Previously, the oob data was just stored and sent to WriteMsgUDP but it
ignores the Src field when writing. Instead, now it is setting the Src
to the original Dst and handling IPv4 IPs over IPv6 correctly.
* Fix $TTL handling
* Error when there is no TTL for an RR
* Fix relative name handling
* Error when a relative name is used without an origin (cf. https://tools.ietf.org/html/rfc1035#section-5.1 )
Fixes#484
When an $INCLUDE was seen the arguments to parseZone where in the wrong
order meaning the filename was used as the `neworigin` instead of the
actual origin we need.
Extend the testcase to check for the full name of the record.
* Fix TSIG bug releated to ID substitution
TSIG accounts for ID substitution. This means if the ID in the DNS
message is changed by for example a forwarder, TSIG calculation should
use the original message ID (from the TSIG RR).
I have a test for this as well, but it seems tsig_test.go has been
removed, so not sure where to put it now.
* Add tests for TSIG bugfix
When the server returns a non succesful rcode, return that to the caller
in stead of the "bad soa" of before. "dns: bad xfr rcode: <RCODE>" is
now returned.
Fixes#467
* limiting domain names to 255/63 octets/labels (#463)
(cherry picked from commit 0b729df06c)
* account for \ and \xxx in presentation format
(cherry picked from commit a094f774892fb4305051d185c2488cb43200c4d9)
* go fmt
* Add tests for UnpackDomainName
Domain names must not exceed 255 octets in wire format.
Ref gh-463
Ref gh-469
* Fix UnpackDomainName
* Introduce a long-domain sentinel error
A typed error would be better, but inconsistent with this library.
cf. https://dave.cheney.net/2016/04/27/dont-just-check-errors-handle-them-gracefully
Quilt is container orchestrator that depends on JavaScript as its
configuration mechanism. It takes advantage of miekg/dns for name
resolution, and thus should be listed in the README.md file.
The response message must copied regardless of whether there was an
error or not, otherwise two concurrent queries may modify the response
as they write it out.
* Generate the compressionHelper functions and fix compression.
This was a long standing TODO: generate the compression helper
functions. This now automatically picks up new names that can be
used for compression.
When packing add names to compression map:
When packing a message we should only compress when compress is true.
But whenever the compression map is not nil we should still add names
to it that can be *used* for future compression. The packing
inadvertently only added those names when compress would be true.
* Removed unused functions
App Engine even though is Linux, does not allow referencing the syscall package. Thus I reorganised
the udp*.go files a little to make this work. As best I can the functionality is unchanged, and all
this continues to compiles on darwin, linux, windows, plan9 and appengine.
Namely:
* Moved all Linux specific code from udp.go into udp_linux.go (e.g setUDPSocketOptions)
* Deleted udp_plan9.go which was almost a copy of udp.go.
* Added build tags to stop appengine using the linux build, and instead using the udp_other.go.
My home router only return 1 byte on the initial tcp read of 2 bytes
for the size of the reply. We should read the other byte as well if this
happen.
With this fix, this:
~~~
% ./q -tcp @192.168.1.1 higgs
;; dns: short read
~~~
becomes:
~~~
% ./q -tcp @192.168.1.1 higgs
;; opcode: QUERY, status: NOERROR, id: 12968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;higgs. IN A
;; ANSWER SECTION:
higgs. 0 IN A 192.168.1.108
;; query time: 10737 µs, server: 192.168.1.1:53(tcp), size: 44 bytes
~~~
* Work around golang/go#11833 predictable random issue.
In certain circumstances crypto/rand.Reader will return non-random
bytes. The most likely case is near boot, and as init is run when
the go program is started, it's possible that a non-random seed
could be used. While this is very unlikely to ever be an issue,
it is a very easy fix and it is preferable to be resilient.
Instead of seeding the global math/rand rng during init, a separate
math/rand.Rand is seeded upon the first call to Id. This also avoids
polluting the global math/rand rng which might be seeded elsewhere.
If crypto/rand.Reader fails, math/rand.Int63 will be called to
provide a seed. This is better than the current fallback to a seed
of 1.
This change introduces no noticeable performance overhead as the
global math/rand rng already uses a sync.Mutex internally.
* Document lack of performance overhead from mutex in `func id()`
* Produce less garbage in dnssec.go.
This change removes several needless append calls.
This is a minor performance improvement and will likely go
entirely unnoticed. The changes will reduce the amount of
garbage produced when calling (*DNSKEY).ToDS, (*RRSIG).Sign
and (*RRSIG).Verify.
* Minor performance improvement in RSA DNSSEC key generation.
This change ensures that (*big.Int).Bytes is only called once in
exponentToBuf because each call has non-zero overhead. It also
makes buf large enough to append without a second allocation.
exponentToBuf is invoked by (*DNSKEY).setPublicKeyRSA which is in
turn invoked by (*DNSKEY).Generate when (*DNSKEY).Algorithm is set
to an RSA* constant.
This is a minor performance improvement that will likely go
entirely unnoticed. The changes will improve the performance and
reduce the ammount of garbage produced when calling
(*DNSKEY).Generate.
* Remove unused bytes.Buffer from dns/idn.encode.
This buffer is truncated and written to but never read from. It
serves no purpose and all tests pass with it removed.
It appears to have been introduced when puncycode.go was first
added in miekg/dns@e3c2c07.
* Produce less pointless garbage.
This change:
- removes several needless []byte -> string conversions,
- removes two needless append calls in HashName, and
- writes the hash to the same nsec3 []byte in HashName rather
than creating a new []byte on each of the k iterations.
These are all minor performance improvements that will likely
go entirely unnoticed. The changes will reduce the ammount of
garbage produced when calling CertificateToDANE, HashName,
(*SIG).Sign and TsigGenerate.