Errors.DomainNameAnalysisError.insert_into_list(Errors.RecursionNotAvailable(), group, server, client, response) @@ -2204,7 +2216,14 @@ class OfflineDomainNameAnalysis(OnlineDomainNameAnalysis): if upward_referral_error_cls is not None and response.is_upward_referral(qname_obj.zone.name): Errors.DomainNameAnalysisError.insert_into_list(upward_referral_error_cls(), errors, server, client, response) else: - Errors.DomainNameAnalysisError.insert_into_list(missing_soa_error_cls(), errors, server, client, response) + ds_referral = False + if query.rdtype == dns.rdatatype.DS: + # handle DS as a special case + if response.is_referral(query.qname, query.rdtype, query.rdclass, qname_obj.name): + ds_referral = True + + if not ds_referral: + Errors.DomainNameAnalysisError.insert_into_list(missing_soa_error_cls(), errors, server, client, response) if upward_referral_error_cls is not None: try: |