From 675702c916f04196f71f7977c96bd3dfa8bddec5 Mon Sep 17 00:00:00 2001 From: John Marino Date: Fri, 18 Oct 2013 23:22:45 +0200 Subject: [PATCH] libldns, drill(1): Update to version 1.6.16 Many dports that require libldns were not building because the library was detected, but not the ldns.h header (along with its 30+ friends). The headers were available in contrib, but not installed. However, the version 1.6.11 is too old for at least some of the ports, so it became necessary to update LDNS to the latest version. --- contrib/ldns/README.DELETED | 11 +- contrib/ldns/README.DRAGONFLY | 15 ++- etc/mtree/BSD.include.dist | 2 + lib/libldns/Makefile | 37 +++++- lib/libldns/ldns/common.h | 6 +- lib/libldns/ldns/config.h | 97 +++++++++++++- lib/libldns/ldns/ldns.h | 2 + lib/libldns/ldns/util.h | 8 +- usr.bin/drill/config.h | 7 +- usr.bin/drill/drill.1 | 242 ++++++++++++++++++++++++++++++++++ usr.bin/drill/drill.h | 8 +- 11 files changed, 402 insertions(+), 33 deletions(-) create mode 100644 usr.bin/drill/drill.1 diff --git a/contrib/ldns/README.DELETED b/contrib/ldns/README.DELETED index 1bef690ac6..269934a9af 100644 --- a/contrib/ldns/README.DELETED +++ b/contrib/ldns/README.DELETED @@ -1,8 +1,11 @@ +Changelog Makefile.in -ac_pkg_swig.m4 +README.snapshots +README.svn aclocal.m4 acx_nlnetlabs.m4 -acx_python.m4 +ax_pkg_swig.m4 +ax_python_devel.m4 config.guess config.sub configure @@ -13,15 +16,15 @@ drill/Makefile.in drill/config.h.in drill/configure drill/configure.ac -drill/drill.h.in +drill/drill.1.in drill/install-sh examples/ install-sh +ldns/common.h.in ldns/config.h.in ldns/ldns.h ldns/net.h.in ldns/util.h.in -ldns_symbols.def libdns.doxygen libdns.vim ltmain.sh diff --git a/contrib/ldns/README.DRAGONFLY b/contrib/ldns/README.DRAGONFLY index 496227a6ba..0e387f7b75 100644 --- a/contrib/ldns/README.DRAGONFLY +++ b/contrib/ldns/README.DRAGONFLY @@ -1,9 +1,14 @@ +LDNS +==== + Original source can be downloaded from: -http://www.nlnetlabs.nl/projects/ldns/ +http://www.nlnetlabs.nl/downloads/ldns/ - MD5 (ldns-1.6.11.tar.gz) = c55b592a679672281712c457fbb41eb5 - SHA1 (ldns-1.6.11.tar.gz) = 2c4537eee39a1af63e8dde4f35498ce78c968c1f +file = ldns-1.6.16.tar.gz +date = 13 November 2012 +size = 1109941 +sha1 = 5b4fc6c5c3078cd061905c47178478cb1015c62a -A list of deleted files is in README.DELETED. +A list of files and directories removed is in README.DELETED +There are no local modifications. -When Upgrading please stick to development(7). diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index 3c98362785..14d7f01d91 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -165,6 +165,8 @@ .. .. .. + ldns + .. libmilter .. libprop diff --git a/lib/libldns/Makefile b/lib/libldns/Makefile index e313cb6886..25def32874 100644 --- a/lib/libldns/Makefile +++ b/lib/libldns/Makefile @@ -4,7 +4,6 @@ LDNS= ${.CURDIR}/../../contrib/ldns LIB= ldns SHLIB_MAJOR= 1 -#SRCS= xmlparse.c xmlrole.c xmltok.c SRCS = rdata.c util.c rr.c packet.c wire2host.c \ host2str.c buffer.c str2host.c tsig.c resolver.c \ @@ -15,13 +14,39 @@ SRCS = rdata.c util.c rr.c packet.c wire2host.c \ SRCS+= b32_ntop.c b32_pton.c b64_ntop.c b64_pton.c -#INCS= bsdxml.h bsdxml_external.h -#MAN= libbsdxml.3 - -.PATH: ${LDNS} ${LDNS}/compat +INCSDIR= ${INCLUDEDIR}/ldns +INCS= common.h ldns.h net.h util.h +INCS+= buffer.h \ + dane.h \ + dname.h \ + dnssec.h \ + dnssec_sign.h \ + dnssec_verify.h \ + dnssec_zone.h \ + duration.h \ + error.h \ + higher.h \ + host2str.h \ + host2wire.h \ + keys.h \ + packet.h\ + parse.h \ + rbtree.h \ + rdata.h \ + resolver.h \ + rr.h \ + rr_functions.h \ + sha1.h \ + sha2.h \ + str2host.h \ + tsig.h \ + update.h \ + wire2host.h \ + zone.h + +.PATH: ${LDNS} ${LDNS}/compat ${LDNS}/ldns ${.CURDIR}/ldns CFLAGS+= -I${.CURDIR} -I${LDNS} -#CLEANFILES= bsdxml.h bsdxml_external.h WARNS?