fix: populate ldns submodule and add autotools to LDNS build stage

- Re-cloned zonemaster-ldns with --recurse-submodules so the bundled
  ldns C library source (including Changelog and configure.ac) is present
- Added autoconf, automake, libtool to Dockerfile.backend ldns-build stage
  so libtoolize + autoreconf can generate ldns/configure during make

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-axfr.py

@@ -0,0 +1,30 @@
+#!/usr/bin/python
+# vim:fileencoding=utf-8
+#
+# AXFR client with IDN (Internationalized Domain Names) support
+#
+
+import ldns
+import encodings.idna
+
+def utf2name(name):
+    return '.'.join([encodings.idna.ToASCII(a) for a in name.split('.')])
+def name2utf(name):
+    return '.'.join([encodings.idna.ToUnicode(a) for a in name.split('.')])
+
+resolver = ldnsx.resolver("zone.nic.cz")
+
+#Print results
+for rr in resolver.AXFR(utf2name(u"háčkyčárky.cz")):
+   # rdf = rr.owner()
+   # if (rdf.get_type() == ldns.LDNS_RDF_TYPE_DNAME):
+   #     print "RDF owner: type=",rr.type(),"data=",name2utf(rr.owner())
+   # else:
+   #     print "RDF owner: type=",rdf.get_type_str(),"data=",str(rdf)
+   # print "   RR type=", rr.get_type_str()," ttl=",rr.ttl()
+   # for rdf in rr.rdfs():
+   #     if (rdf.get_type() == ldns.LDNS_RDF_TYPE_DNAME):
+   #         print "   RDF: type=",rdf.get_type_str(),"data=",name2utf(str(rdf))
+   #     else:
+   #         print "   RDF: type=",rdf.get_type_str(),"data=",str(rdf)
+

zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-dnssec.py

@@ -0,0 +1,39 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+import ldnsx
+import sys
+
+debug = True
+
+if len(sys.argv) < 2:
+   print "Usage:", sys.argv[0], "domain [resolver_addr]"
+   sys.exit(1)
+
+name = sys.argv[1]
+
+# Create resolver
+resolver = ldnsx.resolver(dnssec=True)
+
+# Custom resolver
+if len(sys.argv) > 2:
+   # Clear previous nameservers
+   resolver.set_nameservers(sys.argv[2:])
+
+# Resolve DNS name
+pkt = resolver.query(name, "A")
+
+if pkt and pkt.answer():
+
+   # Debug
+   if debug:
+      print "NS returned:", pkt.rcode(), "(AA: %d AD: %d)" % ( "AA" in pkt.flags(), "AD" in pkt.flags() )
+
+   # SERVFAIL indicated bogus name
+   if pkt.rcode() == "SERVFAIL":
+      print name, "failed to resolve"
+
+   # Check AD (Authenticated) bit
+   if pkt.rcode() == "NOERROR":
+      if "AD" in pkt.flags(): print name, "is secure"
+      else:                   print name, "is insecure"
+

zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-mx1.py

@@ -0,0 +1,11 @@
+import ldnsx
+
+resolver = ldnsx.resolver()
+
+pkt = resolver.query("nic.cz", "MX")
+
+if (pkt):
+    mx = pkt.answer()
+    if (mx):
+       mx.sort()
+       print mx

zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-mx2.py

@@ -0,0 +1,17 @@
+#!/usr/bin/python
+#
+# MX is a small program that prints out the mx records for a particular domain
+#
+import ldnsx
+
+resolver = ldnsx.resolver()
+
+pkt = resolver.query("nic.cz", "MX")
+if pkt:
+    for rr in pkt.answer(rr_type = "MX"):
+        rdf = rr.owner()
+        print rr
+		#Could also do:
+		#print rr[0], rr[1], rr[2], rr[3], " ".join(rr[4:])
+		#print rr.owner(), rr.ttl(), rr.rr_clas(), rr.rr_type(), " ".join(rr[4:])
+

zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-walk.py

@@ -0,0 +1,25 @@
+#!/usr/bin/python
+# vim:fileencoding=utf-8
+#
+# Walk a domain that's using NSEC and print in zonefile format.
+
+import sys
+import ldnsx
+
+def walk(domain):
+        res = ldnsx.resolver("193.110.157.136", dnssec=True)
+        pkt = res.query(domain, 666)
+        try:
+                nsec_rr = pkt.authority(rr_type="NSEC")[0]
+        except:
+                print "no NSEC found, domain is not signed or using NSEC3"
+                sys.exit()
+        for rr_type in nsec_rr[5].split(' ')[:-1]:
+                for rr in ldnsx.get_rrs(domain, rr_type):
+                        print str(rr)[:-1]
+        next_rec = nsec_rr[4]
+        if (next_rec != domain) and (next_rec[-len(domain):] == domain):
+                walk(next_rec)
+
+walk("xelerance.com")
+