Improve DNS diagnostics

This set of changes should make debugging kresd easier. The part with verbose logging is a bit hacky but we need to get things moving quickly to enable diagnosing problems with Google services.

diagnostics/modules/dns.module

@@ -4,31 +4,78 @@ help="
 gather dns related informations
 "
 
+run_prefix () {
+	echo "Attempting to resolve ${1}"
+}
+
+run_dig () {
+	run_prefix "${1}"
+	dig @127.0.0.1 +dnssec "${1}"
+}
+
+run_nslookup () {
+	run_prefix "${1}"
+	nslookup "${1}" 127.0.0.1
+}
+
+run_kresd_command () {
+	KRESD_TTY="$(uci get resolver.kresd.rundir)/tty/$(pidof kresd)"
+	echo "${1}" | socat - "unix-connect:${KRESD_TTY}"
+}
+
 run () {
+	# dig has richer output format
+	which dig &> /dev/null
+	if [ "$?" -eq 0 ]
+	then
+		QTOOL="dig"
+	else
+		QTOOL="nslookup"
+	fi
+
 	# resolver config
 	uci -q show resolver
-	uci -q show unbound
-	uci -q show kresd
 	echo
 
-	# root key
-	ls -al /etc/root.keys
-	md5sum /etc/root.keys
-	ls -al /etc/unbound/root.key
-	md5sum /etc/unbound/root.key
+	echo "== resolv.conf* =="
+	grep -H '' /etc/resolv.conf* /tmp/resolv.conf*
+
+	echo "== DNSSEC root key file =="
+	ROOTKEYFILE=$(uci get resolver.common.keyfile)
+	ls -al "${ROOTKEYFILE}"
+	md5sum "${ROOTKEYFILE}"
+	grep -H '' "${ROOTKEYFILE}"
 	echo
 
-	grep -H '' /etc/resolv.conf*
-
-	# try to resolve some server
-	nslookup api.turris.cz 127.0.0.1  # should pass
-	nslookup www.rhybar.cz 127.0.0.1  # should fail
-	nslookup *.wilda.rhybar.0skar.cz 127.0.0.1  # should fail
-	nslookup *.wilda.nsec.0skar.cz 127.0.0.1  # should pass
-	nslookup *.wild.nsec.0skar.cz 127.0.0.1  # should pass
-	nslookup *.wilda.0skar.cz 127.0.0.1  # should pass
-	nslookup *.wild.0skar.cz 127.0.0.1  # should pass
-	nslookup www.wilda.nsec.0skar.cz 127.0.0.1  # should pass
-	nslookup www.wilda.0skar.cz 127.0.0.1  # should pass
-	nslookup *.wilda.rhybar.ecdsa.0skar.cz 127.0.0.1  # should fail
+	echo "== resolver process =="
+	RESOLVER="$(uci get resolver.common.prefered_resolver)"
+	ps w | grep ${RESOLVER}
+
+	if [ "${RESOLVER}" == "kresd" ]
+	then
+		echo "== configured trust anchors =="
+		run_kresd_command "trust_anchors"
+
+		echo "== enable verbose logging (reboot to disable it) =="
+		run_kresd_command "verbose(true)"
+	fi
+
+	echo "== resolution attempts =="
+	run_${QTOOL} api.turris.cz  # should pass
+	run_${QTOOL} www.google.com  # should pass
+	run_${QTOOL} www.facebook.com  # should pass
+	run_${QTOOL} www.youtube.com  # should pass
+
+	run_${QTOOL} www.rhybar.cz  # should fail
+	run_${QTOOL} *.wilda.rhybar.0skar.cz  # should fail
+	run_${QTOOL} *.wilda.nsec.0skar.cz  # should pass
+	run_${QTOOL} *.wild.nsec.0skar.cz  # should pass
+	run_${QTOOL} *.wilda.0skar.cz  # should pass
+	run_${QTOOL} *.wild.0skar.cz  # should pass
+	run_${QTOOL} www.wilda.nsec.0skar.cz  # should pass
+	run_${QTOOL} www.wilda.0skar.cz  # should pass
+	run_${QTOOL} *.wilda.rhybar.ecdsa.0skar.cz  # should fail
+
+	echo "== ${RESOLVER} /var/log/messages =="
+	grep -H "${RESOLVER}" /var/log/messages
 }