From 3360e70e882665e4fa92cf7f0f0cf18408b0925e Mon Sep 17 00:00:00 2001 From: davidb Date: Fri, 11 Jun 2010 11:49:05 -0400 Subject: [PATCH] rename the DNSSECReconciler to DNSSECValTool --- README | 29 ++++++++++++------- build.xml | 20 ++++++------- ...SSECReconciler.java => DNSSECValTool.java} | 8 ++--- 3 files changed, 31 insertions(+), 26 deletions(-) rename src/com/verisign/cl/{DNSSECReconciler.java => DNSSECValTool.java} (98%) diff --git a/README b/README index 96800c9..31f5453 100644 --- a/README +++ b/README @@ -1,10 +1,10 @@ -DNSSECReconciler ----------------- +DNSSECValTool +------------- This is a command line Java tool for doing DNSSEC response validatation against a single authoritative DNS server. -usage: java -jar dnssecreconiler.jar [..options..] +usage: java -jar dnssecvaltool.jar [..options..] server: the DNS server to query. query: a name [type [flags]] string. query_file: a list of queries, one query per line. @@ -14,16 +14,16 @@ usage: java -jar dnssecreconiler.jar [..options..] may repeat error_file: write DNSSEC validation failure details to this file -The DNSSECReconciler needs a server to query ('server'), a query or -list of queries ('query' or 'query_file'), and a set of DNSKEYs to -trust ('dnskey_file' or 'dnskey_query') -- these keys MUST be the ones -used to sign everything in the responses. +The DNSSECValTool needs a server to query ('server'), a query or list +of queries ('query' or 'query_file'), and a set of DNSKEYs to trust +('dnskey_file' or 'dnskey_query') -- these keys MUST be the ones used +to sign everything in the responses. By default it logs everything to stdout. DNSSEC validation errors (which is most of the output) can be redirected to a file (which will be appended to if it already exists). -Note that the DNSSECReconciler will skip queries if the qname isn't a +Note that the DNSSECValTool will skip queries if the qname isn't a subdomain (or matches) the names of the DNSKEYs that have been added. query_file @@ -91,12 +91,19 @@ while (<>) { Examples -------- -java -jar dnssecreconciler server=a.edu-servers.net \ +1. Query "a.edu-servers.net", fetching the .edu keys directly from + that server. Use queries.txt for the queries, and log all DNSSEC + validation failures to 'dnssecvaltool_errors.log'. + +java -jar dnssecvaltool.jar server=a.edu-servers.net \ dnskey_query=edu \ query_file=queries.txt \ - error_file=dnssecreconciler_errors.log + error_file=dnssecvaltool_errors.log -java -jar dnssecreconciler.jar server=127.0.0.1 \ +2. Query localhost with a single query for edu/soa, using stored keys + in the file 'keys'. Validation failures will be logged to stdout. + +java -jar dnssecvaltool.jar server=127.0.0.1 \ dnskey_file=keys \ query="edu soa" diff --git a/build.xml b/build.xml index a592635..83c73b9 100644 --- a/build.xml +++ b/build.xml @@ -5,7 +5,7 @@ - + @@ -40,14 +40,14 @@ - + + value="com.verisign.cl.DNSSECValTool" /> @@ -67,14 +67,12 @@ - - - + + + + + diff --git a/src/com/verisign/cl/DNSSECReconciler.java b/src/com/verisign/cl/DNSSECValTool.java similarity index 98% rename from src/com/verisign/cl/DNSSECReconciler.java rename to src/com/verisign/cl/DNSSECValTool.java index 5405a34..f1f9543 100644 --- a/src/com/verisign/cl/DNSSECReconciler.java +++ b/src/com/verisign/cl/DNSSECValTool.java @@ -11,7 +11,7 @@ import com.verisign.tat.dnssec.CaptiveValidator; import com.verisign.tat.dnssec.SecurityStatus; import com.verisign.tat.dnssec.Util; -public class DNSSECReconciler { +public class DNSSECValTool { /** * Invoke with java -jar dnssecreconciler.jar server=127.0.0.1 \ @@ -33,7 +33,7 @@ public class DNSSECReconciler { public String errorFile; public long count = 0; - DNSSECReconciler() { + DNSSECValTool() { validator = new CaptiveValidator(); } @@ -270,7 +270,7 @@ public class DNSSECReconciler { } private static void usage() { - System.err.println("usage: java -jar dnssecreconiler.jar [..options..]"); + System.err.println("usage: java -jar dnssecvaltool.jar [..options..]"); System.err.println(" server: the DNS server to query."); System.err.println(" query: a name [type [flags]] string."); System.err.println(" query_file: a list of queries, one query per line."); @@ -285,7 +285,7 @@ public class DNSSECReconciler { // Set up Log4J to just log to console. BasicConfigurator.configure(); - DNSSECReconciler dr = new DNSSECReconciler(); + DNSSECValTool dr = new DNSSECValTool(); try { // Parse the command line options