while (<>) {
# parse domain table lines
/^i A / && do {
- @fields = split();
- $dn = $fields[3];
- ($dom, $tld) = split(/\./, $dn, 2);
- next if $tld ne "EDU";
- print "$dn. A\n";
- print "${dom}_.$tld. A\n";
+ @fields = split();
+ $dn = $fields[3];
+ ($dom, $tld) = split(/\./, $dn, 2);
+ next if $tld ne "EDU";
+ print "$dn. A\n";
+ print "${dom}_.$tld. A\n";
};
# parse nameserver table lines
/^i B / && do {
- @fields = split();
- $ns = $fields[3];
- print "$ns. A\n";
+ @fields = split();
+ $ns = $fields[3];
+ print "$ns. A\n";
};
}
java -jar dnssecvaltool.jar server=a.edu-servers.net \
dnskey_query=edu \
query_file=queries.txt \
- error_file=dnssecvaltool_errors.log
+ error_file=dnssecvaltool_errors.log
2. Query localhost with a single query for edu/soa, using stored keys
in the file 'keys'. Validation failures will be logged to stdout.
dnskey_file=keys \
query="edu soa"
-
+3. Query "a.gov-servers.net", fetching the .gov keys directly from
+ that server, then query for nasa.gov/A.
+
+java -jar dnssecvaltool.jar server=a.gov-servers.net \
+ dnskey_query=gov \
+ query="nasa.gov a"
return;
}
- if (nsec3s.size() > 0) {
+ if (nsec3s != null && nsec3s.size() > 0) {
byte status = NSEC3ValUtils.proveNoDS(nsec3s, delegation, nsec3zone, mErrorList);
if (status != SecurityStatus.SECURE) {
git://blacka.com / captive-validator.git / commitdiff