Quilt is container orchestrator that depends on JavaScript as its
configuration mechanism. It takes advantage of miekg/dns for name
resolution, and thus should be listed in the README.md file.
The response message must copied regardless of whether there was an
error or not, otherwise two concurrent queries may modify the response
as they write it out.
* Generate the compressionHelper functions and fix compression.
This was a long standing TODO: generate the compression helper
functions. This now automatically picks up new names that can be
used for compression.
When packing add names to compression map:
When packing a message we should only compress when compress is true.
But whenever the compression map is not nil we should still add names
to it that can be *used* for future compression. The packing
inadvertently only added those names when compress would be true.
* Removed unused functions
App Engine even though is Linux, does not allow referencing the syscall package. Thus I reorganised
the udp*.go files a little to make this work. As best I can the functionality is unchanged, and all
this continues to compiles on darwin, linux, windows, plan9 and appengine.
Namely:
* Moved all Linux specific code from udp.go into udp_linux.go (e.g setUDPSocketOptions)
* Deleted udp_plan9.go which was almost a copy of udp.go.
* Added build tags to stop appengine using the linux build, and instead using the udp_other.go.
My home router only return 1 byte on the initial tcp read of 2 bytes
for the size of the reply. We should read the other byte as well if this
happen.
With this fix, this:
~~~
% ./q -tcp @192.168.1.1 higgs
;; dns: short read
~~~
becomes:
~~~
% ./q -tcp @192.168.1.1 higgs
;; opcode: QUERY, status: NOERROR, id: 12968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;higgs. IN A
;; ANSWER SECTION:
higgs. 0 IN A 192.168.1.108
;; query time: 10737 µs, server: 192.168.1.1:53(tcp), size: 44 bytes
~~~
* Work around golang/go#11833 predictable random issue.
In certain circumstances crypto/rand.Reader will return non-random
bytes. The most likely case is near boot, and as init is run when
the go program is started, it's possible that a non-random seed
could be used. While this is very unlikely to ever be an issue,
it is a very easy fix and it is preferable to be resilient.
Instead of seeding the global math/rand rng during init, a separate
math/rand.Rand is seeded upon the first call to Id. This also avoids
polluting the global math/rand rng which might be seeded elsewhere.
If crypto/rand.Reader fails, math/rand.Int63 will be called to
provide a seed. This is better than the current fallback to a seed
of 1.
This change introduces no noticeable performance overhead as the
global math/rand rng already uses a sync.Mutex internally.
* Document lack of performance overhead from mutex in `func id()`
* Produce less garbage in dnssec.go.
This change removes several needless append calls.
This is a minor performance improvement and will likely go
entirely unnoticed. The changes will reduce the amount of
garbage produced when calling (*DNSKEY).ToDS, (*RRSIG).Sign
and (*RRSIG).Verify.
* Minor performance improvement in RSA DNSSEC key generation.
This change ensures that (*big.Int).Bytes is only called once in
exponentToBuf because each call has non-zero overhead. It also
makes buf large enough to append without a second allocation.
exponentToBuf is invoked by (*DNSKEY).setPublicKeyRSA which is in
turn invoked by (*DNSKEY).Generate when (*DNSKEY).Algorithm is set
to an RSA* constant.
This is a minor performance improvement that will likely go
entirely unnoticed. The changes will improve the performance and
reduce the ammount of garbage produced when calling
(*DNSKEY).Generate.
* Remove unused bytes.Buffer from dns/idn.encode.
This buffer is truncated and written to but never read from. It
serves no purpose and all tests pass with it removed.
It appears to have been introduced when puncycode.go was first
added in miekg/dns@e3c2c07.
* Produce less pointless garbage.
This change:
- removes several needless []byte -> string conversions,
- removes two needless append calls in HashName, and
- writes the hash to the same nsec3 []byte in HashName rather
than creating a new []byte on each of the k iterations.
These are all minor performance improvements that will likely
go entirely unnoticed. The changes will reduce the ammount of
garbage produced when calling CertificateToDANE, HashName,
(*SIG).Sign and TsigGenerate.
* adds tests for shutdown bind port
* closes file descriptors in for udp on linux
* adds sleep after shutdown in test
* minimizes defer usages
* reduces sleep time
* replaces sleep with notify channel
after starting DNS server
In the switch statement srv.Net is matched for tcp6-tls but
then compared against tcp6 within the case statement. This
causes tcp6-tls to be equivalent to tcp-tls and not specific
to tcp6. The `network = "tcp6"` line was previously unreachable.
This change corrects this and ensures tcp6-tls listens on IPv6
only.
* Test for proper parsing of whitespace-separated (TXT) character-strings
* Properly parse whitespace-separated (TXT) character-strings
* Remove non-RFC treatment of backslash sequences in character-strings
Fixes gh-420
* For tests, remove non-RFC treatment of backslashes in domain names
1) Refactoring of tlsa.go
- moved routine to create the certificate rdata to its own go module
as this is shared between TLSA and SMIMEA records
2) Added support for creating an SMIMEA domain name
3) Developed in accordance with draft-ietf-dane-smime-12 RFC
Miek,
Submitting for your review. Happy to make any recommended changes or
address omissions.
Lightly tested against our internal DNS service which hosts DANE
SMIMEA records for our email certificates.
Parse tests are added.
* Function to clear the DO bit from an OPT RR.
* Tests for ClearDo() function.
* Changed from ClearDo() to SetDo() with an optional argument.
* Update doc string for SetDo(). Make tests for SetDo() comprehensive.
When removing the reflection we inadvertely also removed the code for
handling empty salt values in NSEC3 and NSEC3PARAM. These are somewhat
annoying because the text representation is '-', which is not valid hex.
* Cleanup and removals
Gut rawmsg.go as most functions are not used. Reword some documentation.
Add more types to be checked for name compression.
* Yeah, we do use these
* Remove this function as well - only used one
Update the size-xxx-member tags to point to another field in the struct
that should be used for the length in that field. Fix NSEC3/HIP and TSIG
to use to this and generate the correct pack/unpack functions for them.
Remove IPSECKEY from the lib and handle it as an unknown record - it is
such a horrible RR, needed kludges before - now just handle it as an
unknown RR.
All types now use generated pack and unpack functions. The blacklist is
removed.
Make the reflection types a black list (these types use (or should use)
the tag 'size-xxx' in their struct definition.s
HIP, IPSECKEY, NSEC3, TSIG
All other types don't use reflection anymore.
* Return a pointer to the header when there is no rdata, this restores old
behavior. The rest of the conversion mostly hangs on getting size-hex
right, but then packStruct and packStructValue and the unpack variant
can be killed.
* Generate pack and unpack for all embedded types as well.
* Fix PrivateRRs, register an unpack function as well, when you register
a new PrivateRR.
* Add the tag octet, nsec, []domains and more to msg_helper.go
* Make the error variable always named err.
Sometimes the error variable was named 'err' sometimes 'e'. Sometimes
'e' refered to an EDNS or string and not an error type.
* Use t.Errorf instead of t.Logf & t.Fail.