class Dnsruby::Recursor

Dnsruby::Recursor - Perform recursive dns lookups

require 'Dnsruby'
rec = Dnsruby::Recursor.new()
answer = rec.recurse("rob.com.au")

This module uses a Dnsruby::Resolver to perform recursive queries.

AUTHOR

Rob Brown, bbb@cpan.org Alex Dalitz, alexd@nominet.org.uk

SEE ALSO

Dnsruby::Resolver,

Copyright © 2002, Rob Brown. All rights reserved. Portions Copyright © 2005, Olaf M Kolkman. Ruby version with caching and validation Copyright © 2008, AlexD (Nominet UK)

Example lookup process:

[root@box root]# dig +trace www.rob.com.au.

; <<>> DiG 9.2.0 <<>> +trace www.rob.com.au. ;; global options: printcmd . 507343 IN NS C.ROOT-SERVERS.NET. . 507343 IN NS D.ROOT-SERVERS.NET. . 507343 IN NS E.ROOT-SERVERS.NET. . 507343 IN NS F.ROOT-SERVERS.NET. . 507343 IN NS G.ROOT-SERVERS.NET. . 507343 IN NS H.ROOT-SERVERS.NET. . 507343 IN NS I.ROOT-SERVERS.NET. . 507343 IN NS J.ROOT-SERVERS.NET. . 507343 IN NS K.ROOT-SERVERS.NET. . 507343 IN NS L.ROOT-SERVERS.NET. . 507343 IN NS M.ROOT-SERVERS.NET. . 507343 IN NS A.ROOT-SERVERS.NET. . 507343 IN NS B.ROOT-SERVERS.NET. ;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 9 ms

;;; But these should be hard coded as the hints

;;; Ask H.ROOT-SERVERS.NET gave:

au. 172800 IN NS NS2.BERKELEY.EDU. au. 172800 IN NS NS1.BERKELEY.EDU. au. 172800 IN NS NS.UU.NET. au. 172800 IN NS BOX2.AUNIC.NET. au. 172800 IN NS SEC1.APNIC.NET. au. 172800 IN NS SEC3.APNIC.NET. ;; Received 300 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 322 ms

;;; A little closer than before

;;; Ask NS2.BERKELEY.EDU gave:

com.au. 259200 IN NS ns4.ausregistry.net. com.au. 259200 IN NS dns1.telstra.net. com.au. 259200 IN NS au2ld.CSIRO.au. com.au. 259200 IN NS audns01.syd.optus.net. com.au. 259200 IN NS ns.ripe.net. com.au. 259200 IN NS ns1.ausregistry.net. com.au. 259200 IN NS ns2.ausregistry.net. com.au. 259200 IN NS ns3.ausregistry.net. com.au. 259200 IN NS ns3.melbourneit.com. ;; Received 387 bytes from 128.32.206.12#53(NS2.BERKELEY.EDU) in 10312 ms

;;; A little closer than before

;;; Ask ns4.ausregistry.net gave:

com.au. 259200 IN NS ns1.ausregistry.net. com.au. 259200 IN NS ns2.ausregistry.net. com.au. 259200 IN NS ns3.ausregistry.net. com.au. 259200 IN NS ns4.ausregistry.net. com.au. 259200 IN NS ns3.melbourneit.com. com.au. 259200 IN NS dns1.telstra.net. com.au. 259200 IN NS au2ld.CSIRO.au. com.au. 259200 IN NS ns.ripe.net. com.au. 259200 IN NS audns01.syd.optus.net. ;; Received 259 bytes from 137.39.1.3#53(ns4.ausregistry.net) in 606 ms

;;; Uh... yeah... I already knew this
;;; from what NS2.BERKELEY.EDU told me.
;;; ns4.ausregistry.net must have brain damage

;;; Ask ns1.ausregistry.net gave:

rob.com.au. 86400 IN NS sy-dns02.tmns.net.au. rob.com.au. 86400 IN NS sy-dns01.tmns.net.au. ;; Received 87 bytes from 203.18.56.41#53(ns1.ausregistry.net) in 372 ms

;;; Ah, much better.  Something more useful.

