* Bump go versions in .github/workflows/go.yml
These are very out of date and it's causing persistent failures in the
fuzz CI step.
* Remove GOPATH=$GOROOT assignment
go1.16 shows a warning:
"warning: GOPATH set to GOROOT (/opt/hostedtoolcache/go/1.16.0/x64) has no effect"
* Send DNS query in one packet when using TCP/TLS
* fix review comments
* Removed net.Buffers
* Added unit-tests for writing messages over TCP in one go
* Update Truncate doc with compress behaviour
This is a documentation update to highlight the behaviour of Truncate, which will reset dns.Compress to false when the message fits in the requested size without truncation, and make it the caller responsibility to set it back to true if they wish to compress, regardless of fitting, uncompressed, in the requested message size in the first place or not.
Fixes#1216
* address comments
* d/Note that/
* s/reset/set/
* s/caller/caller's/
* removed backticks
* regardless of size
* Set Rdlength in fromRFC3597
This was a bug found by oss-fuzz. My bad (#1211).
* Limit maximum length of Rdata in (*RFC3597).parse
RDATA must be a 16-bit unsigned integer.
* Validate Rdlength and off in UnpackRRWithHeader
* Revert "Validate Rdlength and off in UnpackRRWithHeader"
This reverts commit 2f6a8811b944b100af7605e53a6fb164944a6d65.
* Use hex.DecodedLen in (*RFC3597).fromRFC3597
While this isn't done elsewhere, it is clearer and more obvious.
* Support parsing known RR types in RFC 3597 format
This is the format used for "Unknown DNS Resource Records", but it's
also useful to support parsing known RR types in this way.
RFC 3597 says:
An implementation MAY also choose to represent some RRs of known type
using the above generic representations for the type, class and/or
RDATA, which carries the benefit of making the resulting master file
portable to servers where these types are unknown. Using the generic
representation for the RDATA of an RR of known type can also be
useful in the case of an RR type where the text format varies
depending on a version, protocol, or similar field (or several)
embedded in the RDATA when such a field has a value for which no text
format is known, e.g., a LOC RR [RFC1876] with a VERSION other than
0.
Even though an RR of known type represented in the \# format is
effectively treated as an unknown type for the purpose of parsing the
RDATA text representation, all further processing by the server MUST
treat it as a known type and take into account any applicable type-
specific rules regarding compression, canonicalization, etc.
* Correct mistakes in TestZoneParserAddressAAAA
This was spotted when writing TestParseKnownRRAsRFC3597.
* Eliminate canParseAsRR
This has the advantage that concrete types will now be returned for
parsed ANY, NULL, OPT and TSIG records.
* Expand TestDynamicUpdateParsing for RFC 3597
This ensures we're properly handling empty RDATA for RFC 3597 parsed
records.
These were flagged by GitHub CodeQL code scanning as potential
vulnerabilities or issues. Fixing them is easy and they are incorrect.
Adding tests is less easy because int is 64-bits on most systems,
including those we test on, so we can't consistently provoke a failure
here.
This also removed the codecov that was still done. We could potentially
re-add as an action, but I don't really miss it. Add testing for 1.14
and 1.15 (it's very fast now).
Fuzzing needs to stay on 1.14 due to brokeness of some kind.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Support generic net.PacketConn's for the Server
This commit adds support for listening on generic net.PacketConn's for
UDP DNS requests, previously *net.UDPConn was the only supported type.
In the event of a future v2 of this module, this should be streamlined.
* Eliminate wrapper functions around RunLocalXServerWithFinChan
* Eliminate RunLocalTCPServerWithTsig function
* Replace RunLocalTLSServer with a wrapper around RunLocalTCPServer
This reduces code duplication.
* Add net.PacketConn server tests
This provides coverage over nearly all of the newly added code (with
the unfortunate exception of (*response).RemoteAddr).
* Fix broken client_test.go tests
a433fbede4 was merged into master between this PR being opened and
being merged. This broke the CI tests in rather strange ways as the
code was being merged into master in a way that wasn't at all clear.
This commit fixes the two broken lines.
* Fix XFR tests
axfrTestingSuite returned the test function that was never actually
executed. These were broken from the beginning awkwardly, though the
test cases pass fine once fixed.
* Switch axfrTestingSuite argument order
*testing.T is customarily the first argument.
AFAIK, the only way to get an RSAMD5 DNSKEY was to manually construct
one. This is ancient, just get rid of it.
The only remaining usage of md5 is in tsig.go. Hopefully that might be
removable as well.
`&dns.HTTPS{Hdr: ...}` fails due to `cannot use promoted field SVCB.Hdr
in struct literal of type dns.HTTPS`. Fix this, less readable
alternatives include using `dns.SVCB` directly, or `&dns.HTTPS{SVCB:
dns.SVCB{Hdr: ...}}`.
Fix the draft reference, draft-02 has not been published yet. Fix ECH,
its type has changed from base64 to a byte array.
* Ignore replies with unexpected IDs
This fixes the following problem:
At time 0, we send a query with ID X from port P.
At time T, we time out the query due to lack of response, and then send
a different query with ID Y. By coincidence, the new query is sent from
the same port number P (since port numbers are only 16 bits, this can happen
with non-negligible probability when making queries at a high rate).
At time T+epsilon, we receive a response to the original query.
Since the ID in this response is X, not Y, we would previously return
ErrId, preventing the second query from succeeding.
With this commit, we simply ignore the response with the mismatched ID
and return once we receive the response with the correct ID.
* Update test for bad ID
The new test sends two replies: the first one has a bad ID, which should
be ignored, and the second one has the correct ID.
* Add test to ensure query times out when server returns bad ID
* Avoid use of error string matching in test case
* Check for mismatched query IDs when using TCP
* Reduce timeout in TestClientSyncBadID
The SVBC record didn't have a class, so add that and use struct literal
to put it all on 1 one. Use `s` for SVCB records, and `h` for HTTPS to
be more consistent.
Signed-off-by: Miek Gieben <miek@miek.nl>
Original PR doesn't make clear why this is 900-now assuming we want to
cross the 14 bit length boundary.
Up to 900 creates a super large (>2^16) message. Not sure why that needs
testing.
Also remove the packs at lower sizes.
Signed-off-by: Miek Gieben <miek@miek.nl>
This reduces the time it takes to run the test. Shorter timeouts on
clients to avoid awaiting for the detault timeouts.
It's also reduces the iterations in some test functions, this doesn't
seem to impact the tests indicating those numbers where random to begin
with.
Use shorter crypto keys, as we don't need to strength in tests.
Stop using Google Public DNS and other remotes in tests as well: it's
faster, keeps things local and avoids spilling info to Google.
This brings the test duration down from ~8s to ~2s on my machine, a 4x
reduction.
~~~
PASS
ok github.com/miekg/dns 2.046s
Switched to branch 'master'
Your branch is up-to-date with 'origin/master'.
PASS
ok github.com/miekg/dns 7.915s
~~~
Signed-off-by: Miek Gieben <miek@miek.nl>