* limiting domain names to 255/63 octets/labels (#463)
(cherry picked from commit 0b729df06c)
* account for \ and \xxx in presentation format
(cherry picked from commit a094f774892fb4305051d185c2488cb43200c4d9)
* go fmt
* Add tests for UnpackDomainName
Domain names must not exceed 255 octets in wire format.
Ref gh-463
Ref gh-469
* Fix UnpackDomainName
* Introduce a long-domain sentinel error
A typed error would be better, but inconsistent with this library.
cf. https://dave.cheney.net/2016/04/27/dont-just-check-errors-handle-them-gracefully
Quilt is container orchestrator that depends on JavaScript as its
configuration mechanism. It takes advantage of miekg/dns for name
resolution, and thus should be listed in the README.md file.
The response message must copied regardless of whether there was an
error or not, otherwise two concurrent queries may modify the response
as they write it out.
* Generate the compressionHelper functions and fix compression.
This was a long standing TODO: generate the compression helper
functions. This now automatically picks up new names that can be
used for compression.
When packing add names to compression map:
When packing a message we should only compress when compress is true.
But whenever the compression map is not nil we should still add names
to it that can be *used* for future compression. The packing
inadvertently only added those names when compress would be true.
* Removed unused functions
App Engine even though is Linux, does not allow referencing the syscall package. Thus I reorganised
the udp*.go files a little to make this work. As best I can the functionality is unchanged, and all
this continues to compiles on darwin, linux, windows, plan9 and appengine.
Namely:
* Moved all Linux specific code from udp.go into udp_linux.go (e.g setUDPSocketOptions)
* Deleted udp_plan9.go which was almost a copy of udp.go.
* Added build tags to stop appengine using the linux build, and instead using the udp_other.go.
My home router only return 1 byte on the initial tcp read of 2 bytes
for the size of the reply. We should read the other byte as well if this
happen.
With this fix, this:
~~~
% ./q -tcp @192.168.1.1 higgs
;; dns: short read
~~~
becomes:
~~~
% ./q -tcp @192.168.1.1 higgs
;; opcode: QUERY, status: NOERROR, id: 12968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;higgs. IN A
;; ANSWER SECTION:
higgs. 0 IN A 192.168.1.108
;; query time: 10737 µs, server: 192.168.1.1:53(tcp), size: 44 bytes
~~~
* Work around golang/go#11833 predictable random issue.
In certain circumstances crypto/rand.Reader will return non-random
bytes. The most likely case is near boot, and as init is run when
the go program is started, it's possible that a non-random seed
could be used. While this is very unlikely to ever be an issue,
it is a very easy fix and it is preferable to be resilient.
Instead of seeding the global math/rand rng during init, a separate
math/rand.Rand is seeded upon the first call to Id. This also avoids
polluting the global math/rand rng which might be seeded elsewhere.
If crypto/rand.Reader fails, math/rand.Int63 will be called to
provide a seed. This is better than the current fallback to a seed
of 1.
This change introduces no noticeable performance overhead as the
global math/rand rng already uses a sync.Mutex internally.
* Document lack of performance overhead from mutex in `func id()`
* Produce less garbage in dnssec.go.
This change removes several needless append calls.
This is a minor performance improvement and will likely go
entirely unnoticed. The changes will reduce the amount of
garbage produced when calling (*DNSKEY).ToDS, (*RRSIG).Sign
and (*RRSIG).Verify.
* Minor performance improvement in RSA DNSSEC key generation.
This change ensures that (*big.Int).Bytes is only called once in
exponentToBuf because each call has non-zero overhead. It also
makes buf large enough to append without a second allocation.
exponentToBuf is invoked by (*DNSKEY).setPublicKeyRSA which is in
turn invoked by (*DNSKEY).Generate when (*DNSKEY).Algorithm is set
to an RSA* constant.
This is a minor performance improvement that will likely go
entirely unnoticed. The changes will improve the performance and
reduce the ammount of garbage produced when calling
(*DNSKEY).Generate.
* Remove unused bytes.Buffer from dns/idn.encode.
This buffer is truncated and written to but never read from. It
serves no purpose and all tests pass with it removed.
It appears to have been introduced when puncycode.go was first
added in miekg/dns@e3c2c07.
* Produce less pointless garbage.
This change:
- removes several needless []byte -> string conversions,
- removes two needless append calls in HashName, and
- writes the hash to the same nsec3 []byte in HashName rather
than creating a new []byte on each of the k iterations.
These are all minor performance improvements that will likely
go entirely unnoticed. The changes will reduce the ammount of
garbage produced when calling CertificateToDANE, HashName,
(*SIG).Sign and TsigGenerate.
* adds tests for shutdown bind port
* closes file descriptors in for udp on linux
* adds sleep after shutdown in test
* minimizes defer usages
* reduces sleep time
* replaces sleep with notify channel
after starting DNS server
In the switch statement srv.Net is matched for tcp6-tls but
then compared against tcp6 within the case statement. This
causes tcp6-tls to be equivalent to tcp-tls and not specific
to tcp6. The `network = "tcp6"` line was previously unreachable.
This change corrects this and ensures tcp6-tls listens on IPv6
only.
* Test for proper parsing of whitespace-separated (TXT) character-strings
* Properly parse whitespace-separated (TXT) character-strings
* Remove non-RFC treatment of backslash sequences in character-strings
Fixes gh-420
* For tests, remove non-RFC treatment of backslashes in domain names
1) Refactoring of tlsa.go
- moved routine to create the certificate rdata to its own go module
as this is shared between TLSA and SMIMEA records
2) Added support for creating an SMIMEA domain name
3) Developed in accordance with draft-ietf-dane-smime-12 RFC
Miek,
Submitting for your review. Happy to make any recommended changes or
address omissions.
Lightly tested against our internal DNS service which hosts DANE
SMIMEA records for our email certificates.
Parse tests are added.
* Function to clear the DO bit from an OPT RR.
* Tests for ClearDo() function.
* Changed from ClearDo() to SetDo() with an optional argument.
* Update doc string for SetDo(). Make tests for SetDo() comprehensive.
Roland Bracewell Shoemaker
Piper Chester
Miek Gieben
saurori
Richard Gibson
Tom Limoncelli
andrewtj
Julius Rickert
Jon Nappi
Michael
Yongcheng Bao
Ethan J. Jackson
Olafur Gudmundsson
devnev
Curtis Brandt
James Hartig
Andrew Brampton
Tom Thorogood
Matthijs Mekking
Julian K
fnevesbr
Diep Pham
Santhosh Manohar
ayanamist
Marcus Grando
Bilal Amarni
Shane Kerr
Faraz Fallahi
Preet Bhinder
Mehrdad Arshad Rad
S.Çağlar Onur
Pavel Odintsov