* Bugfix for miekg/dns#748
w.msg was being prematurely cleared prior to use by TsigVerify
* Modified patch after feedback from tmthrgd
Added a disposeBuffer method to the server that's passed a response. This wipes the reference to and frees the buffer used to store the message after TSIG validation has occured, not before. Since the pool is an attribute of the server (and the logic refers to a server UDPSize attribute), it made sense to make this a function of the server rather than a function of the response.
* Added TestServerRoundtripTsig to server_test.go
This test generates a TSIG signed query, and makes sure that server TSIG validation does not produce an error.
* Fixed data races introduced by TestServerRoundtripTsig
* Simplified error signalling in TestServerRoundtripTsig
* RunLocalUDPServerWithFinChan variadic closure argument added
This (clever hack suggested by tmthrgd) allows specifying field values (like TsigSecret) on Server instances at test time without making the race detector grouchy, but is backwards compatible with existing invocations of RunLocalUDPServerWithFinChan.
These two functions were identical (sans-variable names) before I
optimized unpackString in 5debfeec63.
This will improve the performance of it's only caller unpackTxt and is
covered by the test and benchmark added in 5debfeec63.
* [tls] Carry TLS state within (possibly) response writer
This allows a server to make decision wether or not the link used to
connect to the DNS server is using TLS.
This can be used by the handler for instance to (but not limited to):
- log that the request was TLS vs TCP
- craft specific responsed knowing that the link is secured
- return custom answers based on client cert (if provided)
...
Fixes#711
* Address @tmthrgd comments:
- do not check whether w.tcp is nil
- create RR after setting txt value
* Address @miekg comments.
Attempt to make a TLS connection state specific test, it goes over
testing each individual server types (TLS, TCP, UDP) and validate that
tls.Connectionstate is only accessible when expected.
* ConnectionState() returns value instead of pointer
* * make ConnectionStater.ConnectionState() return a pointer again
* rename interface ConnectionState to ConnectionStater
* fix nits pointed by @tmthrgd
* @tmthrgd comment: Do not use concret type in `ConnectionState`
* Make Shutdown wait for connections to terminate gracefully
* Add graceful shutdown test files from #713
* Tidy up graceful shutdown tests
* Call t.Error directly in checkInProgressQueriesAtShutdownServer
* Remove timeout arguments from RunLocal*ServerWithFinChan
* Merge defers together in (*Server).serve
This removes the defer from the UDP path, in favour of directly
calling (*sync.WaitGroup).Done after (*Serve).serveDNS has
returned.
* Replace checkInProgressQueriesAtShutdownServer implementation
This performs dialing, writing and reading as three seperate steps.
* Add sleep after writing shutdown test messages
* Avoid race condition when setting server timeouts
Server timeouts cannot be set after the server has started without
triggering the race detector. The timeout's are not strictly needed, so
remove them.
* Use a sync.Cond for testShutdownNotify
Using a chan erroneously triggered the race detector, using a sync.Cond
avoids that problem.
* Remove TestShutdownUDPWithContext
This doesn't really add anything.
* Move shutdown and conn into (*Server).init
* Only log ResponseWriter.WriteMsg error once
* Test that ShutdownContext waits for the reply
* Remove stray newline from diff
* Rename err to ctxErr in ShutdownContext
* Reword testShutdownNotify comment
* Use strings.TrimSuffix in ListenAndServe for TLS
This replaces the if/else statements with something simpler.
Interestingly, the first pull request I submitted to this library was
to fix the tcp6-tls case way back in 4744e915eb.
* Add SO_REUSEPORT implementation
Fixes#654
* Rename Reuseport field to ReusePort
* Rename supportsReuseport to match ReusePort
* Rename listenUDP and listenTCP file to listen_*.go
* Clear the response.msg field after unpacking
The allocated buffer cannot be freed by the garbage collector while the
response is alive, by clearing msg here, the GC can collect the buffer
sooner.
* Use a sync.Pool for UDP message buffers
* Return UDP message buffer to pool in all paths
* Move udpPool.New closure out of (*Server).init
The closure used to capture the *Server which would cause a reference
loop and prevent it from ever being released by the garbage collector.
This also gives the closure a more obvious name in memory profiles:
github.com/miekg/dns.makeUDPBuffer.func1 rather than
github.com/miekg/dns.(*Server).init.func1.
