Google

DNSSEC Walker

Simon Josefsson

Index


Download

This program require `perl' (modern version) and `dig' (from BIND version 9 or later).

walker-1.0.tar.gz
2001-01-03 Version 1.0

Example usage

Here's how you would recover the zone file for "josefsson.org". The zone have zone transfers disabled, but use DNSSEC.

[root@dolk dig]# ~jas/walker -d josefsson.org
Canonicalizing `josefsson.org'...
Canonical name is `josefsson.org.'...
Walking `josefsson.org.'...
Current node `josefsson.org.'...
Getting types for `josefsson.org.' and the next domain name...
josefsson.org.          36000   IN      NXT     barbar.josefsson.org. A NS SOA MX TXT SIG KEY NXT
josefsson.org.          36000   IN      SIG     NXT 1 2 36000 20010202122215 20010103122215 41051 josefsson.org. NYq4QUn7EvgKUQ31fshysS62Ck7grUVssXV32TBAMGY3cXLx+/2iP50/ 2tNC12qZl3/e6O71hmcuBYyGvdy+uA==
Domain `josefsson.org.' have types `A NS SOA MX TXT SIG KEY NXT' and next domain is `barbar.josefsson.org.'...
Digging for domain `josefsson.org.' and type `A'...
josefsson.org.          3600    IN      A       195.42.214.241
josefsson.org.          3600    IN      SIG     A 1 2 3600 20010202122215 20010103122215 41051 josefsson.org. aSX6NW7OGYnKL8LR817TAPpepNJbZEG9OAeuwoahCOk4W/Eg8d3FR77C kQpc1+Ioz634NMDM9dfxCNPSJYGMGA==
Digging for domain `josefsson.org.' and type `NS'...
josefsson.org.          36000   IN      NS      terminal.2globe.net.
josefsson.org.          36000   IN      NS      ns.wineasy.se.
josefsson.org.          36000   IN      NS      ns2.wineasy.se.
josefsson.org.          36000   IN      NS      dolk.extundo.com.
josefsson.org.          36000   IN      NS      vic20.blipp.com.
josefsson.org.          36000   IN      SIG     NS 1 2 36000 20010202122215 20010103122215 41051 josefsson.org. H1qR3EjZD164GGTdc06d7D7Xt/MRRvVLezk/drYSSk7SjE/v5wEjqR+K DjMg5WaPJwUgTAv9VZ0OTbYtEX9T3A==
Digging for domain `josefsson.org.' and type `SOA'...
josefsson.org.          36000   IN      SOA     dolk.extundo.com. jas.pdc.kth.se. 2000121408 10800 3600 604800 36000
josefsson.org.          36000   IN      SIG     SOA 1 2 36000 20010202122215 20010103122215 41051 josefsson.org. qFfXuVsu53VGnb5OWaTVyX/w8Ak8VCarYgmoW78z5KFffu/QOUhCkuoj dWJrxvzs/EswTiHATs8LReBqlhyT7g==
Digging for domain `josefsson.org.' and type `MX'...
josefsson.org.          3600    IN      MX      10 vic20.blipp.com.
josefsson.org.          3600    IN      MX      20 terminal.2globe.net.
josefsson.org.          3600    IN      MX      5 dolk.extundo.com.
josefsson.org.          3600    IN      SIG     MX 1 2 3600 20010202122215 20010103122215 41051 josefsson.org. i1pRJcYd4QOddRc9UlsjRDZNLmfqYho3eCcRzpfEMJy41QkI80u/6zhB l64VkRqLsM6admFjp3BMwsJZQAGsSg==
Digging for domain `josefsson.org.' and type `TXT'...
josefsson.org.          3600    IN      TXT     "JOSEFSSON.ORG"
josefsson.org.          3600    IN      SIG     TXT 1 2 3600 20010202122215 20010103122215 41051 josefsson.org. rnOFedauiIUTqv37Xqdi/tYiNyFJt2NmkYQWuofV6MPm9WOaykPQOL8Z PDa32s/sCOTvsx+eJIP6qLXBQwclPA==
Digging for domain `josefsson.org.' and type `KEY'...
josefsson.org.          3600    IN      KEY     256 3 1 AQPgVeDSqx5N+/EuUmwg0fAQVp/V+y81zroV/XeulJpD5279BLgiPpjx Ht6m8MVtB1m1WhDfNmkvvtV9GEynoFvh
