my $RES = Net::DNS::Resolver->new;
my $DLV = 'dlv.isc.org';
+my $params;
sub get_tag_generic {
my $zone = shift;
my $type = shift;
my @result;
+ print "Querying $type $zone\n" if $params->{'verbose'};
my $pkt = $RES->send($zone, $type);
return () unless $pkt;
return () unless $pkt->answer;
$zone .= ".".$DLV;
return get_tag_generic($zone, 'DLV');
};
+sub has_dnskey_parent {
+ my $zone = shift;
+
+ my $potential_parent;
+ if ($zone =~ m/\./) {
+ $potential_parent = $zone;
+ $potential_parent =~ s/^[^.]+\.//;
+ } else {
+ $potential_parent = '.';
+ }
+
+ print "Querying DNSKEY $potential_parent\n" if $params->{'verbose'};
+ my $pkt = $RES->send($potential_parent, 'DNSKEY');
+ return undef unless $pkt;
+ return undef unless $pkt->header;
+
+ unless ($pkt->answer) {
+ return undef unless $pkt->authority;
+ for my $rr ($pkt->authority) {
+ next unless ($rr->type eq 'SOA');
+
+ $potential_parent = $rr->name;
+ print "Querying DNSKEY $potential_parent\n" if $params->{'verbose'};
+ $pkt = $RES->send($potential_parent, 'DNSKEY');
+ return undef unless $pkt;
+ last;
+ };
+ };
+
+ return (0, $potential_parent) unless $pkt->answer;
+ for my $rr ($pkt->answer) {
+ next unless ($rr->type eq 'DNSKEY');
+ return (1, $potential_parent);
+ };
+}
+sub get_parent_dnssec_status {
+ my $zone = shift;
+ my @result;
+
+ while (1) {
+ my ($status, $parent) = has_dnskey_parent($zone);
+ last unless defined $status;
+ push @result, ($status ? "yes" : "no") . ("($parent)");
+ $zone = $parent;
+ last if $zone eq "" || $zone eq '.';
+ };
+
+ return join(', ', @result);
+};
sub usage {
my $fd = shift;
return @keys;
}
-my $params;
Getopt::Long::config('bundling');
GetOptions (
'--help' => \$params->{'help'},
'--dir=s' => \$params->{'dir'},
'--dlv=s' => \$params->{'dlv'},
+ '--verbose' => \$params->{'verbose'},
) or usage(\*STDERR, 1);
usage(\*STDOUT, 0) if ($params->{'help'});
for my $zone (@zones) {
$data{$zone} = { 'dnskey' => join(', ', get_dnskeytags($zone)),
'ds' => join(', ', get_dstags($zone)),
- 'dlv' => join(', ', get_dlvtags($zone)) };
+ 'dlv' => join(', ', get_dlvtags($zone)),
+ 'parent_dnssec' => get_parent_dnssec_status($zone) };
}
if ($mode eq 'overview') {
- my $format = "%60s %-10s %-10s %-10s\n";
- printf $format, "zone", "DNSKEY", "DS\@parent", "DLV";
- printf $format, "-"x 60, "-"x 10, "-"x 10, "-"x 10;
+ my $format = "%60s %-10s %-10s %-10s %-10s\n";
+ printf $format, "zone", "DNSKEY", "DS\@parent", "DLV", "dnssec\@parent";
+ printf $format, "-"x 60, "-"x 10, "-"x 10, "-"x 10, "-"x 10;
for my $zone (sort {$a cmp $b} keys %data) {
printf $format, $zone,
$data{$zone}->{'dnskey'},
$data{$zone}->{'ds'},
- $data{$zone}->{'dlv'};
+ $data{$zone}->{'dlv'},
+ $data{$zone}->{'parent_dnssec'};
}
exit(0);
} elsif ($mode eq 'check-dlv' || $mode eq 'check-ds' || $mode eq 'check-header') {