Documentation
¶
Overview ¶
Package scan is the scan service
Package scan is the scan service ¶
Package scan is the scan service ¶
Package scan is the scan service ¶
Package scan is the scan service ¶
Package scan is the scan service
Index ¶
Constants ¶
const (
DefaultDigestType = model.DSDigestTypeSHA256
)
When converting a DNSKEY into a DS we need to choose wich digest type are we going to use, as we don't want to bother the user asking this information we assume a default digest type
Variables ¶
var ( // Maximum number of queries per second that a host will receive MaxQPSPerHost = uint64(500) // Error to identify a nameserver that had too many timeouts and is probably down ErrHostTimeout = errors.New("Nameserver down after too many timeouts detected") // Error to alert about too many queries only for one host. If we didn't have this, the // server could be added to a rate limit algorithm that could timeout all other queries ErrHostQPSExceeded = errors.New("Maximum number of queries per second for this host") )
var ( // DNS query port. It's not a constant because in test scenarios we change the DNS port // to one that don't need root privilleges DNSPort = 53 )
Functions ¶
func QueryDomain ¶
Send DNS requests to fill a domain object from the information found on the DNS authoritative nameservers. This is very usefull to make it easier for the user to fill forms with the domain information. The domain must be already delegated by a registry to this function works, because it uses a recursive DNS
func ScanDomain ¶
Function created to check a single domain without persisting in database. Useful for online domain checking. As we update the same object, we update the parameter pointer and don't return nothing
func ScanDomains ¶
func ScanDomains()
Function responsible for running the domain scan system, checking the configuration of each domain in the database according to an algorithm. This method is synchronous and will return only after the scan proccess is done
Types ¶
type Collector ¶
type Collector struct {
Database *mgo.Database // Low level database connection
SaveAtOnce int // Number of domains to save at once
}
Collector is responsable for persisting all domains with their new status into the database. For faster approach the collector waits until it has many domains to save them at once in the database
func NewCollector ¶
Return a new Collector object with the necessary fields for the scan filled
func (*Collector) Start ¶
func (c *Collector) Start(scanGroup *sync.WaitGroup, domainsToSaveChannel chan *model.Domain, errorsChannel chan error)
This method is the last part of the scan, when the new state of the domain object is persisted back to the database. It receives a go routine control group to sinalize to the main thread when the scan ends, a domain channel to receive each domain that need to be save and an error channel to send back all errors while persisting the data. It was created to be asynchronous and finish after receiving a poison pill from querier dispatcher
type Injector ¶
type Injector struct {
Database *mgo.Database // Low level database connection
DomainsBufferSize int // Size of the domains to query channel
MaxOKVerificationDays int // Maximum number of days to verify a domain configured correctly with DNS/DNSSEC
MaxErrorVerificationDays int // Maximum number of days to verify a domain with problems
MaxExpirationAlertDays int // Number of days to alert for DNSSEC signatures that are near from the expiration date
}
Injector is responsable for selecting all domains that are going to be checked. While selecting the domains the injector will add to a channel, so that the querier can start immediately
func NewInjector ¶
func NewInjector(database *mgo.Database, domainsBufferSize, maxOKVerificationDays, maxErrorVerificationDays, maxExpirationAlertDays int) *Injector
Return a new Injector object with the necessary fields for the scan filled
func (*Injector) Start ¶
Method that starts the injector job, retrieving the data from the database and adding the same data into a channel for a querier start sending DNS requests. There are two parameters, one to control the scan go routines and sinalize to the main thread the end, and other to define a channel to report errors while loading the data. This method is asynchronous and will finish sending a poison pill (error or nil domain) to indicate to the querier that there are no more domains
type QuerierCache ¶
type QuerierCache struct {
// contains filtered or unexported fields
}
QuerierCache was created to make the name resolution faster. Many domains use ISP the same host, so if we cache the hosts addresses we are speeding up many domains scans
func (*QuerierCache) Clear ¶
func (q *QuerierCache) Clear()
Clear cache. This method is for now used in integration test scenarios to get more realistic results in performance reports
func (*QuerierCache) Get ¶
func (q *QuerierCache) Get(nameserver model.Nameserver, fqdn string) ([]net.IP, error)
Method used to retrieve addresses of a given nameserver, if the address does not exist in the local cache the system will lookup for the domain and will store the result
func (*QuerierCache) Query ¶
func (q *QuerierCache) Query(name string)
Method used to notify when a new query was made to a host. This is used to control the maximum number of queries sent to a host, avoiding rate limit startegies
func (*QuerierCache) Timeout ¶
func (q *QuerierCache) Timeout(name string)
Method used to notify when a host got timeout for a query, after a special number of timeouts we assume that every nameserver that use this host will get timeout status
type QuerierDispatcher ¶
type QuerierDispatcher struct {
NumberOfQueriers int // Number of queriers to concurrently check the domains
DomainsBufferSize int // Size of the domains to save channel
UDPMaxSize uint16 // UDP max package size to pass over firewalls
DialTimeout time.Duration // Timeout while connecting to a server
ReadTimeout time.Duration // Timeout while waiting for a response
WriteTimeout time.Duration // Timeout to write a query to the DNS server
ConnectionRetries int // Number of retries before setting timeout
}
QuerierDispatcher is responsable for receiving the domains to query and redistribute them to the queriers. This allows parallels DNS queriers and speed up the scan system. The object has many attributes to control the scan query performance, allow packages to pass network firewall rules, determinate the amount of time that the queriers are going to wait in network operations when there's no answer and determinate the number of concurrently go routines that will resolve the domains
func NewQuerierDispatcher ¶
func NewQuerierDispatcher( numberOfQueriers, domainsBufferSize int, udpMaxSize uint16, dialTimeout, readTimeout, writeTimeout time.Duration, connectionRetries int, ) *QuerierDispatcher
Return a new QuerierDispatcher object with the necessary fields for the scan filled
func (*QuerierDispatcher) Start ¶
func (q *QuerierDispatcher) Start(scanGroup *sync.WaitGroup, domainsToQueryChannel chan *model.Domain) chan *model.Domain
This is the method that start the querier dispatcher and the queriers. It is asynchronous and will ends after receiving the poison pill from the injector. It receives a object to sinalize to the main thread the end and a channel that tells the domains to query, sent by the injector
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package dnsutils contains useful features to manage DNS structures
|
Package dnsutils contains useful features to manage DNS structures |
|
Package dspolicy store the DS record policies for DNSSEC configuration checks
|
Package dspolicy store the DS record policies for DNSSEC configuration checks |
|
Package nspolicy store the NS record policies for DNS configuration checks
|
Package nspolicy store the NS record policies for DNS configuration checks |