DNSKEY support

[Habbie]

I did some very rough work to verify that the DNSKEYs for the root zone and the TLDs are not affected. Unless I made a mistake in my testing, none of them are affected.

It might be nice to add DNSKEY support to roca directly - however I do not have time to work on this right now, so I'm leaving the rough work here in case some enterprising soul wants to pick it up. I suggest labeling this issue with #hacktoberfest.

Script: https://gist.github.com/Habbie/23ef81ac9c4fed95720fe1970adddf23

Usage:

$ dig dnskey powerdns.com | grep DNSKEY | grep -v '^;' | ./convert-dnskey.py  > powerdns.out
awk '{print $1}' < powerdns.out > powerdns.out.txt
python roca/detect.py  powerdns.out.txt

Then, if detect actually detects anything, grep for the modulus in powerdns.out to find the affected DNSKEY.

[ph4r05]

thanks for suggestion! will check that

[Habbie]

The script+twoliner above has now been verified to indeed recognize a vulnerable key.

[ph4r05]

Thanks for the check. I am also a bit busy now so I won't get to that.

One option is to add this twoliner check to the README.

Another option is to create a new detection file, add it to entry_points in setup.py according to the contribution guidelines.