;;; Ask sy-dns02.tmns.net.au gave:

www.rob.com.au. 7200 IN A 139.134.5.123 rob.com.au. 7200 IN NS sy-dns01.tmns.net.au. rob.com.au. 7200 IN NS sy-dns02.tmns.net.au. ;; Received 135 bytes from 139.134.2.18#53(sy-dns02.tmns.net.au) in 525 ms

 ;;; FINALLY, THE ANSWER!
Now,DNSSEC validation is performed (unless disabled).

Attributes

callback[RW]
dnssec[R]
hints[R]
ipv6_ok[RW]
nameservers[RW]
recurse[RW]
resolver[RW]

The resolver to use for the queries

Public Class Methods

add_to_hints(hints, rr) click to toggle source
# File lib/dnsruby/recursor.rb, line 336
def Recursor.add_to_hints(hints, rr)
  server = rr.name.to_s.downcase
  server.sub!(/\.$/,"")
  if (server)
    if ( rr.type == Types::A)
      # print ";; ADDITIONAL HELP: $server -> [".$rr->rdatastr."]\n" if $self->{'debug'};
      if (hints[server]!=nil)
        TheLog.debug(";; STORING IP: #{server} IN A "+rr.address.to_s+"\n")
        hints[server].push([rr.address.to_s, rr.ttl])
      end
    end
    if ( rr.type == Types::AAAA)
      # print ";; ADDITIONAL HELP: $server -> [".$rr->rdatastr."]\n" if $self->{'debug'};
      if (hints[server])
        TheLog.debug(";; STORING IP6: #{server} IN AAAA "+rr.address.to_s+"\n")
        hints[server].push([rr.address.to_s, rr.ttl])
      end
    end

  end
end
clear_caches(resolver = Resolver.new) click to toggle source
# File lib/dnsruby/recursor.rb, line 381
def Recursor.clear_caches(resolver = Resolver.new)
  resolver.dnssec = @dnssec
  Recursor.set_hints(Hash.new, resolver)
  @@zones_cache = Hash.new # key zone_name, values Hash of servers and AddressCaches
  @@zones_cache["."] = @@hints

  @@authority_cache = Hash.new
end
new(res = nil) click to toggle source
# File lib/dnsruby/recursor.rb, line 172
def initialize(res = nil)
  if (res)
    @resolver = res
  else
    if (defined?@@nameservers && @@nameservers.length > 0)
      @resolver = Resolver.new({:nameserver => @@nameservers})
    else
      @resolver = Resolver.new
    end
  end
  @resolver.dnssec = @dnssec
  @ipv6_ok = false
end
set_hints(hints, resolver) click to toggle source
# File lib/dnsruby/recursor.rb, line 200
def Recursor.set_hints(hints, resolver)
  TheLog.debug(";; hints(#{hints.inspect})\n")
  @resolver = resolver
  if (resolver.single_resolvers.length == 0)
    resolver = Resolver.new()
    resolver.dnssec = @dnssec
  end
  if (hints && hints.length > 0)
    resolver.nameservers=hints
    if (String === hints)
      hints = [hints]
    end
    hints.each {|hint|
      @@hints = Hash.new
      @@hints[hint]=hint
    }
  end
  if (!hints && @@nameservers)
    @@hints=(@@nameservers)
  else
    @@nameservers=(hints)
    @@hints = hints
  end
  TheLog.debug(";; verifying (root) zone...\n")
  #  bind always asks one of the hint servers
  #  for who it thinks is authoritative for
  #  the (root) zone as a sanity check.
  #  Nice idea.

