Rework run.sh + Add retries

Author: jakobod

run.sh

@@ -7,10 +7,12 @@ fi
 
 file="datasets/alexa-top1m-2021-01-04_0900_UTC.csv"
 num_files=$1
+((num_processes=num_files-1))
 total_lines=$(wc -l <$file)
 ((lines_per_file = (total_lines + num_files - 1) / num_files))
 
 echo "Lines per file = ${lines_per_file}"
+echo "Number of processes = ${num_processes}"
 
 if [[ "$(uname)" == "Darwin" ]]; then
   # On macos the split command is prefixed with a 'g'
@@ -20,12 +22,14 @@ else
 fi
 
 pids=()
-for i in {0000..$num_files}; do
+for i in {0000..$num_processes}; do
   current_input="datasets/domains.${i}"
   current_output="output/results_${i}.json"
   probing --input ${current_input} --output ${current_output} &
   pids+=($!)
+  printf "$! "
 done;
+echo ""
 
 # wait for all pids
 for pid in ${pids[*]}; do

src/dnssec/evaluation/evaluation.py

@@ -6,6 +6,7 @@
 import argparse
 from dnssec.probing.datatypes import ValidationResult
 from enum import Enum
+import matplotlib.pyplot as plt
 
 
 class EvalState(Enum):
@@ -14,6 +15,43 @@ class EvalState(Enum):
   FLAPPING = 2,
 
 
+def plot_or_show(output_path):
+  if output_path:
+    if output_path[-1] != '/':
+      output_path += '/'
+    plt.savefig(output_path + 'dnssec_deployment.pdf',
+                bbox_inches='tight')
+  else:
+    plt.show()
+
+
+def plot_errors(dataframe, output_path):
+  error_df = dataframe.groupby('reason')
+  print(error_df.get_group(()))
+  # count_df = validation_res_df.groupby('result', as_index=False).count()
+  # count_df = count_df.drop(['reason'], axis=1)
+  # count_df.columns = ['result', 'count']
+  # count_df.sort_values(by='count', inplace=True, ascending=False)
+  # print(count_df)
+  # plot_or_show(output_path)
+
+
+def plot_deployment(validation_res_df, output_path):
+  count_df = validation_res_df.groupby('result', as_index=False).count()
+  count_df = count_df.drop(['reason'], axis=1)
+  count_df.columns = ['result', 'count']
+  count_df.sort_values(by='count', inplace=True, ascending=False)
+  print(count_df)
+
+  plt.bar(x=count_df['result'], height=count_df['count'])
+  plt.xlabel('Result')
+  plt.ylabel('Count [#]')
+  plt.title('Results of DNSSEC validation', loc='left')
+  plt.gcf().set_size_inches(12, 5)
+
+  plot_or_show(output_path)
+
+
 def is_flapping(zone_infos):
   state = EvalState.UNBROKEN
   for zone_info in zone_infos:
@@ -29,33 +67,36 @@ def deployed_keys(zone_infos):
   for i, zone_info in enumerate(zone_infos):
     if zone_info['num_ksk'] != 0 and zone_info['num_zsk'] == 0:
       zones.append(zone_info['name'])
-  # if len(zones) != 0:
-  #   return None
   return zones
 
 
 def to_csv(args):
-  weird_dnssec_deployment = set()
+  only_ksks = set()
   with open(args.input, 'r') as json_file:
     lst = []
     t1 = time.time()
     for i, line in enumerate(json_file):
       dct = json.loads(line)
       zones = dct['zones']
       flapping = is_flapping(zones)
+      only_ksks.update(deployed_keys(zones))
 
-      #
-      weird_dnssec_deployment.update(deployed_keys(zones))
-      # lst.append([dct['name'], dct['validation_state'], dct['reason']])
+      lst.append([dct['name'], dct['validation_state'], dct['reason']])
 
       # if i > 10:
       #   break
+      # break
 
       # df = pd.DataFrame(lst,
       #                   columns=['name', 'result', 'reason'])
+
+    df = pd.DataFrame(lst,
+                      columns=['name', 'result', 'reason'])
+    plot_deployment(df, args.output_path)
+    plot_errors(df, args.output_path)
     t2 = time.time()
     print(t2-t1, 's')
-    print(len(weird_dnssec_deployment), 'zones deploy dnssec only using KSKs')
+    print(len(only_ksks), 'zones deploy dnssec only using KSKs')
 
 
 def main():

src/dnssec/probing/datatypes.py

@@ -86,7 +86,7 @@ def from_dict(self, dct):
     self.valid_soa = dct['valid_soa']
     self.num_ksk = dct['num_ksk']
     self.num_zsk = dct['num_zsk']
-    self.key_algos = dct['key_algos']
+    # self.key_algos = dct['key_algos']
     self.validated = dct['validated']
     return self
 

src/dnssec/probing/dnssec.py

@@ -40,7 +40,7 @@ def is_valid_zone(zone):
   # Has not been checked before. Check it!
   soa = query(zone, dns.rdatatype.SOA)
   if soa.rrset is None:
-    raise RessourceMissingError(f'{zone} - SOA')
+    raise RessourceMissingError(f'SOA')
   exists = soa.rrset.name.to_text() == zone
   if exists:
     existing_zones[zone] = soa
@@ -86,16 +86,19 @@ def get_all_from(response, rd_type, covers=dns.rdatatype.TYPE0):
 def raw_query(zone, record_type, ns_addr='8.8.8.8'):
   request = dns.message.make_query(
       zone, record_type, want_dnssec=True)
-  try:
-    response, _ = dns.query.udp_with_fallback(
-        request, ns_addr, timeout=3)
-  except dns.exception.Timeout:
-    raise TimeoutError(
-        f'{dns.rdatatype.to_text(record_type)}@{zone}')
-  if response.rcode() != 0:
-    raise QueryError(
-        f'{dns.rdatatype.to_text(record_type)}@{zone}: {dns.rcode.to_text(response.rcode())}')
-  return response
+  for _ in range(3):  # Retry maximum 3 times
+    timeout = False
+    try:
+      response, _ = dns.query.udp_with_fallback(
+          request, ns_addr, timeout=3)
+    except dns.exception.Timeout:
+      continue
+    if response.rcode() != 0:
+      raise QueryError(
+          f'{dns.rdatatype.to_text(record_type)}: {dns.rcode.to_text(response.rcode())}')
+    return response
+  # this should only happen if the timeout happened 3 times!
+  raise TimeoutError(f'{dns.rdatatype.to_text(record_type)}')
 
 
 def query(zone, record_type, ns_addr='8.8.8.8'):
@@ -205,7 +208,7 @@ def validate_root_zone():
   ns = '198.41.0.4'  # IP of a.root-servers.net. This doesn't have to be validated!
   dnskey = query('.', dns.rdatatype.DNSKEY, ns)
   if dnskey.rrset is None:
-    raise RessourceMissingError('. - DNSKEY')
+    raise RessourceMissingError('DNSKEY')
   zone = Zone('.', dnskey, ns, None, None)
 
   # Validate
@@ -230,7 +233,7 @@ def validate_zone(zone, parent_zone):
   try:
     ns_addr = query(zone.soa.rrset[0].mname.to_text(), dns.rdatatype.A)
     if ns_addr.rrset is None:
-      raise RessourceMissingError(f'{zone.name} - NS A record')
+      raise RessourceMissingError(f'NS A')
     zone.ns = ns_addr.rrset[0].to_text()
     ds, nsec_type = query_DS(zone, parent_zone)
     zone.dnskey = query(zone.name, dns.rdatatype.DNSKEY, zone.ns)