From 99c447f9f6cffb8b265870714a3dcfe7370667c8 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Fri, 17 Nov 2017 14:17:47 +0100 Subject: [PATCH] TSIG name must be presented in canonical form (#574) * TSIG name must be presented in canonical form Update the documentation to make clear that the zonename in the TsigSecret map must be in canonical form. * Reference RFC 4034 for canonical form --- client.go | 4 ++-- server.go | 2 +- xfr.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/client.go b/client.go index 0914482a..2c515885 100644 --- a/client.go +++ b/client.go @@ -20,7 +20,7 @@ const tcpIdleTimeout time.Duration = 8 * time.Second type Conn struct { net.Conn // a net.Conn holding the connection UDPSize uint16 // minimum receive buffer for UDP messages - TsigSecret map[string]string // secret(s) for Tsig map[], zonename must be fully qualified + TsigSecret map[string]string // secret(s) for Tsig map[], zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2) rtt time.Duration t time.Time tsigRequestMAC string @@ -39,7 +39,7 @@ type Client struct { DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds, or net.Dialer.Timeout if expiring earlier - overridden by Timeout when that value is non-zero ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero - TsigSecret map[string]string // secret(s) for Tsig map[], zonename must be fully qualified + TsigSecret map[string]string // secret(s) for Tsig map[], zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2) SingleInflight bool // if true suppress multiple outstanding queries for the same Qname, Qtype and Qclass group singleflight } diff --git a/server.go b/server.go index ee7e256f..136a9a1c 100644 --- a/server.go +++ b/server.go @@ -285,7 +285,7 @@ type Server struct { WriteTimeout time.Duration // TCP idle timeout for multiple queries, if nil, defaults to 8 * time.Second (RFC 5966). IdleTimeout func() time.Duration - // Secret(s) for Tsig map[]. + // Secret(s) for Tsig map[]. The zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2). TsigSecret map[string]string // Unsafe instructs the server to disregard any sanity checks and directly hand the message to // the handler. It will specifically not check if the query has the QR bit not set. diff --git a/xfr.go b/xfr.go index 2e892ea3..5d0ff5c8 100644 --- a/xfr.go +++ b/xfr.go @@ -17,7 +17,7 @@ type Transfer struct { DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds - TsigSecret map[string]string // Secret(s) for Tsig map[], zonename must be fully qualified + TsigSecret map[string]string // Secret(s) for Tsig map[], zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2) tsigTimersOnly bool }