josefsson.org.          3600    IN      SIG     KEY 1 2 3600 20010202122215 20010103122215 41051 josefsson.org. M7p3Oh1R+4/1UmAprOg9wRKr55mIyrldETldFZRZOxkp4XEJxFwY5pFb t+Dlw9u8qpqH7EkLK7h2MH+plY7JMQ==
Current node `barbar.josefsson.org.'...
Getting types for `barbar.josefsson.org.' and the next domain name...
barbar.josefsson.org.   36000   IN      NXT     kerberos.josefsson.org. A SIG KEY NXT
barbar.josefsson.org.   36000   IN      SIG     NXT 1 3 36000 20010202122215 20010103122215 41051 josefsson.org. EexKd66XIqLnNfrWsZrsqH6xohk6rP+FPQMUoHNDqAMfgKRncJpWRLaK +v6FY5sRbyUJBzsrvjWiY9mCqV0p4w==
Domain `barbar.josefsson.org.' have types `A SIG KEY NXT' and next domain is `kerberos.josefsson.org.'...
Digging for domain `barbar.josefsson.org.' and type `A'...
barbar.josefsson.org.   3600    IN      A       195.42.214.253
barbar.josefsson.org.   3600    IN      SIG     A 1 3 3600 20010202122215 20010103122215 41051 josefsson.org. yfcgtGmlTEPQvH6YPsiBnbgbIdzXXy7pzgI3eRYMMSs01BXYA912zKYC WD5G2Ar/DFzhY6w2ErSgBaHzEymhLQ==
Digging for domain `barbar.josefsson.org.' and type `KEY'...
barbar.josefsson.org.   3600    IN      KEY     16896 4 1 AQN2vALm04nkCK3JwNcfC4zV+Zd0Bp9kgXgXSrS4eOgxvvYQ398IRM0K 7BxBfBaAGDWmL+ZXRHNehMqFjkigFQI8Pa7c8uZY4dlKjIXCW7da3ASI P0zELuXfQ55tBjtqMnxYKyJsHEQJ+yejB4dJI0nYX/avm6GxqTCIVQDq iR/M+jKqsKEnmkuwg0qpj1+Rx3odVkjnt8Lf
barbar.josefsson.org.   3600    IN      SIG     KEY 1 3 3600 20010202122215 20010103122215 41051 josefsson.org. G5MmjCMjlXmuvjb3zXW9znFm/tvoS4+C674vLaeOhmeGnk4JUsusAw2T 7sqZ6U+MSqHk/VoNnbgPhjPVU0d2cg==
Current node `kerberos.josefsson.org.'...
Getting types for `kerberos.josefsson.org.' and the next domain name...
kerberos.josefsson.org. 36000   IN      NXT     krb4-realm.josefsson.org. CNAME SIG NXT
kerberos.josefsson.org. 36000   IN      SIG     NXT 1 3 36000 20010202122215 20010103122215 41051 josefsson.org. anQNBLyQ4IYDMUK0X1VbLMHrqzOu0SSzE9EUo2dEWBJtw8lBJyrEVS6c hVkvcc4IyAkc6CzFCT6zcV2szE3kSg==
Domain `kerberos.josefsson.org.' have types `CNAME SIG NXT' and next domain is `krb4-realm.josefsson.org.'...
Digging for domain `kerberos.josefsson.org.' and type `CNAME'...
kerberos.josefsson.org. 3600    IN      CNAME   vic20.blipp.com.
kerberos.josefsson.org. 3600    IN      SIG     CNAME 1 3 3600 20010202122215 20010103122215 41051 josefsson.org. QkPvBVYAZaflQh5soqoVzXEKvEM+wo4bQ4JKRFzsCEx6aMqyBfLPcVAi AhICNkswJeYFn0ie4Nf952Mey644EA==
Current node `krb4-realm.josefsson.org.'...
Getting types for `krb4-realm.josefsson.org.' and the next domain name...
krb4-realm.josefsson.org. 36000 IN      NXT     simon.josefsson.org. TXT SIG NXT
krb4-realm.josefsson.org. 36000 IN      SIG     NXT 1 3 36000 20010202122215 20010103122215 41051 josefsson.org. J6JzsmBypcmHJ3cMnkhykj3s8h7kjBfijYEUr/yQu9rJUup1Yk2UjeAe bAtxZfvLyjCoDGgsPmv7Ypq2P8DZ1w==
Domain `krb4-realm.josefsson.org.' have types `TXT SIG NXT' and next domain is `simon.josefsson.org.'...
Digging for domain `krb4-realm.josefsson.org.' and type `TXT'...
krb4-realm.josefsson.org. 3600  IN      TXT     "JOSEFSSON.ORG"
krb4-realm.josefsson.org. 3600  IN      SIG     TXT 1 3 3600 20010202122215 20010103122215 41051 josefsson.org. jG5sxZhIErwzNEPVh/S9aw9NqGjo9Xc6sEBcCGUVAIuHuatSKYQ5RBIB AbKXMaSLY4LIm/q/KUKdeL3sYWR1PQ==
