inet_res.resolve/5 works only with limited dns classes and types

I am working currently on a project where I have to check for DNSSEC for specific zones, meaning I need to query for RRSIG records.

I tried to use inet_res.resolve/5, however if you look at the types it can operate on here, it is clear that it is missing this and many more new record types.

I was wondering if there is a way to make some kind of raw queries and parse them by myself? since for now I have to resort to use external clis like dig and I am not very keen to deal with leaking zombie processes.

Try passing in the integer vales for the types.

You will need to decode the binary value in the reply yourself but it works.

1 Like

If you are looking to handle DNSSEC, you may find some of the work I am doing for service discovery which involves SIG(0) helps:

I think you may need to do a canonical sort to get (RR)SIG working, but at least the ‘crypto sausage making machine’ you no longer have to figure out; or if you already have, its be a dual wasted effort of duplication…but at least (frustratingly) educational.

Do poke me off list if you want to collaborate on this if you think there is overlap.

I am currently working on a tool that checks web security.

One of the checks we want to perform is checking DNSSEC and validation of records like RRSIG. For now we have more important things to attend to, so I will get back later with more information.

We currently ended up with using dig to query for RRSIG records as a workaround, however if the support for dnssec will be improved in erlang, we will refactor to the official library.

I am not sure we can collaborate as we are writing everything in elixir, the exception is usage of OTP libraries.