Lftp

From DNSSEC-Tools
Jump to: navigation, search
{{#if:| {{#if:| {{#if:| {{#if:| {{#if:1| {{#if:|
DNSSEC-Tools Component
lftp
This describes lftp, which in the End User Tools category within the DNSSEC-Tools Components framework of tools.
Tool Name: lftp
Tool Type: End User Tools
Manual: Manual

}}

Example: Example

}}

CLI: Help

}}

Tutorial: Tutorial

}}

How To: How To

}}

Download: lftp

}}

The patch for DNSSEC-Tools support was included in Version 4.0.4 of lftp, released on 2009-11-19.

Last tested: lftp 4.3.8 and dnssec-tools 1.12, in September of 2011.

Enabling DNSSEC-Tools

./configure --with-dnssec-local-validation

Telling ltfp to use DNSSEC validation

$ echo "set dns:dnssec-strict 1" >> ~/.lftprc

Verifying DNSSEC validation

You can use the DNSSEC-Tools test zone to ensure that a domain which fails validation is not successful:

$ lftp addedlater-nosig-A.test.dnssec-tools.org
lftp: addedlater-nosig-A.test.dnssec-tools.org: DNS resolution not trusted.

You can enable debug logging for the nitty-gritty details:

$ VAL_LOG_TARGET="5:stdout" lftp http://www.dnssec-tools.org/
20120904::16:44:31 Validation result for {www.dnssec-tools.org, IN(1), A(1)}: VAL_SUCCESS:128 (Validated)
20120904::16:44:31     name=www.dnssec-tools.org class=IN type=A from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31     name=dnssec-tools.org class=IN type=DNSKEY[tag=34816] from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31     name=dnssec-tools.org class=IN type=DS from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31     name=org class=IN type=DNSKEY[tag=21366] from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31     name=org class=IN type=DS from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31     name=. class=IN type=DNSKEY from-server=192.168.122.1 status=VAL_AC_TRUST:12
20120904::16:44:31 Validation result for {www.dnssec-tools.org, IN(1), AAAA(28)}: VAL_NONEXISTENT_TYPE:133 (Validated)
20120904::16:44:31     Proof of non-existence [1 of 1]
20120904::16:44:31       name=www.dnssec-tools.org class=IN type=NSEC from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31       name=dnssec-tools.org class=IN type=DNSKEY[tag=34816] from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31       name=dnssec-tools.org class=IN type=DS from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31       name=org class=IN type=DNSKEY[tag=21366] from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31       name=org class=IN type=DS from-server=192.168.122.1 status=VAL_AC_VERIFIED:31
20120904::16:44:31       name=. class=IN type=DNSKEY from-server=192.168.122.1 status=VAL_AC_TRUST:12
cd ok, cwd=/                                             
lftp www.dnssec-tools.org:/>