* Test that Shutdown does not surface closed errors
This test checks that calling Shutdown does not cause ActivateAndServe
(via serveTCP and serveUDP) to return the underlying
'use of closed network connection' error.
This commit unifies TestShutdownTCP with TestShutdownUDP. After this
commit, both tests will check that ActivateAndServe returns a nil error
and that Shutdown succeeded.
This was previously broken for serveTCP.
* Add comment explaining why fin chan is buffered
serveTCP calls reader.ReadTCP in the accept loop rather than in
the per-connection goroutine. If an attacker opens a connection
and leaves it idle, this will block the accept loop until the
connection times out (2s by default). During this time no other
incoming connections will succeed, preventing legitimate queries
from being answered.
This commit moves the call to reader.ReadTCP into the per-connection
goroutine. It also adds a missing call to Close whose absence allowed
file-descirptors to leak in select cases.
This attack and fix have no impact on serving UDP queries.
The check for srv.started being false is in the wrong place, it should
be after Accept not after ReadTCP. If Shutdown is called, serveTCP will
currently return a 'use of closed network connection' error, which is
undesired.
This commit mirrors the behaviour of serveUDP with respect to Shutdown.
* Do not reutrn ErrShortRead in readUDP
A read of zero bytes indicates a peer shutdown for TCP sockets -- and
thus returning ErrShortRead is fine in readTCP -- but not for UDP
sockets. For UDP sockets a read of zero bytes literally indicates a
zero-byte datagram, and is a valid return value not indicating an error.
Removing this case will cause readUDP to correctly return a zero-byte
message.
* Return non-temporary error from serveUDP loop
Fixes#613
* ClassANY: don't convert CLASS255 to ANY
Class "ANY" is wireformat only. In zonefile you can use CLASS255, but
when String-ing we convert this into "ANY" which is wrong. I.e. this
means we can't read back our own update.
Bit of a kludge to work around this, as I'm not sure we can just remove
ANY from the ClassToString map.
Never executed, flaky and failing now that some SIDN test servers
have been removed.
Just delete the code; hopefully we can bring it back one day in a CI
repo or something?
We currently use information from a potential attacker to pre-allocate slices for the Question, Answer, etc. sections. This allows an attacker to force allocation of several MiB per parsed Msg.
Instead, don't pre-allocate those slices. append() always allocates in powers of two, which is probably the best we can do.
Fixes#609.
* relative include: now tested!
If you take the effort of creating includePath, actually use it when
opening the file. Now tested (again) with CoreDNS (with a zone file that
includes two others)
Failure to include leads to:
~~~
2017/12/07 16:47:00 plugin/file: /tmp/example.org: dns: failed to include `a/1include1.org' as `/tmp/a/1include1.org': "a/1include1.org" at line: 15:24
~~~
* dont change the error line
This was missing and generated the wrong code for TKEY; it adds a +1 to
the amount. This should happen (technically).
I think the fallout is not super bad (of the +1) as we allocate a byte
more for when pack a message.
Add a version.go that has the semver version of this libary; now at
1.0.0. Use a struct so external code can easily check the for the
version without resulting to string parsing. Add String() function if
you want to access the version string.
Use simple Makefile.release to kick off a new release:
% edit version.go
% make -f Makefile.release
will tag and push according to version, if version is 1.0.0 the tag
in git will be v1.0.0
* Add support for TKEY RRs
- make sure Key and Data fields are variable length hex fields
- checkin output from 'go generate'
- add a TKEY specific test to ensure this stays working
* go format changes
* address review comments
* add ability to parse TKEY via string
* handle review comments - change TKEY string output
* Modified clientconfig to match ndots0
* Added Tests for reading resolv.conf
* Cleaned up and removed duplicated code in test
* Added test for ndots below 0
* Cleaned up test
* Clean up
* Add support for Ed25519 DNSSEC signing from RFC 8080
Note: The test case from RFC 8080 has been modified
to correct the missing final brace, but is otherwise
present as-is.
* Explain why ed25519 is special cased in (*RRSIG).Sign
* Explain use of ed25519.GenerateKey in readPrivateKeyED25519
* Add dep
This is PR #458 with the dependency added into it.
rawSignatureData currently missed a few types:
MD MF RP AFSDB RT SIG PX NXT A6
We don't have NXT and A6 anymore in this lib. Add the other ones.
Fixes#523
Implement the CSYNC record.
Fixes#290
Long overdue, lets add this record. Similar in vain as NSEC/NSEC3, we
need to implement len() our selves. Presentation format parsing and
tests are done as well.
This is CoreDNS running with CSYNC support, `dig` doesn't support this
at the moment, so:
~~~
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40323
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;csync.example.org. IN TYPE62
;; ANSWER SECTION:
csync.example.org. 10 IN TYPE62 \# 12 000335240042000460000008
;; AUTHORITY SECTION:
example.org. 10 IN NS a.iana-servers.net.
example.org. 10 IN NS b.iana-servers.net.
~~~
Add easy way to fuzz this dns library, put fuzz related code in fuzz.go
and have a small Makefile.fuzz to be used:
$ make -f Makefile.fuzz build
$ make -f Makefile.fuzz fuzz
Will build and fuzz the library. Both pack/unpack and NewRR are fuzz
targets, but we could open this up.
* TSIG name must be presented in canonical form
Update the documentation to make clear that the zonename in the
TsigSecret map must be in canonical form.
* Reference RFC 4034 for canonical form
* txt parser: fix goroutine leak
When a higher level (grammar or syntax) error was encountered the lower
level zlexer routine would be left open and trying to send more tokens
on the channel c. This leaks a goroutine, per failed parse...
This PR fixes this by signalling this error - by canceling a context -
retrieving any remaining items from the channel, so zlexer can return.
It also adds a goroutine leak test that can be re-used in other tests,
the TestParseBadNAPTR test uses this leak detector.
The private key parsing code had the same bug and is also fixed in this
PR.
Fixes#586
Fixes https://github.com/coredns/coredns/issues/1233
* sem not needed anymore
* Server: drop inflight waitgroup
This drops the waitgroup in Server, the suspicion is this can make the server
fail to stop; doing this make graceful shutdown not work.
Add test that tries to find a race between starting on stopping race;
there was a data race on srv.Inflight.
The coredns' TestReadme doesn't race anymore with this as it did with
the more evasive PR #546.
Drop all graceful handling. There is just too much locking in
waitgrouping going on for very little gain; deal with it.
Make the error handling between serve{TCP,UDP} identical.
* Fix https://github.com/miekg/dns/issues/555 dnsutil.TrimDomainName tests fail
* Remove comment
* Clean up comments and code.
* Clean up comments, use dns.Fqdn() where we can, lint.
Use :0 for loopback testing. This is more portable between testing environments.
Add testRR that calls NewRR and throws error away - apply it everywhere where needed.
It seems only Go 1.9 can deal with :0 being used. Disable 1.8 in travis.
Ludovic Fernandez
Tom Thorogood
Miek Gieben
Frank Denis
Twitch
Lorenz Bauer
Matthijs Mekking
James Hartig
spsholleman
Marc Ende
JeremyRand
Tom Limoncelli