Current node `simon.josefsson.org.'...
Getting types for `simon.josefsson.org.' and the next domain name...
simon.josefsson.org.    36000   IN      NXT     kerberos-iv.tcp.josefsson.org. SIG NXT CERT
simon.josefsson.org.    36000   IN      SIG     NXT 1 3 36000 20010202122215 20010103122215 41051 josefsson.org. QKZwkwrnbuPoglZX+tRUZNopQzlktIokamntrTcvRnihIAe5eRqG0bE1 jwela+P+j2xoX3MRewB7pRQpPZme8g==
Domain `simon.josefsson.org.' have types `SIG NXT CERT' and next domain is `kerberos-iv.tcp.josefsson.org.'...
Digging for domain `simon.josefsson.org.' and type `CERT'...
simon.josefsson.org.    3600    IN      CERT    PKIX 0 0 MIIEhDCCA+2gAwIBAgIQLhA3A99GhZ16VQ2mWWGFODANBgkqhkiG9w0B AQQFADCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJp c2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJ QUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0Eg SW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRl ZDAeFw0wMDA2MjYwMDAwMDBaFw0wMDA4MjUyMzU5NTlaMIIBCDEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVw b3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgx HjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEmMCQGA1UECxMd RGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxGDAWBgNVBAMUD1Np bW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3DQEJARYTc2ltb25Aam9zZWZz c29uLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyQzOiv5x RpvKHeWQEqURC8YtxDPGGehgWU4/ZD3k93uwvvkQB+l8psZaUTMkl3uj 4Qi0UrYGEH1l325SvYE/Oa2zrRcTiCLnQ4w5t8LEukqLVBVJVaRNzABW e8hjTjfe+3kPRdzpXM1w8GRCNYTb5lmky0v+D0coDDURqUD8uqUCAwEA AaOCASYwggEiMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhF AQcBCDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5j b20vcnBhMBEGCWCGSAGG+EIBAQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4 FnZkNDY1MmJkNjNmMjA0NzAyOTI5ODc2M2M5ZDJmMjc1MDY5YzczNTli ZWQxYjA1OWRhNzViYzRiYzk3MDE3NDdkYTVkNWU0MTQxYmVhZGIyYmQy ZTg4MzE3YWY3YmY1ZDUxMTQ5OTdhM2JmNDVmOGYzZWE0NTBjMDMGA1Ud HwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNz MS5jcmwwDQYJKoZIhvcNAQEEBQADgYEACTgvV56RpNJC2ddEwdgXFEkA aZ9r5JWTNf2Wdv+Lv57dBWuCsvOvD/igL41lCCdU1I9Hecm+2fnOr38q Bhcm87nmdLq5NT42Vl1BnM5o/NvFMUIJMjfnty6kxVHl/uVFWQxEys6t dyRStHhfzE8Vp48ggVZlCFA3dbyiEYJySHY=
simon.josefsson.org.    3600    IN      SIG     CERT 1 3 3600 20010202122215 20010103122215 41051 josefsson.org. s4LRCfkinYkd/Fsw+w03dOlauucGBkkZDUJQbzgrjQrKxgFOxR7JwTJU q3xiUPZasA1h2glaMHuhJomNxK7pMQ==
Current node `kerberos-iv.tcp.josefsson.org.'...
Getting types for `kerberos-iv.tcp.josefsson.org.' and the next domain name...
kerberos-iv.tcp.josefsson.org. 36000 IN NXT     kerberos-iv.udp.josefsson.org. SIG NXT SRV
kerberos-iv.tcp.josefsson.org. 36000 IN SIG     NXT 1 4 36000 20010202122215 20010103122215 41051 josefsson.org. Mxlk4IM6ygjZaEpZKj3VKjMBG9dwuc8HOOmv71YQ+r02CbKRrpBRkccT jMtYlP5kPcHXJ0JvARy6mhr8ktO/gQ==
Domain `kerberos-iv.tcp.josefsson.org.' have types `SIG NXT SRV' and next domain is `kerberos-iv.udp.josefsson.org.'...
Digging for domain `kerberos-iv.tcp.josefsson.org.' and type `SRV'...
kerberos-iv.tcp.josefsson.org. 3600 IN  SRV     0 0 750 vic20.blipp.com.
