remove probe. version 2.5.3 (#173)

* Removed probe feature.

* Add note: not all passive DNS systems or versions of those system implement the same query features.

* Remove unreached error msg

* version 2.5.3

* Renamed existing "dnsdb" system to be "dnsdb1".  Made "dnsdb" be an alias for "dnsdb2".  Restructured parts of the man page

* Update Copyright year to 2021

* Remove stray character

README

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2020 by Farsight Security, Inc.
+ * Copyright (c) 2014-2021 by Farsight Security, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

defs.h

@@ -31,7 +31,13 @@
 #define CRIPPLED_LIBC 1
 #endif /* __CYGWIN__ */
 
+#if WANT_PDNS_DNSDB
 #define DEFAULT_SYS "dnsdb2"
+#elif WANT_PDNS_CIRL
+#define DEFAULT_SYS "circl"
+#else
+#error "No passive DNS system defined"
+#endif
 #define DEFAULT_VERB 0
 #define	MAX_JOBS 8
 #define DNSDBQ_SYSTEM "DNSDBQ_SYSTEM"

dnsdbq.c

@@ -501,13 +501,12 @@ main(int argc, char *argv[]) {
 #if WANT_PDNS_DNSDB
 		/* the json output files are in COF format, never SAF. */
 		if (strcmp(psys->name, "dnsdb2") == 0)
-			pick_system("dnsdb", "downgrade for -J");
+			pick_system("dnsdb1", "downgrade for -J");
 #endif
 		NULL;
 	} else {
 		make_curl();
-		if (!psys_specified)
-			pdns_probe();
+		assert(psys_specified);
 	}
 
 	/* validate some interrelated options. */

dnsdbq.man

@@ -43,19 +43,20 @@
 .Op Fl V Ar verb
 .Sh DESCRIPTION
 .Nm dnsdbq
-constructs and issues queries to Passive DNS systems which return
-data in the IETF Passive DNS Common Output Format. Farsight Security's
-DNSDB is one such system.
-.Nm dnsdbq
-displays responses in various formats.  It is commonly used as a
-production command line interface to such systems.
-.Pp
-Its default query type is a "lookup" query.  As an option, it can
-issue a "summarize" query type.
+constructs and issues queries to Passive DNS systems which return data
+in the IETF Passive DNS Common Output Format.  It is commonly used as
+a production command line interface to such systems.
 .Pp
-Farsight Security's DNSDB system implements both APIv1 and APIv2 interfaces.
-APIv1 is accessed by specifying system "dnsdb."  APIv2 is accessed by
-specifying system "dnsdb2".
+.Nm dnsdbq
+displays responses in various formats.  Its default query type is a
+"lookup" query.  As an option, it can issue a "summarize" query type.
+Different Passive DNS systems or versions of those systems may
+implement different query features.
+.Sh FARSIGHT SECURITY'S "DNSDB"
+Farsight Security's "DNSDB" is one such Passive DNS system.  DNSDB
+implements both APIv1 and APIv2 interfaces.  APIv1 is accessed by
+specifying system "dnsdb1".  APIv2 is accessed by specifying system
+"dnsdb2".
 .Pp
 You'll need to get an API key from Farsight to use
 .Ic dnsdbq
@@ -386,7 +387,11 @@ including ANY.  A special-case supported in DNSDB is ANY-DNSSEC, which
 matches on DS, RRSIG, NSEC, DNSKEY, NSEC3, NSEC3PARAM, and DLV
 resource record types.
 .It Fl u Ar server_sys
-specifies the syntax of the RESTful URL, default is "dnsdb".
+specifies the Passive DNS system and thus its syntax for RESTful URLs.
+Can be "dnsdb", "dnsdb1", "dnsdb2", or "circl".  "dnsdb" is an alias
+for "dnsdb2".  If unset,
+.Nm dnsdbq
+will use a default.
 .It Fl V Ar verb
 The verb to perform, i.e. the type of query, either "lookup" or
 "summarize".  The default is the "lookup" verb.  As an option, you can
@@ -569,19 +574,19 @@ configuration file which can specify the API key and server URL. The first
 of these which is readable will be used, alone, in its entirety. The variables
 which can be set are as follows:
 .Bl -tag -width ".Ev DNSDB_API_KEY , APIKEY"
+.It Ev DNSDBQ_SYSTEM
+contains the default value for the
+.Fl u
+option described above.
 .It Ev DNSDB_API_KEY , APIKEY
-contains the user's apikey (no default).
+contains the user's DNSDB apikey (no default).
 .It Ev DNSDB_SERVER
-contains the URL of the DNSDB API server (default is https://api.dnsdb.info),
-and optionally the URI prefix for the database (default is "/lookup").
+contains the URL of the DNSDB API server (default is
+https://api.dnsdb.info), and optionally the URI prefix for the
+database.  The default URI prefix for system "dnsdb2" is
+"/dnsdb/v2/lookup"; the default for "dnsdb1" is "/lookup".
 .It Ev CIRCL_AUTH , CIRCL_SERVER
 enable access to a passive DNS system compatible with the CIRCL.LU system.
-.It Ev DNSDBQ_SYSTEM
-contains the default value for the
-.Fl u
-option described above. Can be "dnsdb", "dnsdb2", or "circl". If unset,
-.Nm dnsdbq
-will probe for any configured system.
 .El
 .Sh ENVIRONMENT
 The following environment variables override the configuration file:

