From wouter at nlnetlabs.nl Mon Aug 1 14:24:47 2016 From: wouter at nlnetlabs.nl (W.C.A. Wijngaards) Date: Mon, 1 Aug 2016 16:24:47 +0200 Subject: [ldns-users] Are there send() and recv()-like interfaces in libdns? In-Reply-To: References: Message-ID: <2d2610db-223e-4755-5daa-76d450c24911@nlnetlabs.nl> Hi Dami?o, There are the functions ldns_udp_bgsend() that returns a socket on which the send() has been performed. And ldns_udp_read_wire() when you want the result. From ldns/net.h. (there are also tcp versions). The functions ldns_rdf2native_sockaddr_storage and ldns_sockaddr_storage2rdf can help you convert A (and AAAA) rdfs to the sockaddr struct that the routines want. Best regards, Wouter On 31/07/16 23:04, Dami?o Rodrigues wrote: > I've built a simple command line application in C which uses libdns to > make periodic DNS queries to the authoritative name servers of multiple > domains. Ensuring the periodicity of the queries is important, following > a user-defined query_interval (in seconds). > > As far as I could tell, libdns only allows for request-response calls: > the functions which start DNS queries also return the DNS response, > blocking until a response is received. Because of this, I've implemented > a key part of the application in a naive way within a while() cycle: > > 1. I do a block of queries > 2. Take note of the time taken by the query block (query_time) > 3. sleep(query_interval - query_time) > 4. Go back to 1 > > I think this is sloppy. A better option would be to have separate > send/receive threads. This way, the periodicity of the query blocks > wouldn't be affected by the duration of the request-response cycles. But > for that I would need libdns functions with separate send()- and > recv()-like interfaces, which I couldn't find in the documentation, > greps in the source folders, nor examples. > > Have I missed something? *Are there send()- and recv()-like interfaces > in libdns?* > * > * > Thanks in advance! > > Best regards, > Antonio > * > * > > > _______________________________________________ > ldns-users mailing list > ldns-users at open.nlnetlabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/ldns-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From adamiaonr at gmail.com Mon Aug 1 14:48:00 2016 From: adamiaonr at gmail.com (=?UTF-8?Q?Dami=C3=A3o_Rodrigues?=) Date: Mon, 1 Aug 2016 16:48:00 +0200 Subject: [ldns-users] Are there send() and recv()-like interfaces in libdns? In-Reply-To: <2d2610db-223e-4755-5daa-76d450c24911@nlnetlabs.nl> References: <2d2610db-223e-4755-5daa-76d450c24911@nlnetlabs.nl> Message-ID: Hi Wouter, Thank you for the tip, this is close to what I'm looking for. I have a couple of follow-up observations/questions: - Let's say I would go ahead with the separate read/write thread pattern. Since ldns_udp_bgsend() would update the socket file descriptor to be subsequently used by ldns_udp_read_wire(), for every individual call, I would have to keep a shared list of file descriptors, shared between the threads. This list would be written to by the ldns_udp_bgsend(), read by the ldns_udp_read_wire(). - In your experience with libdns, did you ever had to implement something like this (separate read/write threads)? If yes, Is the method described above the one that you've followed to accomplish it? If not, what method did you use? Thank you once more Wouter! Best regards, Dami?o On Mon, Aug 1, 2016 at 4:24 PM, W.C.A. Wijngaards wrote: > Hi Dami?o, > > There are the functions ldns_udp_bgsend() that returns a socket on which > the send() has been performed. And ldns_udp_read_wire() when you want > the result. From ldns/net.h. (there are also tcp versions). > > The functions ldns_rdf2native_sockaddr_storage and > ldns_sockaddr_storage2rdf can help you convert A (and AAAA) rdfs to the > sockaddr struct that the routines want. > > Best regards, Wouter > > On 31/07/16 23:04, Dami?o Rodrigues wrote: > > I've built a simple command line application in C which uses libdns to > > make periodic DNS queries to the authoritative name servers of multiple > > domains. Ensuring the periodicity of the queries is important, following > > a user-defined query_interval (in seconds). > > > > As far as I could tell, libdns only allows for request-response calls: > > the functions which start DNS queries also return the DNS response, > > blocking until a response is received. Because of this, I've implemented > > a key part of the application in a naive way within a while() cycle: > > > > 1. I do a block of queries > > 2. Take note of the time taken by the query block (query_time) > > 3. sleep(query_interval - query_time) > > 4. Go back to 1 > > > > I think this is sloppy. A better option would be to have separate > > send/receive threads. This way, the periodicity of the query blocks > > wouldn't be affected by the duration of the request-response cycles. But > > for that I would need libdns functions with separate send()- and > > recv()-like interfaces, which I couldn't find in the documentation, > > greps in the source folders, nor examples. > > > > Have I missed something? *Are there send()- and recv()-like interfaces > > in libdns?