[getdns-users] getdns_validate_dnssec() Example?
Mankin, Allison
amankin at verisign.com
Mon May 4 18:08:39 CEST 2015
Scott,
I think this extension may not be complete in the C library. It is a more recent arrival to the API.
It's been on my TODO list to check details on this.
Allison
On May 4, 2015, at 11:52, Hollenbeck, Scott <shollenbeck at verisign.com> wrote:
>> -----Original Message-----
>> From: Users [mailto:users-bounces at getdnsapi.net] On Behalf Of
>> Hollenbeck, Scott
>> Sent: Friday, May 01, 2015 6:34 PM
>> To: users at getdnsapi.net
>> Subject: [getdns-users] getdns_validate_dnssec() Example?
>>
>> Does anyone have some sample code that includes queries needed to
>> create the lists that can be used to test the getdns_validate_dnssec()
>> function?
>
> Let me try this a different way. I've written some PHP code that runs, but my call to getdns_validate_dnssec() is returning either GETDNS_RETURN_NO_SUCH_DICT_NAME (305) or GETDNS_RETURN_WRONG_TYPE_REQUESTED (306) depending on the list I pull from the response dictionary in my callback function. Here's my code - can anyone tell me what I need to do to get the lists for the record(s) to be validated and the support records if I'm not accessing them correctly?
>
> Scott
> ----------
> <?php
>
> function php_callback($dict, $callbackType, $userArg, $transID)
> {
> $status = 0;
> $result = php_getdns_dict_get_int($dict, "status", $status);
> var_dump($status);
> if ($status != GETDNS_RESPSTATUS_GOOD) {
> return;
> }
>
> // Parse the response to get the records to be validated.
> // "replies_tree" produces a 305 when I call php_getdns_validate_dnssec() below.
> // "replies_full" produces a 306.
> // I *think* I need to get deeper into the list, but what exactly do I need
> // to retrieve?
> $toVal = 0;
> $result = php_getdns_dict_get_list($dict, "replies_tree", $toVal);
> var_dump($result);
>
> // Get the support records.
> $supRecs = 0;
> $result = php_getdns_dict_get_list($dict, "validation_chain", $supRecs);
> var_dump($result);
>
> // Get the trust anchor.
> $anchorDate = 0;
> $trustAnchor = php_getdns_root_trust_anchor($anchorDate);
> var_dump($trustAnchor);
>
> // Validate!
> $result = php_getdns_validate_dnssec($toVal, $supRecs, $trustAnchor);> var_dump($result);
>
> php_getdns_dict_destroy($dict);
> }
>
> $context = 0;
> $setFromOS = 1;
> $result = php_getdns_context_create($context, $setFromOS);
> var_dump($result);
>
> $name = "http://www.getdnsapi.net";
> $reqType = GETDNS_RRTYPE_NS;
>
> // Set extensions to return DNSSEC validation information.
> $extensions = php_getdns_dict_create();
> $result = php_getdns_dict_set_int($extensions, "dnssec_return_validation_chain", GETDNS_EXTENSION_TRUE);
>
> $transID = "";
> $userArgs[0] = "php_callback";
> $userArgs[1] = "User args test 1";
> $result = php_getdns_general($context, $name, $reqType, $extensions, $userArgs, $transID);
> php_getdns_dict_destroy($extensions);
> var_dump($result, $transID);
> if ($result == GETDNS_RETURN_GOOD) {
> php_getdns_context_run($context);
> }
>
> php_getdns_context_destroy($context);
>
> ?>
>
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> http://getdnsapi.net/mailman/listinfo/users
>
More information about the Users
mailing list