globals.h

@@ -33,7 +33,7 @@ extern const struct verb verbs[];
 #endif
 
 EXTERN	const char id_swclient[]	INIT("dnsdbq");
-EXTERN	const char id_version[]		INIT("2.5.2");
+EXTERN	const char id_version[]		INIT("2.5.3");
 EXTERN	const char *program_name	INIT(NULL);
 EXTERN	const char path_sort[]		INIT("/usr/bin/sort");
 EXTERN	const char json_header[]	INIT("Accept: application/json");

pdns.c

@@ -912,20 +912,6 @@ data_blob(query_t query, const char *buf, size_t len) {
 	return (ret);
 }
 
-/* pdns_probe -- maybe probe and switch to a reachable and functional psys.
- */
-void
-pdns_probe(void) {
-	while (psys->next != NULL && !psys->probe()) {
-		pick_system(psys->next()->name, "downgrade from probe");
-		if (!quiet)
-			fprintf(stderr,
-				"probe failed, downgrading to '%s', "
-				"consider changing -u or configuration.\n",
-				psys->name);
-	}
-}
-
 /* pick_system -- find a named system descriptor, return t/f as to "found?"
  *
  * returns if psys != NULL, or exits fatally otherwise.
@@ -937,9 +923,10 @@ pick_system(const char *name, const char *context) {
 
 	DEBUG(1, true, "pick_system(%s)\n", name);
 #if WANT_PDNS_DNSDB
-	if (strcmp(name, "dnsdb") == 0)
-		tsys = pdns_dnsdb();
-	if (strcmp(name, "dnsdb2") == 0)
+	if (strcmp(name, "dnsdb1") == 0)
+		tsys = pdns_dnsdb1();
+	/* "dnsdb" is an alias for "dnsdb2". */
+	if (strcmp(name, "dnsdb2") == 0 || strcmp(name, "dnsdb") == 0)
 		tsys = pdns_dnsdb2();
 #endif
 #if WANT_PDNS_CIRCL
@@ -993,8 +980,8 @@ read_config(const char *cf) {
 		     "echo dnsdbq system ${" DNSDBQ_SYSTEM
 			":-" DEFAULT_SYS "};"
 #if WANT_PDNS_DNSDB
-		     "echo dnsdb apikey ${DNSDB_API_KEY:-$APIKEY};"
-		     "echo dnsdb server $DNSDB_SERVER;"
+		     "echo dnsdb1 apikey ${DNSDB_API_KEY:-$APIKEY};"
+		     "echo dnsdb1 server $DNSDB_SERVER;"
 		     "echo dnsdb2 apikey ${DNSDB_API_KEY:-$APIKEY};"
 		     "echo dnsdb2 server $DNSDB_SERVER;"
 #endif

pdns.h

@@ -67,17 +67,6 @@ struct pdns_system {
 	/* what encapsulation does this system speak? */
 	encap_e		encap;
 
-	/* what's our downgrade path if this system doesn't function
-	 * (respond positively to a probe)?  may be NULL if there is no
-	 * downgrade available.
-	 */
-	const struct pdns_system *  (*next)(void);
-
-	/* to probe if this system reachable and functional. will be
-	 * NULL whenever "next" (see above) is NULL.
-	 */
-	bool		(*probe)(void);
-
 	/* start creating a URL corresponding to a command-path string.
 	 * first argument is the input URL path.
 	 * second is an output parameter pointing to the separator character
@@ -176,7 +165,6 @@ void tuple_unmake(pdns_tuple_t);
 struct counted *countoff(const char *, size_t);
 char *reverse(const char *);
 int data_blob(query_t, const char *, size_t);
-void pdns_probe(void);
 void pick_system(const char *, const char *);
 void read_config(const char *cf);
 

