[getdns-users] getdns_validate_dnssec() Example?

Hollenbeck, Scott shollenbeck at verisign.com
Mon May 4 15:51:53 UTC 2015 

> -----Original Message-----
> From: Users [mailto:users-bounces at getdnsapi.net] On Behalf Of
> Hollenbeck, Scott
> Sent: Friday, May 01, 2015 6:34 PM
> To: users at getdnsapi.net
> Subject: [getdns-users] getdns_validate_dnssec() Example?
> 
> Does anyone have some sample code that includes queries needed to
> create the lists that can be used to test the getdns_validate_dnssec()
> function?

Let me try this a different way. I've written some PHP code that runs, but my call to getdns_validate_dnssec() is returning either GETDNS_RETURN_NO_SUCH_DICT_NAME (305) or GETDNS_RETURN_WRONG_TYPE_REQUESTED (306) depending on the list I pull from the response dictionary in my callback function. Here's my code - can anyone tell me what I need to do to get the lists for the record(s) to be validated and the support records if I'm not accessing them correctly?

Scott
----------
<?php

function php_callback($dict, $callbackType, $userArg, $transID)
{
    $status = 0;
    $result = php_getdns_dict_get_int($dict, "status", $status);
    var_dump($status);
    if ($status != GETDNS_RESPSTATUS_GOOD) {
        return;
    }

    // Parse the response to get the records to be validated.
    // "replies_tree" produces a 305 when I call php_getdns_validate_dnssec() below.
    // "replies_full" produces a 306.
    // I *think* I need to get deeper into the list, but what exactly do I need
    // to retrieve?
    $toVal = 0;
    $result = php_getdns_dict_get_list($dict, "replies_tree", $toVal);
    var_dump($result);

    // Get the support records.
    $supRecs = 0;
    $result = php_getdns_dict_get_list($dict, "validation_chain", $supRecs);
    var_dump($result);

    // Get the trust anchor.
    $anchorDate = 0;
    $trustAnchor = php_getdns_root_trust_anchor($anchorDate);
    var_dump($trustAnchor);

    // Validate!
    $result = php_getdns_validate_dnssec($toVal, $supRecs, $trustAnchor);
    var_dump($result);

    php_getdns_dict_destroy($dict);
}

$context = 0;
$setFromOS = 1;
$result = php_getdns_context_create($context, $setFromOS);
var_dump($result);

$name = "www.getdnsapi.net";
$reqType = GETDNS_RRTYPE_NS;

// Set extensions to return DNSSEC validation information.
$extensions = php_getdns_dict_create();
$result = php_getdns_dict_set_int($extensions, "dnssec_return_validation_chain", GETDNS_EXTENSION_TRUE);

$transID = "";
$userArgs[0] = "php_callback";
$userArgs[1] = "User args test 1";
$result = php_getdns_general($context, $name, $reqType, $extensions, $userArgs, $transID);
php_getdns_dict_destroy($extensions);
var_dump($result, $transID);
if ($result == GETDNS_RETURN_GOOD) {
    php_getdns_context_run($context);
}

php_getdns_context_destroy($context);

?>

More information about the Users mailing list