* > > * > > * > > Thanks in advance! > > > > Best regards, > > Antonio > > * > > * > > > > > > _______________________________________________ > > ldns-users mailing list > > ldns-users at open.nlnetlabs.nl > > https://open.nlnetlabs.nl/mailman/listinfo/ldns-users > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott-nlnetlabs at shambarger.net Sat Aug 20 17:15:00 2016 From: scott-nlnetlabs at shambarger.net (Scott Shambarger) Date: Sat, 20 Aug 2016 19:15:00 +0200 Subject: [ldns-users] Proposed new api to load build-time configured trust anchors Message-ID: <85ec0dc9dd1b03b35dcf9029079d24f0@shambarger.net> I've been trying to get openssh to locally validate SSHFP records on OSX. The problem stems from the fact that OSX's configd rewrites /etc/resolv.conf each time the network changes (think connecting to a coffee shop's wifi). Openssh (configured with ldns) connections will then query the SSHFP record, but as the trust anchors are not referenced in resolv.conf, it is unable to perform DNSSEC validation. Openssh maintainers don't feel that trust-anchor loading is in their scope of responsibility, and feel the ldns interface should work "out of the box" (see Comment#1 at https://bugzilla.mindrot.org/show_bug.cgi?id=2119) I submitted a patch to add a new api to libldns to load keys from build-time defined locations (by default $sysconfdir/trusted-key.key and $sysconfdir/unbound/root.key), in https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=727 -- however, there hasn't been any feedback on the proposal for 8 months... I added a new api as drill (and possibly other users) may want to load their own trust anchors and not have any loaded by default; however users such as openssh do want validation to work without adding their own anchor files. The root of the problem is still OSX, as other platforms can just add the "anchor" key to /etc/resolv.conf (but edits are wiped repeatedly on OSX). I'd love to hear if anyone has a better solution though :) Thanks, Scott From vladimir.levijev at gmail.com Mon Aug 29 10:30:26 2016 From: vladimir.levijev at gmail.com (Vladimir Levijev) Date: Mon, 29 Aug 2016 13:30:26 +0300 Subject: [ldns-users] Small ldns_resolver_send() header fix Message-ID: Hi, Sorry for possibly sending it to the wrong place. Noticed this small error in the description of ldns_resolver_send() function. Cheers, VL -------------- next part -------------- A non-text attachment was scrubbed... Name: ldns-1.6.17-ldns_resolver_send-header.patch Type: text/x-patch Size: 591 bytes Desc: not available URL: From jamesraf at amazon.com Mon Aug 29 11:42:38 2016 From: jamesraf at amazon.com (Raftery, James) Date: Mon, 29 Aug 2016 11:42:38 +0000 Subject: [ldns-users] [PATCH] Python binding for ldns_pkt2wire() Message-ID: <1472470965110.56688@amazon.com> Hi, The auto-generated binding for ldns_pkt2wire() doesn't work properly. Patch attached that fixes that, providing the same style of interface as ldns_wire2pkt() Thanks, james -------------- next part -------------- A non-text attachment was scrubbed... Name: ldns-pkt2wire.patch Type: text/x-patch Size: 1094 bytes Desc: ldns-pkt2wire.patch URL: From christoph at christoph-egger.org Tue Aug 30 15:06:46 2016 From: christoph at christoph-egger.org (Christoph Egger) Date: Tue, 30 Aug 2016 17:06:46 +0200 Subject: [ldns-users] Python3 / ldns_wire2pkt Message-ID: <874m621ek9.fsf@hepworth.siccegge.de> Hi! For ldns.ldns_wire2pkt to work with Python3 one needs it to accept a python byte object instead of a string. After a lot of fiddling around the below patch seems to make it work. However iterationg [2] over rrs() fails with [1] -- extracting the first one works fine. [0] --- ldns-1.6.17.orig/contrib/python/ldns.i +++ ldns-1.6.17/contrib/python/ldns.i @@ -132,12 +137,22 @@ uint32_t ldns_read_timeval_usec(struct t %apply uint32_t *OUTPUT { uint32_t *default_ttl}; +#define SWIG_PYTHON_STRICT_BYTE_CHAR + // wire2pkt -%apply (char *STRING, int LENGTH) { (const char *str, int len) }; +// %apply (char *STRING, int LENGTH) { (const char *str, int len) }; + +%typemap(in) (const char* str,int len) (Py_ssize_t lenn) %{ + if(PyBytes_AsStringAndSize($input,&$1,&lenn) == -1) + return NULL; + $2 = (int)lenn; +%} + [1] StopIteration During handling of the above exception, another exception occurred: SystemError: returned a result with an error set During handling of the above exception, another exception occurred: Traceback (most recent call last): File "./check_dnssec", line 107, in sys.exit(main()) File "./check_dnssec", line 104, in main check_synced(resolver, zone, args) File "./check_dnssec", line 62, in check_synced LDNS_SECTION_ANSWER).rrs()) SystemError: returned a result with an error set [2] list(result.rr_list_by_type(RR_TYPE_SOA, LDNS_SECTION_ANSWER).rrs()) -- 9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731 Debian Developer | Lisp Hacker | CaCert Assurer