pdns_circl.c

@@ -39,8 +39,7 @@ static char *circl_authinfo = NULL;
 
 static const struct pdns_system circl = {
 	"circl", "https://www.circl.lu/pdns/query", encap_cof,
-	NULL, NULL, circl_url, NULL,
-	circl_auth, circl_status, circl_verb_ok,
+	circl_url, NULL, circl_auth, circl_status, circl_verb_ok,
 	circl_setval, circl_ready, circl_destroy
 };
 

pdns_dnsdb.c

@@ -59,7 +59,6 @@ typedef struct rate_tuple *rate_tuple_t;
 
 /* forwards. */
 
-static bool dnsdb2_probe(void);
 static const char *dnsdb_setval(const char *, const char *);
 static const char *dnsdb_ready(void);
 static void dnsdb_destroy(void);
@@ -85,26 +84,24 @@ static char *dnsdb_base_url = NULL;
 
 static const char dnsdb2_url_prefix[] = "/dnsdb/v2";
 
-static const struct pdns_system dnsdb = {
-	"dnsdb", "https://api.dnsdb.info", encap_cof,
-	NULL, NULL, dnsdb_url, dnsdb_info,
-	dnsdb_auth, dnsdb_status, dnsdb_verb_ok,
+static const struct pdns_system dnsdb1 = {
+	"dnsdb1", "https://api.dnsdb.info", encap_cof,
+	dnsdb_url, dnsdb_info, dnsdb_auth, dnsdb_status, dnsdb_verb_ok,
 	dnsdb_setval, dnsdb_ready, dnsdb_destroy
 };
 
 static const struct pdns_system dnsdb2 = {
 	"dnsdb2", "https://api.dnsdb.info/dnsdb/v2", encap_saf,
-	pdns_dnsdb, dnsdb2_probe, dnsdb_url, dnsdb_info,
-	dnsdb_auth, dnsdb_status, dnsdb_verb_ok,
+	dnsdb_url, dnsdb_info, dnsdb_auth, dnsdb_status, dnsdb_verb_ok,
 	dnsdb_setval, dnsdb_ready, dnsdb_destroy
 };
 
 /*---------------------------------------------------------------- public
  */
 
 pdns_system_ct
-pdns_dnsdb(void) {
-	return &dnsdb;
+pdns_dnsdb1(void) {
+	return &dnsdb1;
 }
 
 pdns_system_ct
@@ -115,52 +112,6 @@ pdns_dnsdb2(void) {
 /*---------------------------------------------------------------- private
  */
 
-static void
-dnsdb2_pingback(writer_t writer) {
-	DEBUG(1, true, "dnsdb2_pingback: %*.*s",
-	      writer->ps_len, writer->ps_len, writer->ps_buf);
-}
-
-/* dnsdb2_probe() -- check that this server understands APIv2
- */
-static bool
-dnsdb2_probe(void) {
-	query_t query = NULL;
-	writer_t writer;
-	fetch_t fetch;
-	bool ret;
-
-	DEBUG(1, true, "dnsdb2_probe()\n");
-
-	/* start a meta_query writer. */
-	writer = writer_init(qparam_empty.output_limit, dnsdb2_pingback, true);
-
-	/* create a rump query. */
-	CREATE(query, sizeof(struct query));
-	query->writer = writer;
-	query->command = strdup("ping");
-	writer->queries = query;
-
-	/* start a ping. */
-	fetch = create_fetch(query,
-			     dnsdb_url(query->command, NULL, &qparam_empty,
-				       &(struct pdns_fence){}, true));
-
-	/* run all jobs to completion. */
-	io_engine(0);
-
-	/* probe success? */
-	ret = (fetch->rcode == HTTP_OK);
-	if (ret) {
-		DEBUG(1, true, "Test shows this is a DNSDB APIv2 endpoint\n");
-	}
-
-	/* stop the writer. */
-	writer_fini(writer);
-
-	return (ret);
-}
-
 /* dnsdb_setval() -- install configuration element
  */
 static const char *

pdns_dnsdb.h

@@ -18,7 +18,7 @@
 #define PDNS_DNSDB_H_INCLUDED 1
 
 #if WANT_PDNS_DNSDB
-pdns_system_ct pdns_dnsdb(void);
+pdns_system_ct pdns_dnsdb1(void);
 pdns_system_ct pdns_dnsdb2(void);
 #endif