kerberos-iv.tcp.josefsson.org. 3600 IN  SIG     SRV 1 4 3600 20010202122215 20010103122215 41051 josefsson.org. x+dQRYlF1ksZmq2QfxoG3of0bTFOKifVa9N/2Uiz//B2xzkHYVlU0Bes s0ZzBnZWb4zjgBGNk4DZR7DDqtRzaA==
Current node `kerberos-iv.udp.josefsson.org.'...
Getting types for `kerberos-iv.udp.josefsson.org.' and the next domain name...
kerberos-iv.udp.josefsson.org. 36000 IN NXT     vic20.josefsson.org. SIG NXT SRV
kerberos-iv.udp.josefsson.org. 36000 IN SIG     NXT 1 4 36000 20010202122215 20010103122215 41051 josefsson.org. iX9FpEGdL/ahmDoUfdhYY31UPbwL7WU8O/xrVbc4e5+w1arY08bZ9J7E rknTeIk+KAYoyyEYAafthAupWGRSdg==
Domain `kerberos-iv.udp.josefsson.org.' have types `SIG NXT SRV' and next domain is `vic20.josefsson.org.'...
Digging for domain `kerberos-iv.udp.josefsson.org.' and type `SRV'...
kerberos-iv.udp.josefsson.org. 3600 IN  SRV     0 0 750 vic20.blipp.com.
kerberos-iv.udp.josefsson.org. 3600 IN  SIG     SRV 1 4 3600 20010202122215 20010103122215 41051 josefsson.org. k1Q/7E73DO4RMBshEUkO8WBTde9r6Rk6nKmKrOIL+Y5qMckiPnOqpRPg /LsYmzfqJdzsgLzfSQ/fnFl7cKhQ9w==
Current node `vic20.josefsson.org.'...
Getting types for `vic20.josefsson.org.' and the next domain name...
vic20.josefsson.org.    36000   IN      NXT     www.josefsson.org. A SIG NXT
vic20.josefsson.org.    36000   IN      SIG     NXT 1 3 36000 20010202122215 20010103122215 41051 josefsson.org. rQ7Pf5ArVEbF5ua4qgl99bgAXN6ujBBgeNaAm1NM+uJAVFO/e2bv81Sr 3RAkSWnDKlXrxYBbbRWEqmlN7JG1eg==
Domain `vic20.josefsson.org.' have types `A SIG NXT' and next domain is `www.josefsson.org.'...
Digging for domain `vic20.josefsson.org.' and type `A'...
vic20.josefsson.org.    3600    IN      A       195.163.165.35
vic20.josefsson.org.    3600    IN      SIG     A 1 3 3600 20010202122215 20010103122215 41051 josefsson.org. CWxLAltzWk3P1kV9Ayp8IyDAo+pPPmn48OOkHsM5IsFVIBHM9jHZjfPw b8TR22zXPlyAGlbnFvRPN5ZdRaa9mA==
Current node `www.josefsson.org.'...
Getting types for `www.josefsson.org.' and the next domain name...
www.josefsson.org.      36000   IN      NXT     josefsson.org. A SIG NXT
www.josefsson.org.      36000   IN      SIG     NXT 1 3 36000 20010202122215 20010103122215 41051 josefsson.org. JX0TVp3nXZTjSj6OSlfd4SIac6quvQ4ed49WY5PVPnOqpqHG5q1npH57 5jN+YLYRGYqH1X6r+SIJE+hM3yfFJw==
Domain `www.josefsson.org.' have types `A SIG NXT' and next domain is `josefsson.org.'...
Digging for domain `www.josefsson.org.' and type `A'...
www.josefsson.org.      3600    IN      A       195.42.214.241
www.josefsson.org.      3600    IN      SIG     A 1 3 3600 20010202122215 20010103122215 41051 josefsson.org. 3faBq1EvmgjR382v48tjtMKlQI/0SaIFVKWbRbdC6y1EaOdADxW+uZPQ g/zaQThAddc3J9PXG0J1N51+0Ay9zA==
Walking `josefsson.org.'...done
[root@dolk dig]#
    

Man page

NAME

walker - recover zone file information from servers that have disabled zone transfers but use DNSSEC.

SYNOPSIS

walker [-d] <any domain name in zone>

DESCRIPTION

Fetch NXT record on zone name, walk the NXT chain until all records are fetched. Requires Bind version 9.x program `dig' located in path.

-d
Print debugging information

SEE ALSO

dig(1), resolver(3)

AUTHOR

Simon Josefsson sjosefsson@rsasecurity.com

BUGS

Support DNS classes other than "IN" is left as an exercise for the reader.


$Id: walker.html,v 1.1 2001/01/03 14:46:41 sjosefsson Exp $