-DNSSECReconciler
-----------------
+DNSSECValTool
+-------------
This is a command line Java tool for doing DNSSEC response
validatation against a single authoritative DNS server.
-usage: java -jar dnssecreconiler.jar [..options..]
+usage: java -jar dnssecvaltool.jar [..options..]
server: the DNS server to query.
query: a name [type [flags]] string.
query_file: a list of queries, one query per line.
may repeat
error_file: write DNSSEC validation failure details to this file
-The DNSSECReconciler needs a server to query ('server'), a query or
-list of queries ('query' or 'query_file'), and a set of DNSKEYs to
-trust ('dnskey_file' or 'dnskey_query') -- these keys MUST be the ones
-used to sign everything in the responses.
+The DNSSECValTool needs a server to query ('server'), a query or list
+of queries ('query' or 'query_file'), and a set of DNSKEYs to trust
+('dnskey_file' or 'dnskey_query') -- these keys MUST be the ones used
+to sign everything in the responses.
By default it logs everything to stdout. DNSSEC validation errors
(which is most of the output) can be redirected to a file (which will
be appended to if it already exists).
-Note that the DNSSECReconciler will skip queries if the qname isn't a
+Note that the DNSSECValTool will skip queries if the qname isn't a
subdomain (or matches) the names of the DNSKEYs that have been added.
query_file
Examples
--------
-java -jar dnssecreconciler server=a.edu-servers.net \
+1. Query "a.edu-servers.net", fetching the .edu keys directly from
+ that server. Use queries.txt for the queries, and log all DNSSEC
+ validation failures to 'dnssecvaltool_errors.log'.
+
+java -jar dnssecvaltool.jar server=a.edu-servers.net \
dnskey_query=edu \
query_file=queries.txt \
- error_file=dnssecreconciler_errors.log
+ error_file=dnssecvaltool_errors.log
+
+2. Query localhost with a single query for edu/soa, using stored keys
+ in the file 'keys'. Validation failures will be logged to stdout.
-java -jar dnssecreconciler.jar server=127.0.0.1 \
+java -jar dnssecvaltool.jar server=127.0.0.1 \
dnskey_file=keys \
query="edu soa"
<property file="build.properties" />
<property file="VERSION" />
- <property name="distname" value="dnssecreconciler-${version}" />
+ <property name="distname" value="dnssecvaltool-${version}" />
<property name="build.dir" value="build" />
<property name="build.dest" value="${build.dir}/classes" />
<target name="jar" depends="usage,compile">
- <jar destfile="${build.lib.dest}/dnssecreconciler.jar">
+ <jar destfile="${build.lib.dest}/dnssecvaltool.jar">
<zipfileset dir="${build.dest}" includes="**/*.class" />
<zipfileset src="${lib.dir}/dnsjava-2.0.8-vrsn-2.jar" />
<zipfileset src="${lib.dir}/log4j-1.2.15.jar" />
<manifest>
<attribute name="Main-Class"
- value="com.verisign.cl.DNSSECReconciler" />
+ value="com.verisign.cl.DNSSECValTool" />
</manifest>
</jar>
</target>
</target>
<target name="dist" depends="usage,jar">
- <tar destfile="dnssecreconciler-${version}.tar.gz"
- compression="gzip">
- <tarfileset dir="${build.lib.dest}"
- prefix="dnssecreconciler-${version}"
- includes="*.jar" />
- <tarfileset dir="."
- prefix="dnssecreconciler-${version}"
- includes="README" />
+ <property name="dprefix" value="dnssecvaltool-${version}" />
+ <property name="tarfile" value="${dprefix}.tar.gz" />
+ <tar destfile="${tarfile}" compression="gzip">
+ <tarfileset dir="${build.lib.dest}" prefix="${dprefix}"
+ includes="*.jar" />
+ <tarfileset dir="." prefix="${dprefix}" includes="README" />
</tar>
</target>
import com.verisign.tat.dnssec.SecurityStatus;
import com.verisign.tat.dnssec.Util;
-public class DNSSECReconciler {
+public class DNSSECValTool {
/**
* Invoke with java -jar dnssecreconciler.jar server=127.0.0.1 \
public String errorFile;
public long count = 0;
- DNSSECReconciler() {
+ DNSSECValTool() {
validator = new CaptiveValidator();
}
}
private static void usage() {
- System.err.println("usage: java -jar dnssecreconiler.jar [..options..]");
+ System.err.println("usage: java -jar dnssecvaltool.jar [..options..]");
System.err.println(" server: the DNS server to query.");
System.err.println(" query: a name [type [flags]] string.");
System.err.println(" query_file: a list of queries, one query per line.");
// Set up Log4J to just log to console.
BasicConfigurator.configure();
- DNSSECReconciler dr = new DNSSECReconciler();
+ DNSSECValTool dr = new DNSSECValTool();
try {
// Parse the command line options