1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# ZCTEST 1.0
# $Id: misc.rb,v 1.33 2004/02/19 14:18:05 sdalu Exp $
#
# CONTACT : zonecheck@nic.fr
# AUTHOR : Stephane D'Alu <sdalu@nic.fr>
#
# CREATED : 2002/08/02 13:58:17
# REVISION : $Revision: 1.33 $
# DATE : $Date: 2004/02/19 14:18:05 $
#
# CONTRIBUTORS: (see also CREDITS file)
#
#
# LICENSE : GPL v2 (or MIT/X11-like after agreement)
# COPYRIGHT : AFNIC (c) 2003
#
# This file is part of ZoneCheck.
#
# ZoneCheck is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# ZoneCheck is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ZoneCheck; if not, write to the Free Software Foundation,
# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#####
#
# TODO:
# - move these functions into another file
#
require 'framework'
module CheckNetworkAddress
##
##
##
class Misc < Test
with_msgcat 'test/misc.%s'
#-- Checks --------------------------------------------------
# DESC:
def chk_ns_reverse(ns, ip)
ip_name = NResolv::DNS::Name::create(ip)
srv = rec(ip) ? ip : nil
! ptr(srv, ip_name).empty?
end
def chk_ns_matching_reverse(ns, ip)
ip_name = NResolv::DNS::Name::create(ip)
srv = rec(ip) ? ip : nil
ptrlist = ptr(srv, ip_name)
return true if ptrlist.empty?
ptrlist.each { |rev|
seen = { rev => true }
name = rev.ptrdname
return true if name == ns
while name = is_cname?(name, ip)
if seen[name]
then raise "Loop in CNAME chain when looking for #{rev.ptrdname}"
else seen[name] = true
end
return true if name == ns
end
}
false
end
# DESC: Ensure coherence between given (param) primary and SOA
def chk_given_nsprim_vs_soa(ns, ip)
mname = soa(ip).mname
if @domain.ns[0][0] != mname
@domain.ns[1..-1].each { |nsname, |
return { 'given_primary' => @domain.ns[0][0],
'primary' => mname } if nsname == mname }
end
true
end
# DESC: Ensure coherence between given (param) nameservers and NS
def chk_given_ns_vs_ns(ns, ip)
nslist_from_ns = ns(ip).collect{ |n| n.name}
nslist_from_param = @domain.ns.collect { |n, ips| n }
return true if nslist_from_ns.unsorted_eql?(nslist_from_param)
{ 'list_from_ns' => nslist_from_ns .collect{|e| e.to_s } \
.sort.join(', '),
'list_from_param' => nslist_from_param.collect{|e| e.to_s } \
.sort.join(', ') }
end
# DESC: Ensure that a server is not recursive
def chk_not_recursive(ns, ip)
! rec(ip)
end
# DESC: Ensure that a server claiming to be recursive really is it
def chk_correct_recursive_flag(ns, ip)
return true unless rec(ip)
dbgmsg(ns, ip) {
'asking SOA for: ' +
[ @domain.name.tld || NResolv::DNS::Name::Root,
NResolv::DNS::Name::create(ip.namespace) ].join(', ')
}
soa(ip, @domain.name.tld || NResolv::DNS::Name::Root) &&
soa(ip, NResolv::DNS::Name::create(ip.namespace))
end
# # DESC:
# def chk_rir_inetnum(ns, ip)
# true
# end
# # DESC:
# def chk_rir_route(ns, ip)
# true
# end
#-- Tests ---------------------------------------------------
#
def tst_recursive_server(ns, ip)
rec(ip) ? 'true' : 'false'
end
end
end
|
