* Add DNS-over-HTTPS support to (*Client).Exchange
* Ignore net/http goroutine leak from DoH
* Use existing Dialer and TLSConfig fields on Client for DOH
* Make DOH http.Client fully configurable
* Pipe context into exchangeDOH
* Fixed len computation when size just goes beyond 14 bits
* Added bouds checks around 14bits
* Len() always right including when around 14bits boudaries
* Avoid splitting into labels when not applicable
* Fixed comments
* Added comments in code
* Added new test cases
* Fixed computation of Len() for SRV and all kind of records
* Fixed Sign that was relying on non-copy for Unit tests
* Removed unused padding
* Fixed typo in PackBuffer() function
* Added comment about packBufferWithCompressionMap() for testing purposes
* do not modify dns.Rcode when packing to wire format
When the message has an EDNS0 option in the additional section and
dns.Msg.Rcode is set to an extended rcode, dns.Msg.PackBuffer() modifies
dns.Msg.Rcode.
If you were to `Pack` the message and log it after, the Rcode would show
NOERROR.
Running the test before the change would error with:
```
=== RUN TestPackNoSideEffect
--- FAIL: TestPackNoSideEffect (0.00s)
msg_test.go:51: after pack: Rcode is expected to be BADVERS
```
after fixing dns.Msg.PackBuffer(), all tests are still passing.
Fixes#674
* address comments from PR#675
copyHeader() is redundant, we allocate a header and then copy the
non-pointer elements into it; we don't need to do this, because if we
just asssign rr.Hdr to something else we get the same result.
Remove copyHeader() and the generation and use of it in ztypes.go.
* Split central ServeDNS code out of (*Server).serve
* Add UDP and TCP specific (*Server).serve wrappers
* Move UDP serve functionality into serveUDPPacket
* Merge serve into serveTCPConn
* Cleanup serveTCPConn replacing goto with for
* defer Close in serveTCPConn
* Remove remoteAddr field from response struct
* Fix broken tsigSecret check in serveDNS
* Reorder serveDNS arguments
This makes it consistent with the ordering of arguments to
serveUDPPacket and serveTCPConn.
This offset max was not taking into account leading Len() to emit a
smaller value that could not be matched by Pack(), i.e all names can
be fully compressed or used as a target for compression.
Split length tests off in seperate file length_test.go to clean up
dns_test.og a bit.
* Split central ServeDNS code out of (*Server).serve
* Add UDP and TCP specific (*Server).serve wrappers
* Move UDP serve functionality into serveUDPPacket
* Merge serve into serveTCPConn
* Cleanup serveTCPConn replacing goto with for
* defer Close in serveTCPConn
* Remove remoteAddr field from response struct
* Fix broken tsigSecret check in serveDNS
* Reorder serveDNS arguments
This makes it consistent with the ordering of arguments to
serveUDPPacket and serveTCPConn.
* Test that Shutdown does not surface closed errors
This test checks that calling Shutdown does not cause ActivateAndServe
(via serveTCP and serveUDP) to return the underlying
'use of closed network connection' error.
This commit unifies TestShutdownTCP with TestShutdownUDP. After this
commit, both tests will check that ActivateAndServe returns a nil error
and that Shutdown succeeded.
This was previously broken for serveTCP.
* Add comment explaining why fin chan is buffered
serveTCP calls reader.ReadTCP in the accept loop rather than in
the per-connection goroutine. If an attacker opens a connection
and leaves it idle, this will block the accept loop until the
connection times out (2s by default). During this time no other
incoming connections will succeed, preventing legitimate queries
from being answered.
This commit moves the call to reader.ReadTCP into the per-connection
goroutine. It also adds a missing call to Close whose absence allowed
file-descirptors to leak in select cases.
This attack and fix have no impact on serving UDP queries.
The check for srv.started being false is in the wrong place, it should
be after Accept not after ReadTCP. If Shutdown is called, serveTCP will
currently return a 'use of closed network connection' error, which is
undesired.
This commit mirrors the behaviour of serveUDP with respect to Shutdown.
* Do not reutrn ErrShortRead in readUDP
A read of zero bytes indicates a peer shutdown for TCP sockets -- and
thus returning ErrShortRead is fine in readTCP -- but not for UDP
sockets. For UDP sockets a read of zero bytes literally indicates a
zero-byte datagram, and is a valid return value not indicating an error.
Removing this case will cause readUDP to correctly return a zero-byte
message.
* Return non-temporary error from serveUDP loop
Fixes#613
* ClassANY: don't convert CLASS255 to ANY
Class "ANY" is wireformat only. In zonefile you can use CLASS255, but
when String-ing we convert this into "ANY" which is wrong. I.e. this
means we can't read back our own update.
Bit of a kludge to work around this, as I'm not sure we can just remove
ANY from the ClassToString map.
Never executed, flaky and failing now that some SIDN test servers
have been removed.
Just delete the code; hopefully we can bring it back one day in a CI
repo or something?
We currently use information from a potential attacker to pre-allocate slices for the Question, Answer, etc. sections. This allows an attacker to force allocation of several MiB per parsed Msg.
Instead, don't pre-allocate those slices. append() always allocates in powers of two, which is probably the best we can do.
Fixes#609.
* relative include: now tested!
If you take the effort of creating includePath, actually use it when
opening the file. Now tested (again) with CoreDNS (with a zone file that
includes two others)
Failure to include leads to:
~~~
2017/12/07 16:47:00 plugin/file: /tmp/example.org: dns: failed to include `a/1include1.org' as `/tmp/a/1include1.org': "a/1include1.org" at line: 15:24
~~~
* dont change the error line
This was missing and generated the wrong code for TKEY; it adds a +1 to
the amount. This should happen (technically).
I think the fallout is not super bad (of the +1) as we allocate a byte
more for when pack a message.
Add a version.go that has the semver version of this libary; now at
1.0.0. Use a struct so external code can easily check the for the
version without resulting to string parsing. Add String() function if
you want to access the version string.
Use simple Makefile.release to kick off a new release:
% edit version.go
% make -f Makefile.release
will tag and push according to version, if version is 1.0.0 the tag
in git will be v1.0.0
* Add support for TKEY RRs
- make sure Key and Data fields are variable length hex fields
- checkin output from 'go generate'
- add a TKEY specific test to ensure this stays working
* go format changes
* address review comments
* add ability to parse TKEY via string
* handle review comments - change TKEY string output
* Modified clientconfig to match ndots0
* Added Tests for reading resolv.conf
* Cleaned up and removed duplicated code in test
* Added test for ndots below 0
* Cleaned up test
* Clean up
* Add support for Ed25519 DNSSEC signing from RFC 8080
Note: The test case from RFC 8080 has been modified
to correct the missing final brace, but is otherwise
present as-is.
* Explain why ed25519 is special cased in (*RRSIG).Sign
* Explain use of ed25519.GenerateKey in readPrivateKeyED25519
* Add dep
This is PR #458 with the dependency added into it.
Tom Thorogood
Miek Gieben
Pierre Souchay
Uladzimir Trehubenka
chantra
Stefan Aurori
Eric Greer
clmul
Ludovic Fernandez
Frank Denis
Twitch
Lorenz Bauer
Matthijs Mekking
James Hartig
spsholleman
Marc Ende