* Fix Serve benchmark failures
At present, these benchmarks don't actually work or measure anything.
SetQuestion must have a fully qualified domain name (trailing dot) to
be valid. Because the question wasn't valid, the request never reached
the server and was rejected by the client.
With the error check added, the benchmarks started failing with:
--- FAIL: BenchmarkServe
server_test.go:346: Exchange failed: dns: domain must be fully qualified
* Enable Serve6 benchmark
Currently this benchmark isn't run as it's not exported.
* Only enable BenchmarkServe6 when IPv6 is supported
The Serve6 benchmark has been disabled since 2014 (in 28d936c032)
because it doesn't play nice with Travis. We can just skip the benchmark
if it fails to bind to an IPv6 address.
* Remove redundant parenthesis
These were caught with:
gofmt -r '(a) -> a' -w *.go
This commit only includes the changes where the formatting makes the
ordering of operations clear.
* Remove more redundant parenthesis
These were caught with:
gofmt -r '(a) -> a' -w *.go
This commit includes the remaining changes where the formatting does not
make the ordering of operations as clear as the previous commit.
* Add a ParseZone test for $GENERATE.
* Add a test for modToPrintf used by $GENERATE.
* Correctly handle $GENERATE modifiers.
As per http://www.zytrax.com/books/dns/ch8/generate.html, the width and type (aka base)
components of a modifier are optional. This means that ${2,0,d}, ${2,0} and ${2} are
valid modifiers, however only the first format was previously permitted. Use default
values for the width and/or type if they are unspecified in the modifier.
RFC 2537 (RSA/MD5) and RFC 3110 (RSA/SHA1) disallow leading zero octets.
RFC 5702 (RSA/SHA256 and RSA/SHA512) isn't specific but defers to these
earlier RFCs in other places.
There is an upper limit of 4096 bits for both the modulus and exponent.
The modulus must be at least 512 bits. No minimum is specified for the
exponent but a quick search suggests single byte exponents are viable.
Exponents larger than 32 bits are already disallowed. This commit adds
checks for the other requirements, general bounds checks, and defers
initialisation of the big num till the other checks have passed.
* Add test from #688 demonstrating bug decoding RSA exponent
* Unpack RSA exponent in correct order
Fixes#688
* Don't unpack RSA keys with an exponent too large for the crypto package
* Update dnssec_test.go
Fix the one nit
* ensure dialTimeout is used at Dial time. Ensure dial functions setup the right timeout
* - on Dialing, ensure a dialTimeout for the Dialer only if it is just created, else keep going with parameters of the Dialer.
* Require URLs for DOH addresses
* Move time.Now directly above http.Client.Do in DoH
* Remove https scheme check from DOH
Although the draft RFC explicitly requires that the scheme be https,
this was deemed undesirable, so remove it.
The base32 variant NSEC3 uses doesn't have padding. This hasn't been a
problem in practice because SHA1 is the only current NSEC3 hash algorithm
and its output doesn't require padding.
No-pad support was introduced in Go 1.9 which is the oldest release this
package supports.
* Add DNS-over-HTTPS support to (*Client).Exchange
* Ignore net/http goroutine leak from DoH
* Use existing Dialer and TLSConfig fields on Client for DOH
* Make DOH http.Client fully configurable
* Pipe context into exchangeDOH
* Fixed len computation when size just goes beyond 14 bits
* Added bouds checks around 14bits
* Len() always right including when around 14bits boudaries
* Avoid splitting into labels when not applicable
* Fixed comments
* Added comments in code
* Added new test cases
* Fixed computation of Len() for SRV and all kind of records
* Fixed Sign that was relying on non-copy for Unit tests
* Removed unused padding
* Fixed typo in PackBuffer() function
* Added comment about packBufferWithCompressionMap() for testing purposes
* do not modify dns.Rcode when packing to wire format
When the message has an EDNS0 option in the additional section and
dns.Msg.Rcode is set to an extended rcode, dns.Msg.PackBuffer() modifies
dns.Msg.Rcode.
If you were to `Pack` the message and log it after, the Rcode would show
NOERROR.
Running the test before the change would error with:
```
=== RUN TestPackNoSideEffect
--- FAIL: TestPackNoSideEffect (0.00s)
msg_test.go:51: after pack: Rcode is expected to be BADVERS
```
after fixing dns.Msg.PackBuffer(), all tests are still passing.
Fixes#674
* address comments from PR#675