search

NLnetLabs / ldns

LDNS is a DNS library that facilitates DNS tool programming
https://nlnetlabs.nl/ldns
BSD 3-Clause "New" or "Revised" License
295 stars 99 forks source link

Make IPv6 DNSSEC tracing work, and revert to previous behaviour otherwise #245

Closed paul-internetnz closed 2 weeks ago

paul-internetnz commented 1 month ago

IPv6 DNSSEC trace ("secure trace") does not currently work because only A records are permitted for NSs that are used to trace down from the root. AAAA records are needed for that. Currently an IPv6 DNSSEC trace fails after asking the root, because drill has no valid NSs to continue with.

With this patch, if drill is executed without "-6", the previous behavior continues, with only A records being used. This is not optimal because without the "-4" or "-6" command line parameters, drill is supposed to randomly use either v4 or v6, as indicated by the LDNS_RR_TYPE_ANY default for qfamily, but there is no LDNS_RR_TYPE_A_AND_AAAA RR descriptor and I don't know how to join two results of the ldns_rr_list data type. Thanks to Felipe Barbosa for reviewing and input.

wtoorop commented 2 weeks ago

Thanks @paul-internetnz . This looks perfect. I agree that not specifying -4 or -6 should enable both A and AAAA, but I'll accept this now and hopefully someone will pick up that still missing feature sometime.