= 2 diff --git a/lib/libldns/ldns/common.h b/lib/libldns/ldns/common.h index ed3847f5bd..0767bc6b45 100644 --- a/lib/libldns/ldns/common.h +++ b/lib/libldns/ldns/common.h @@ -20,10 +20,10 @@ * as detected and determined by the auto configure script. */ #define LDNS_BUILD_CONFIG_HAVE_SSL 1 -#define LDNS_BUILD_CONFIG_USE_ECDSA 0 #define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H 1 #define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT 1 #define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED 1 +#define LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T 1 /* * HAVE_STDBOOL_H is not available when distributed as a library, but no build @@ -66,4 +66,8 @@ typedef bool _Bool; #define ATTR_UNUSED(x) x #endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */ +#if !LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T +typedef int socklen_t; +#endif + #endif /* LDNS_COMMON_H */ diff --git a/lib/libldns/ldns/config.h b/lib/libldns/ldns/config.h index eddc18a87b..ec8bb7b367 100644 --- a/lib/libldns/ldns/config.h +++ b/lib/libldns/ldns/config.h @@ -34,13 +34,19 @@ /* Define to 1 if you have the `ctime_r' function. */ #define HAVE_CTIME_R 1 +/* Is a CAFILE given at configure time */ +#define HAVE_DANE_CA_FILE 0 + +/* Is a CAPATH given at configure time */ +#define HAVE_DANE_CA_PATH 0 + /* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you don't. */ -/* #undef HAVE_DECL_NID_SECP384R1 */ +#define HAVE_DECL_NID_SECP384R1 1 /* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0 if you don't. */ -/* #undef HAVE_DECL_NID_X9_62_PRIME256V1 */ +#define HAVE_DECL_NID_X9_62_PRIME256V1 1 /* Define to 1 if you have the header file. */ #define HAVE_DLFCN_H 1 @@ -57,6 +63,9 @@ /* Define to 1 if you have the `fcntl' function. */ #define HAVE_FCNTL 1 +/* Define to 1 if you have the `fork' function. */ +#define HAVE_FORK 1 + /* Whether getaddrinfo is available */ #define HAVE_GETADDRINFO 1 @@ -78,6 +87,9 @@ /* Define to 1 if you have the `inet_pton' function. */ #define HAVE_INET_PTON 1 +/* Define to 1 if the system has the type `intptr_t'. */ +#define HAVE_INTPTR_T 1 + /* define if you have inttypes.h */ #define HAVE_INTTYPES_H 1 @@ -90,6 +102,12 @@ /* Define to 1 if you have the `isblank' function. */ #define HAVE_ISBLANK 1 +/* Define to 1 if you have the `pcap' library (-lpcap). */ +/* #undef HAVE_LIBPCAP */ + +/* Define to 1 if you have the `localtime_r' function. */ +#define HAVE_LOCALTIME_R 1 + /* Define to 1 if your system has a GNU libc compatible `malloc' function, and to 0 otherwise. */ #define HAVE_MALLOC 1 @@ -106,9 +124,36 @@ /* Define to 1 if you have the header file. */ #define HAVE_NETDB_H 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IF_ETHER_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IGMP_H */ + /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IN_H 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IN_SYSTM_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IP6_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IP_COMPAT_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IP_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_UDP_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_ETHERNET_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_IF_H */ + /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_ERR_H 1 @@ -118,6 +163,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_SSL_H 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_PCAP_H */ + /* If available, contains the Python version number currently in use. */ /* #undef HAVE_PYTHON */ @@ -188,15 +236,36 @@ /* define if you have unistd.h */ #define HAVE_UNISTD_H 1 +/* Define to 1 if you have the `vfork' function. */ +#define HAVE_VFORK 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_VFORK_H */ + /* Define to 1 if you have the header file. */ /* #undef HAVE_WINSOCK2_H */ +/* Define to 1 if `fork' works. */ +#define HAVE_WORKING_FORK 1 + +/* Define to 1 if `vfork' works. */ +#define HAVE_WORKING_VFORK 1 + /* Define to 1 if you have the header file. */ /* #undef HAVE_WS2TCPIP_H */ /* Define to 1 if the system has the type `_Bool'. */ #define HAVE__BOOL 1 +/* Is a CAFILE given at configure time */ +/* #undef LDNS_DANE_CA_FILE */ + +/* Is a CAPATH given at configure time */ +/* #undef LDNS_DANE_CA_PATH */ + +/* Default trust anchor file */ +#define LDNS_TRUST_ANCHOR_FILE "/usr/local/etc/unbound/root.key" + /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #define LT_OBJDIR ".libs/" @@ -208,7 +277,7 @@ #define PACKAGE_NAME "ldns" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "ldns 1.6.11" +#define PACKAGE_STRING "ldns 1.6.16" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "libdns" @@ -217,7 +286,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.6.11" +#define PACKAGE_VERSION "1.6.16" /* The size of `time_t', as computed by sizeof. */ #define SIZEOF_TIME_T 4 @@ -229,10 +298,10 @@ #define SYSCONFDIR sysconfdir /* Define this to enable ECDSA support. */ -/* #undef USE_ECDSA */ +#define USE_ECDSA 1 /* Define this to enable GOST support. */ -#define USE_GOST 1 +/* #undef USE_GOST */ /* Define this to enable SHA256 and SHA512 support. */ #define USE_SHA2 1 @@ -314,12 +383,22 @@ /* Define to `char' if does not define. */ /* #undef int8_t */ +/* Define to the type of a signed integer type wide enough to hold a pointer, + if such a type exists, and if the system does not define it. */ +/* #undef intptr_t */ + /* Define to rpl_malloc if the replacement function should be used. */ /* #undef malloc */ +/* Define to `int' if does not define. */ +/* #undef pid_t */ + /* Define to rpl_realloc if the replacement function should be used. */ /* #undef realloc */ +/* Define to `unsigned int' if does not define. */ +/* #undef size_t */ + /* Define to 'int' if not defined */ /* #undef socklen_t */ @@ -341,6 +420,9 @@ /* Define to `unsigned char' if does not define. */ /* #undef uint8_t */ +/* Define as `fork' if `vfork' does not work. */ +/* #undef vfork */ + #include #include @@ -448,6 +530,9 @@ time_t timegm (struct tm *tm); #ifndef HAVE_GMTIME_R struct tm *gmtime_r(const time_t *timep, struct tm *result); #endif +#ifndef HAVE_LOCALTIME_R +struct tm *localtime_r(const time_t *timep, struct tm *result); +#endif #ifndef HAVE_ISBLANK int isblank(int c); #endif /* !HAVE_ISBLANK */ diff --git a/lib/libldns/ldns/ldns.h b/lib/libldns/ldns/ldns.h index 6f57733750..a41e0325d6 100644 --- a/lib/libldns/ldns/ldns.h +++ b/lib/libldns/ldns/ldns.h @@ -95,10 +95,12 @@ Or you can just use the menu above to browse through the API docs. #include #include #include +#include #include #include #include #include +#include #include #include #include diff --git a/lib/libldns/ldns/util.h b/lib/libldns/ldns/util.h index 3da321b0be..a6441d07e2 100644 --- a/lib/libldns/ldns/util.h +++ b/lib/libldns/ldns/util.h @@ -27,8 +27,8 @@ extern "C" { #define dprintf(X,Y) fprintf(stderr, (X), (Y)) /* #define dprintf(X, Y) */ -#define LDNS_VERSION "1.6.11" -#define LDNS_REVISION ((1<<16)|(6<<8)|(11)) +#define LDNS_VERSION "1.6.16" +#define LDNS_REVISION ((1<<16)|(6<<8)|(16)) /** * splint static inline workaround @@ -268,6 +268,8 @@ const char * ldns_version(void); * \param[in] tm a struct tm* with the date * \return the seconds since epoch */ +time_t ldns_mktime_from_utc(const struct tm *tm); + time_t mktime_from_utc(const struct tm *tm); /** @@ -358,6 +360,8 @@ INLINE size_t ldns_b32_pton_calculate_size(size_t srcsize) } #endif /* !B32_PTON */ +INLINE time_t ldns_time(time_t *t) { return time(t); } + #ifdef __cplusplus } #endif diff --git a/usr.bin/drill/config.h b/usr.bin/drill/config.h index a743b844ed..1d8b8f8000 100644 --- a/usr.bin/drill/config.h +++ b/usr.bin/drill/config.h @@ -112,6 +112,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_WS2TCPIP_H */ +/* Default trust anchor file */ +#define LDNS_TRUST_ANCHOR_FILE "/usr/local/etc/unbound/root.key" + /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "libdns@nlnetlabs.nl" @@ -119,7 +122,7 @@ #define PACKAGE_NAME "ldns" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "ldns 1.6.7" +#define PACKAGE_STRING "ldns 1.6.16" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "libdns" @@ -128,7 +131,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.6.7" +#define PACKAGE_VERSION "1.6.16" /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 diff --git a/usr.bin/drill/drill.1 b/usr.bin/drill/drill.1 new file mode 100644 index 0000000000..7ec8dacebe --- /dev/null +++ b/usr.bin/drill/drill.1 @@ -0,0 +1,242 @@ +.\" @(#)drill.1 1.7.0 14-Jul-2004 OF; +.TH drill 1 "28 May 2006" +.SH NAME +drill \- get (debug) information out of DNS(SEC) +.SH SYNOPSIS +.B drill +[ +.IR OPTIONS +] +.IR name +[ +.IR @server +] +[ +.IR type +] +[ +.IR class +] + +.SH DESCRIPTION +\fBdrill\fR is a tool to designed to get all sorts of information out of the +DNS. It is specificly designed to be used with DNSSEC. +.PP +The name \fBdrill\fR is a pun on \fBdig\fR. With \fBdrill\fR you should be able +get even more information than with \fBdig\fR. +.PP +If no arguments are given class defaults to 'IN' and type to 'A'. The +server(s) specified in /etc/resolv.conf are used to query against. + +.PP +\fIname\fR +Ask for this name. + +.PP +\fI@server\fR +Send to query to this server. If not specified use the nameservers from +\fI/etc/resolv.conf\fR. + +.PP +\fItype\fR +Ask for this RR type. If type is not given on the command line it defaults +to 'A'. Except when doing to reverse lookup when it defaults to 'PTR'. + +.PP +\fIclass\fR +Use this class when querying. + +.SH SAMPLE USAGE +\fBdrill mx miek.nl\fR +Show the MX records of the domain miek.nl + +.TP +\fBdrill -S jelte.nlnetlabs.nl\fR +Chase any signatures in the jelte.nlnetlab.nl domain. This option is +only available when ldns has been compiled with openssl-support. + +.TP +\fBdrill -TD www.example.com\fR +Do a DNSSEC (-D) trace (-T) from the rootservers down to www.example.com. +This option only works when ldns has been compiled with openssl support. + +.TP +\fBdrill -s dnskey jelte.nlnetlabs.nl\fR +Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found DNSKEY +record also print the DS record. + +.SH OPTIONS + +.TP +\fB\-D +Enable DNSSEC in the query. When querying for DNSSEC types (DNSKEY, RRSIG, +DS and NSEC) this is \fInot\fR automaticly enabled. + +.TP +\fB\-T +Trace \fIname\fR from the root down. When using this option the @server and +the type arguments are not used. + +.TP +\fB\-S +Chase the signature(s) of 'name' to a known key or as high up in +the tree as possible. + +.TP +\fB\-V \fIlevel\fR +Be more verbose. Set level to 5 to see the actual query that is sent. + +.TP +\fB\-Q +Quiet mode, this overrules -V. + +.TP +\fB\-f \fIfile\fR +Read the query from a file. The query must be dumped with -w. + +.TP +\fB\-i \fIfile\fR +read the answer from the file instead from the network. This aids +in debugging and can be used to check if a query on disk is valid. +If the file contains binary data it is assumed to be a query in +network order. + +.TP +\fB\-w \fIfile\fR +Write an answer packet to file. + +.TP +\fB\-q \fIfile\fR +Write the query packet to file. + +.TP +\fB\-v +Show drill's version. + +.TP +\fB\-h +Show a short help message. + +.SS QUERY OPTIONS + +.TP +\fB\-4 +Stay on ip4. Only send queries to ip4 enabled nameservers. + +.TP +\fB\-6 +Stay on ip6. Only send queries to ip6 enabled nameservers. + +.TP +\fB\-a +Use the resolver structure's fallback mechanism if the answer +is truncated (TC=1). If a truncated packet is received and this +option is set, drill will first send a new query with EDNS0 +buffer size 4096. + +If the EDNS0 buffer size was already set to 512+ bytes, or the +above retry also results in a truncated answer, the resolver +structure will fall back to TCP. + +.TP +\fB\-b \fIsize\fR +Use size as the buffer size in the EDNS0 pseudo RR. + +.TP +\fB\-c \fIfile\fR +Use file instead of /etc/resolv.conf for nameserver configuration. + +.TP +\fB\-d \fIdomain\fR +When tracing (-T), start from this domain instead of the root. + +.TP +\fB\-t +Use TCP/IP when querying a server + +.TP +\fB\-k \fIkeyfile\fR +Use this file to read a (trusted) key from. When this options is +given \fBdrill\fR tries to validate the current answer with this +key. No chasing is done. When \fBdrill\fR is doing a secure trace, this +key will be used as trust anchor. Can contain a DNSKEY or a DS record. + +Alternatively, when DNSSEC enabled tracing (\fB-TD\fR) or signature +chasing (\fB-S\fR), if \fB-k\fR is not specified, and a default trust anchor +(/usr/local/etc/unbound/root.key) exists and contains a valid DNSKEY or DS record, +it will be used as the trust anchor. + +.TP +\fB\-o \fImnemonic\fR +Use this option to set or unset specific header bits. A bit is +set by using the bit mnemonic in CAPITAL letters. A bit is unset when +the mnemonic is given in lowercase. The following mnemonics are +understood by \fBdrill\fR: + + QR, qr: set, unset QueRy (default: on) + AA, aa: set, unset Authoritative Answer (default: off) + TC, tc: set, unset TrunCated (default: off) + RD, rd: set, unset Recursion Desired (default: on) + CD, cd: set, unset Checking Disabled (default: off) + RA, ra: set, unset Recursion Available (default: off) + AD, ad: set, unset Authenticated Data (default: off) + +Thus: \fB-o CD\fR, will enable Checking Disabled, which instructs the +cache to not validate the answers it gives out. + +.TP +\fB\-p \fIport\fR +Use this port instead of the default of 53. + +.TP +\fB\-r \fIfile\fR +When tracing (-T), use file as a root servers hint file. + +.TP +\fB\-s +When encountering a DNSKEY print the equivalent DS also. + +.TP +\fB\-u +Use UDP when querying a server. This is the default. + +.TP +\fB\-w \fIfile\fR +write the answer to a file. The file will contain a hexadecimal dump +of the query. This can be used in conjunction with -f. + +.TP +\fB\-x +Do a reverse loopup. The type argument is not used, it is preset to PTR. + +.TP +\fB\-y \fI\fR +specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.sig-alg.reg.int) + +.TP +\fB\-z \fR +don't randomize the nameserver list before sending queries. + +.SH "FILES" +.TP +/usr/local/etc/unbound/root.key +The file from which trusted keys are loaded when no \fB-k\fR option is given. +.SH "SEE ALSO" +.LP +unbound-anchor(8) + +.SH AUTHOR +Jelte Jansen and Miek Gieben. Both of NLnet Labs. + +.SH REPORTING BUGS +Report bugs to . + +.SH BUGS + +.SH COPYRIGHT +Copyright (c) 2004-2008 NLnet Labs. +Licensed under the revised BSD license. There is NO warranty; not even for MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. + +.SH SEE ALSO +\fBdig\fR(1), \fIRFC403{3,4,5}\fR. diff --git a/usr.bin/drill/drill.h b/usr.bin/drill/drill.h index a92af5c390..0746fe7bff 100644 --- a/usr.bin/drill/drill.h +++ b/usr.bin/drill/drill.h @@ -12,7 +12,7 @@ #include "drill_util.h" -#define DRILL_VERSION "1.6.11" +#define DRILL_VERSION PACKAGE_VERSION /* what kind of stuff do we allow */ #define DRILL_QUERY 0 @@ -84,13 +84,7 @@ ldns_status ldns_verify_denial(ldns_pkt *pkt, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs); -ldns_status ldns_verify_denial_wildcard(ldns_pkt *pkt, - ldns_rdf *name, - ldns_rr_type type, - ldns_rr_list **nsec_rrs, - ldns_rr_list **nsec_rr_sigs); -ldns_status read_key_file(const char *filename, ldns_rr_list *key_list); ldns_pkt *read_hex_pkt(char *filename); ldns_buffer *read_hex_buffer(char *filename); void init_root(void); -- 2.41.0