Date: Sun, 6 Jan 2019 17:29:59 +0000 (UTC) From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r489514 - in head/dns: . nsec3walker nsec3walker/files Message-ID: <201901061729.x06HTxut090315@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pi Date: Sun Jan 6 17:29:59 2019 New Revision: 489514 URL: https://svnweb.freebsd.org/changeset/ports/489514 Log: New port: dns/nsec3walker: Walk NSEC3 secured DNSSEC zones Installing current DNSSEC (NSEC3) exposes private DNS data to low-cost DNS database espionage. The nsec3walker tool allows administrators and users to see how much private information is being given away by DNSSEC. WWW: https://dnscurve.org/nsec3walker.html PR: 215995 Submitted by: Piotr Kubaj <pkubaj@anongoth.pl> Added: head/dns/nsec3walker/ head/dns/nsec3walker/Makefile (contents, props changed) head/dns/nsec3walker/distinfo (contents, props changed) head/dns/nsec3walker/files/ head/dns/nsec3walker/files/patch-Makefile (contents, props changed) head/dns/nsec3walker/files/patch-collect (contents, props changed) head/dns/nsec3walker/files/patch-unhash (contents, props changed) head/dns/nsec3walker/pkg-descr (contents, props changed) Modified: head/dns/Makefile Modified: head/dns/Makefile ============================================================================== --- head/dns/Makefile Sun Jan 6 16:57:40 2019 (r489513) +++ head/dns/Makefile Sun Jan 6 17:29:59 2019 (r489514) @@ -113,6 +113,7 @@ SUBDIR += namesilo_ddns SUBDIR += noip SUBDIR += nsd + SUBDIR += nsec3walker SUBDIR += nslint SUBDIR += nsnotifyd SUBDIR += nsping Added: head/dns/nsec3walker/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/Makefile Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,31 @@ +# Created by: Piotr Kubaj <pkubaj@anongoth.pl> +# $FreeBSD$ + +PORTNAME= nsec3walker +PORTVERSION= 20101223 +CATEGORIES= dns +MASTER_SITES= https://dnscurve.org/ + +MAINTAINER= pkubaj@anongoth.pl +COMMENT= Walk NSEC3 secured DNSSEC zones + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}bsddb>0:databases/py-bsddb@${PY_FLAVOR} \ + dig:dns/bind-tools + +USES= python shebangfix ssl + +SHEBANG_FILES= ${WRKSRC}/collect ${WRKSRC}/unhash +PLIST_FILES= bin/collect \ + bin/dicthashes \ + bin/query \ + bin/randomhashes \ + bin/unhash + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/collect ${STAGEDIR}${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/dicthashes ${STAGEDIR}${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/query ${STAGEDIR}${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/randomhashes ${STAGEDIR}${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/unhash ${STAGEDIR}${PREFIX}/bin + +.include <bsd.port.mk> Added: head/dns/nsec3walker/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/distinfo Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,3 @@ +TIMESTAMP = 1484146216 +SHA256 (nsec3walker-20101223.tar.gz) = 74d873b93d67634d9c1c16c938818ecb90dc6ad391ca6dc57b421c627eeb2e30 +SIZE (nsec3walker-20101223.tar.gz) = 3658 Added: head/dns/nsec3walker/files/patch-Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/files/patch-Makefile Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,12 @@ +--- Makefile.orig 2010-12-24 09:49:40 UTC ++++ Makefile +@@ -1,7 +1,7 @@ + all: dicthashes randomhashes + + dicthashes: dicthashes.c +- gcc -O3 -o dicthashes dicthashes.c -lcrypto -lm ++ cc -O3 -o dicthashes dicthashes.c -lcrypto -lm + + randomhashes: randomhashes.c +- gcc -O3 -o randomhashes randomhashes.c -lcrypto -lm ++ cc -O3 -o randomhashes randomhashes.c -lcrypto -lm Added: head/dns/nsec3walker/files/patch-collect ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/files/patch-collect Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,20 @@ +--- collect.orig 2010-12-24 09:49:40 UTC ++++ collect +@@ -71,7 +71,7 @@ while len(todo) > 0 or len(nexthash) == + print "querying",guess,h + numqueries += 1 + server = servers[r.randrange(len(servers))] +- query = subprocess.Popen(["./query",guess,server],stdout=subprocess.PIPE).stdout ++ query = subprocess.Popen(["query",guess,server],stdout=subprocess.PIPE).stdout + for x in query: + y = x.strip().split(' ') + if y[0] == "ns": +@@ -84,7 +84,7 @@ while len(todo) > 0 or len(nexthash) == + print "iterations",y[4] + salt = binascii.a2b_hex(y[3]) + iterations = int(y[4]) +- hashprocess = subprocess.Popen(["./randomhashes",domain,y[4],y[3]],stdout=subprocess.PIPE) ++ hashprocess = subprocess.Popen(["randomhashes",domain,y[4],y[3]],stdout=subprocess.PIPE) + hashes = hashprocess.stdout + if salt != binascii.a2b_hex(y[3]): + print "newsalt",binascii.a2b_hex(y[3]) Added: head/dns/nsec3walker/files/patch-unhash ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/files/patch-unhash Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,11 @@ +--- unhash.orig 2017-01-13 09:05:36 UTC ++++ unhash +@@ -35,7 +35,7 @@ print "names:",numnames + + if domain and salt and numnames: + dictprocess = subprocess.Popen(["cat",dictionary],stdout=subprocess.PIPE) +- hashprocess = subprocess.Popen(["./dicthashes",domain,iterations,salt],stdin=dictprocess.stdout,stdout=subprocess.PIPE) ++ hashprocess = subprocess.Popen(["dicthashes",domain,iterations,salt],stdin=dictprocess.stdout,stdout=subprocess.PIPE) + for line in hashprocess.stdout: + numhashes += 1 + x = line.strip().split() Added: head/dns/nsec3walker/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/pkg-descr Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,5 @@ +Installing current DNSSEC (NSEC3) exposes private DNS data to low-cost +DNS database espionage. The nsec3walker tool allows administrators and users +to see how much private information is being given away by DNSSEC. + +WWW: https://dnscurve.org/nsec3walker.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901061729.x06HTxut090315>