  #       if (!@@hints || @@hints.length == 0)
  resolver.recurse = true
  packet=resolver.query_no_validation_or_recursion(".", "NS", "IN")
  hints = Hash.new
  if (packet)
    if (ans = packet.answer)
      ans.each do |rr|
        if (rr.name.to_s =~ /^\.?$/ and
              rr.type == Types::NS)
          #  Found root authority
          server = rr.nsdname.to_s.downcase
          server.sub!(/\.$/,"")
          TheLog.debug(";; FOUND HINT: #{server}\n")
          hints[server] = AddressCache.new
        end
      end
      if ((packet.additional.length == 0) ||
             ((packet.additional.length == 1) && (packet.additional()[0].type == Types.OPT)))
        #  Some resolvers (e.g. 8.8.8.8) do not send an additional section -
        #  need to make explicit queries for these :(
        #  Probably best to limit the number of outstanding queries - extremely bursty behaviour otherwise
        #  What happens if we select only name
        q = Queue.new
        hints.keys.each {|server|
          #  Query for the server address and add it to hints.
          ['A', 'AAAA'].each {|type|
            msg = Message.new
            msg.do_caching = @do_caching
            msg.header.rd = false
            msg.do_validation = false
            msg.add_question(server, type, 'IN')
            if (@dnssec)
              msg.header.cd = true # We do our own validation by default
            end
            resolver.send_async(msg, q)
          }
        }
        (hints.length * 2).times {
          _id, result, _error = q.pop
          if (result)
            result.answer.each {|rr|
              TheLog.debug(";; NS address: " + rr.inspect+"\n")
              add_to_hints(hints, rr)
            }
          end
        }
      else
        packet.additional.each do |rr|
          TheLog.debug(";; ADDITIONAL: "+rr.inspect+"\n")
          add_to_hints(hints, rr)

        end
      end
    end
    #                       foreach my $server (keys %hints) {
    hints.keys.each do |server|
      if (!hints[server] || hints[server].length == 0)
        #  Wipe the servers without lookups
        hints.delete(server)
      end
    end
    @@hints = hints
  else
    @@hints = {}
  end
  if (@@hints.size > 0)
    TheLog.info(";; USING THE FOLLOWING HINT IPS:\n")
    @@hints.values.each do |ips|
      ips.each do |server|
        TheLog.info(";;  #{server}\n")
      end
    end
  else
    raise ResolvError.new( "Server ["+(@@nameservers)[0].to_s+".] did not give answers")
  end

  #  Disable recursion flag.
  resolver.recurse = false
  #       end

  #   return $self->nameservers( map { @{ $_ } } values %{ $self->{'hints'} } );
  if (Array === @@hints)
    temp = []
    @@hints.each {|hint|
      temp.push(hint)
    }
    @@hints = Hash.new
    count = 0
    temp.each {|hint|
      print "Adding hint : #{temp[count]}\n"
      @@hints[count] = temp[count]
      count += 1
    }
  end
  if (String === @@hints)
    temp = @@hints
    @@hints = Hash.new
    @@hints[0] = temp
  end
  # @@nameservers = @@hints.values
  @@nameservers=[]
  @@hints.each {|key, value|
    @@nameservers.push(key)
  }
  return @@nameservers
end

Public Instance Methods

dnssec=(dnssec_on) click to toggle source
# File lib/dnsruby/recursor.rb, line 167
def dnssec=(dnssec_on)
  @dnssec = dnssec_on
  @resolver.dnssec = dnssec_on
end
hints=(hints) click to toggle source

Initialize the hint servers. Recursive queries need a starting name server to work off of. This method takes a list of IP addresses to use as the starting servers. These name servers should be authoritative for the root (.) zone.

res.hints=(ips)

