TSIG AXFR not working

[Marco Tizzoni]

Hi,

I can't get this simple code to work.

I basically copied it from the test. The transfer is refused but I am pretty sure the server is configured well as a slave is able to make a TSIG AXFR correctly for the same zone.

---------------------------- CODE ---------------------------- 

require 'dnsruby'

server = '10.10.10.10'

zone = 'example.com'

KEY_NAME = "transfer"

KEY = "j+tzXeehxism0xnvfnAemv3jj7KctSXZFGxisx9I/SU="

tsig = Dnsruby::RR.create({

  :name        => KEY_NAME,

  :type        => "TSIG",

  :key         => KEY,

})

res = Dnsruby::Resolver.new(server)

res.query_timeout=10

res.tsig=tsig

zt = Dnsruby::ZoneTransfer.new

zt.transfer_type = Dnsruby::Types.AXFR

#zt.tsig=KEY_NAME,KEY    <<--- THIS DOES NOT WORK

zt.tsig=tsig

zt.server = server

zoneref = zt.transfer(zone)

---------------------------- CODE ---------------------------- 

Also the assignement marked below, taken from test/tc_tsig.rb , gives the following error:

NoMethodError: undefined method `create_tsig_options' for Dnsruby::SingleResolver:Class

        from /home/l186120/.rvm/gems/ruby-2.2.0/gems/dnsruby-1.57.0/lib/dnsruby/resolver.rb:722:in `get_tsig'

        from /home/l186120/.rvm/gems/ruby-2.2.0/gems/dnsruby-1.57.0/lib/dnsruby/zone_transfer.rb:42:in `tsig='

        from tsig.irb:24

        from /home/l186120/.rvm/rubies/ruby-2.2.0/bin/irb:11:in `<main>'

Thanks in advance,

Marco

[Marco Tizzoni]

Forgot to mention the error: AXFR is REFUSED

m-

[Keith Bennett]

Marco -

There are a number of tests in the test directory that are no longer intended to be run, as they relied on servers that are no longer available.  If you look into test/ts_online.rb, you'll see a lot of files that are "require"'d only if a condition which can no longer be true is true.  It looks like the following tests are present in the test directory but no longer run in the test suite:

   tc_single_resolver.rb
   tc_axfr.rb
   tc_cache.rb
   tc_dns.rb
   tc_rr-opt.rb
   tc_res_config.rb
   tc_tsig.rb
   tc_verifier.rb
   tc_dlv.rb
   tc_validator.rb

Ideally these would be removed and there would be tests to replace these, but I know Alex is really busy at the moment.

I've never used these parts of the gem that you're using so I don't have anything helpful to say about them. :)

[Keith Bennett]

Something about that dnsruby method looks wrong...if we look at https://github.com/alexdalitz/dnsruby/blob/master/lib/dnsruby/resolver.rb#L684-694, we see that although the comments describe calling the method with multiple arguments, there is nothing in the method signature that allows this.

We would expect to see:

def tsig=(*t)

but instead we see:

def tsig=(t)

Did you get some kind of 'invalid number of arguments' error?

- Keith

[Keith Bennett]

Marco -

I just made a pull request to address some of the issues you raised.  It's at:

https://github.com/alexdalitz/dnsruby/pull/67

Feel free to make a gem out of my feature branch if you'd like to test it:

https://github.com/keithrbennett/dnsruby/tree/fix-create-tsig-options

- Keith

[Marco Tizzoni]

Thank you guys,

I am gonna try this out on Monday and let you know. 

Unfortunately I could not fix it myself since I am not a ruby expert, just using it to made some infrastructure test with rspec/serverspec.

m-

[Marco Tizzoni]

I managed to test it on a local virtual server.

If I get it right the method tz.tsig now has to be used like this:

tz.tsig = tsig;

and no more like this:

tz.tsig = KEY_NAME,KEY

This is ok because it removes a wrong method firm but the issue iwth AFXR still remains. 

I will dig deeper into the code.

Thanks again.

m-

[Marco Tizzoni]

Hello,

Looks like fixed it.

I have just opened a pull request here: https://github.com/alexdalitz/dnsruby/pull/68

Thanks again everybody.

m-