One of the test from DNS Compliance testing validates that if the opcode
is not supported, a NOTIMPL rcode is returned.
e0884144dd/genreport.c (L293)
This diff makes the default acceptfunc support this case and reply with
NOTIMPL instead of FORMERR.
* Merge setRR into ZoneParser.Next
* Remove file argument from RR.parse
This was only used to fill in the ParseError file field. Instead we now
fill in that field in ZoneParser.Next.
* Move dynamic update check out of RR.parse
This consolidates all the dynamic update checks into one place.
* Check for unexpected newline before parsing RR data
* Move rr.parse call into if-statement
* Allow dynamic updates for TKEY and RFC3597 records
* Document that ParseError file field is unset from parse
* Inline allowDynamicUpdate into ZoneParser.Next
* Improve and simplify TestUnexpectedNewline
Both NSEC and NSEC3 use the same logic to pack the bitmap.
CSYNC.pack also appear to make use of `packDataNsec` so I am giving it
the same treatment by moving the logic in a helper function and making
all those types `len` call use that function.
This follows BIND9 and removed support for the DSA family of algorithms.
Any DNSSEC implementation should consider those zones using it,
insecure.
Signed-off-by: Miek Gieben <miek@miek.nl>
This removes RSAMD5 as an algorithm you can use. BIND also has
deprecated *all* DSA algos which is more involved can removes more
helper codes as well, so that should be done in a new PR.
See #968
Signed-off-by: Miek Gieben <miek@miek.nl>
The byte sequence, when Unpack()-ed and subsequential Pack()-ed created a
panic: runtime error: slice bounds out of range
github.com/miekg/dns.(*Msg).packBufferWithCompressionMap(0xc0000d4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x14, 0x14e80b, 0xbf2d4654d501a3c8, ...)
/Users/chantra/go/src/github.com/miekg/dns/msg.go:868 +0x13a8
Confirmed that Unpacking/Repacking payload described in TestCrashNSEC
did not raise a slice bound out of range panic, added unittests which
failed prior to this change.
```
go test -run TestCrashNSEC
--- FAIL: TestCrashNSEC (0.00s)
types_test.go:135: expected length of 19, got 12
FAIL
exit status 1
FAIL github.com/miekg/dns 0.067s
```
* Call SetTsig() Msg `r` if q.IsTsig() != nil to enable TSIG on AXFR.
* Add tests for xfr.go
* Fix data race condition setting server.TsigSecret
* Test cleanup: xfr_test.go
* Xfr Test cleanup: use exported `IsDuplicate()`, len(xfrTestData)
The function is called Truncate, not Scrub (that was the old name).
Updated the function's documentation to rename this.
Signed-off-by: Miek Gieben <miek@miek.nl>
Previously it was possible for two different questions to hit the same
single in flight entry if the type or class isn't in the relevant
XToString map. This could happen for a proxy server or similar.
* Add a message truncation implementation
* Remove OPT if-statement at end of Scrub
* Impose RFC 6891 payload size limit in Scrub
* Remove *Msg receiver from truncateLoop
* Remove OPT record creation from Scrub
* Test that TestRequestScrubAnswerExact has correct record count
* Rename (*Msg).Scrub to Truncate
This better reflects it's purpose.
* Remove comment reference to scrubbing in Truncate
* Properly calculate the length of OPT record in Truncate
* Correct comment in IsEdns0 in regards to RFC 6891
* Handle the OPT record being anywhere in Truncate
* Slight cleanup of Msg.Truncate
* Use for range loops instead of manual loops
* Use for range loop in Msg.CopyTo
This is a separate commit as the change is slightly more than just
switching the loop style.
* Use for range loop in DNSKEY.publicKeyRSA
* Add explen comment to DNSKEY.publicKeyRSA
* Add checks on data length for A and AAAA records
Fixes panic when parsing A or AAAA records with no data
* Add tests Field() on empty A/AAAA data
* Refactor format test
* Add return value check on format test
* Simplify Server.readTCP
This slightly alters the error behaviour, but it should not be
observable outside of a decorated reader. I don't believe the old
behaviour was either obvious, documented or correct.
* Simplify TCP reading in client Conn
This alters the error behaviour in possibly observable ways, though
this is quite subtle and may not actually be readily observable.
Conn.ReadMsgHeader should behave the same way and still returns
ErrShortRead for length being too short.
Conn.Read will no longer return ErrShortRead if the length == 0,
otherwise it should be largely similar.
* Remove redundant error check in Conn.ReadMsgHeader
* ZoneParser: error on parsing an IPv6 address in an A record
And vice versa for IPv4 with AAAA.
The implementation of isIPv6 is inspired by e341bae08d/src/net/ip.go (L678-L681) .
* Fix benchmarks that try to use ::1 as A record.
* Test A/AAAA parsing via NewRR rather than zone parser.
* Document why we distinguish IPv4 vs IPv6 via existence of ":".
Miek Gieben
Tiago Ilieve
Tom Thorogood
chantra
Frank Olbricht
Yaroslav Kolomiiets
Pepijnvi
Nick McKinney
Christoffer Fjellström
Tom F
JINMEI Tatuya