If no hints are passed, the default nameserver is asked for the hints. Normally these IPs can be obtained from the following location:

ftp://ftp.internic.net/domain/named.root
# File lib/dnsruby/recursor.rb, line 197
def hints=(hints)
  Recursor.set_hints(hints, @resolver)
end
prune_rrsets_to_rfc5452(packet, zone) click to toggle source
# File lib/dnsruby/recursor.rb, line 749
def prune_rrsets_to_rfc5452(packet, zone)
  #  Now prune the response of any unrelated rrsets (RFC5452 section6)
  #  "One very simple way to achieve this is to only accept data if it is
  #  part of the domain for which the query was intended."
  if (!packet.header.aa)
    return
  end
  if (!packet.question()[0])
    return
  end

  section_rrsets = packet.section_rrsets
  section_rrsets.keys.each {|section|
    section_rrsets[section].each {|rrset|
      n = Name.create(rrset.name)
      n.absolute = true
      if ((n.to_s == zone) || (n.to_s == Name.create(zone).to_s) ||
            (n.subdomain_of?(Name.create(zone))) ||
            (rrset.type == Types::OPT))
        #             # @TODO@ Leave in the response if it is an SOA, NSEC or RRSIGfor the parent zone
        # #          elsif ((query_name.subdomain_of?rrset.name) &&
        #           elsif  ((rrset.type == Types.SOA) || (rrset.type == Types.NSEC) || (rrset.type == Types.NSEC3)) #)
      else
        TheLog.debug"Removing #{rrset.name}, #{rrset.type} from response from server for #{zone}"
        packet.send(section).remove_rrset(rrset.name, rrset.type)
      end
    }
  }
end
query(name, type=Types.A, klass=Classes.IN, no_validation = false) click to toggle source

This method is much like the normal query() method except it disables the recurse flag in the packet and explicitly performs the recursion.

packet = res.query( "www.netscape.com.", "A")
packet = res.query( "www.netscape.com.", "A", "IN", true) # no validation

The Recursor maintains a cache of known nameservers. DNSSEC validation is performed unless true is passed as the fourth parameter.

# File lib/dnsruby/recursor.rb, line 402
def query(name, type=Types.A, klass=Classes.IN, no_validation = false)
  #  @TODO@ PROVIDE AN ASYNCHRONOUS SEND WHICH RETURNS MESSAGE WITH ERROR!!!

  #  Make sure the hint servers are initialized.
  @@mutex.synchronize {
    self.hints=(Hash.new) unless @@hints
  }
  @resolver.recurse = false
  #  Make sure the authority cache is clean.
  #  It is only used to store A and AAAA records of
  #  the suposedly authoritative name servers.
  #  TTLs are respected
  @@mutex.synchronize {
    if (!@@zones_cache)
      Recursor.clear_caches(@resolver)
    end
  }

  #  So we have normal hashes, but the array of addresses at the end is now an AddressCache
  #  which respects the ttls of the A/AAAA records

  #  Now see if we already know the zone in question
  #  Otherwise, see if we know any of its parents (will know at least ".")
  known_zone, known_authorities = get_closest_known_zone_authorities_for(name) # ".", @hints if nothing else

  #  Seed name servers with the closest known authority
  #       ret =  _dorecursion( name, type, klass, ".", @hints, 0)
  ret =  _dorecursion( name, type, klass, known_zone, known_authorities, 0, no_validation)
  Dnssec.validate(ret) if !no_validation
  #       print "\n\nRESPONSE:\n#{ret}\n"
  return ret
end
recursion_callback() click to toggle source
# File lib/dnsruby/recursor.rb, line 377
def recursion_callback
  return @callback
end
recursion_callback=(sub) click to toggle source

This method takes a code reference, which is then invoked each time a packet is received during the recursive lookup. For example to emulate dig's C<+trace> function:

res.recursion_callback(Proc.new { |packet|
    print packet.additional.inspect

    print";; Received %d bytes from %s\n\n",
        packetanswersize,
        packet.answerfrom);
})
# File lib/dnsruby/recursor.rb, line 371
def recursion_callback=(sub)
  #           if (sub && UNIVERSAL::isa(sub, 'CODE'))
  @callback = sub
  #           end
end