* ClassANY: don't convert CLASS255 to ANY
Class "ANY" is wireformat only. In zonefile you can use CLASS255, but
when String-ing we convert this into "ANY" which is wrong. I.e. this
means we can't read back our own update.
Bit of a kludge to work around this, as I'm not sure we can just remove
ANY from the ClassToString map.
Never executed, flaky and failing now that some SIDN test servers
have been removed.
Just delete the code; hopefully we can bring it back one day in a CI
repo or something?
We currently use information from a potential attacker to pre-allocate slices for the Question, Answer, etc. sections. This allows an attacker to force allocation of several MiB per parsed Msg.
Instead, don't pre-allocate those slices. append() always allocates in powers of two, which is probably the best we can do.
Fixes#609.
* relative include: now tested!
If you take the effort of creating includePath, actually use it when
opening the file. Now tested (again) with CoreDNS (with a zone file that
includes two others)
Failure to include leads to:
~~~
2017/12/07 16:47:00 plugin/file: /tmp/example.org: dns: failed to include `a/1include1.org' as `/tmp/a/1include1.org': "a/1include1.org" at line: 15:24
~~~
* dont change the error line
This was missing and generated the wrong code for TKEY; it adds a +1 to
the amount. This should happen (technically).
I think the fallout is not super bad (of the +1) as we allocate a byte
more for when pack a message.
Add a version.go that has the semver version of this libary; now at
1.0.0. Use a struct so external code can easily check the for the
version without resulting to string parsing. Add String() function if
you want to access the version string.
Use simple Makefile.release to kick off a new release:
% edit version.go
% make -f Makefile.release
will tag and push according to version, if version is 1.0.0 the tag
in git will be v1.0.0
* Add support for TKEY RRs
- make sure Key and Data fields are variable length hex fields
- checkin output from 'go generate'
- add a TKEY specific test to ensure this stays working
* go format changes
* address review comments
* add ability to parse TKEY via string
* handle review comments - change TKEY string output
* Modified clientconfig to match ndots0
* Added Tests for reading resolv.conf
* Cleaned up and removed duplicated code in test
* Added test for ndots below 0
* Cleaned up test
* Clean up
* Add support for Ed25519 DNSSEC signing from RFC 8080
Note: The test case from RFC 8080 has been modified
to correct the missing final brace, but is otherwise
present as-is.
* Explain why ed25519 is special cased in (*RRSIG).Sign
* Explain use of ed25519.GenerateKey in readPrivateKeyED25519
* Add dep
This is PR #458 with the dependency added into it.
rawSignatureData currently missed a few types:
MD MF RP AFSDB RT SIG PX NXT A6
We don't have NXT and A6 anymore in this lib. Add the other ones.
Fixes#523
Implement the CSYNC record.
Fixes#290
Long overdue, lets add this record. Similar in vain as NSEC/NSEC3, we
need to implement len() our selves. Presentation format parsing and
tests are done as well.
This is CoreDNS running with CSYNC support, `dig` doesn't support this
at the moment, so:
~~~
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40323
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;csync.example.org. IN TYPE62
;; ANSWER SECTION:
csync.example.org. 10 IN TYPE62 \# 12 000335240042000460000008
;; AUTHORITY SECTION:
example.org. 10 IN NS a.iana-servers.net.
example.org. 10 IN NS b.iana-servers.net.
~~~
Add easy way to fuzz this dns library, put fuzz related code in fuzz.go
and have a small Makefile.fuzz to be used:
$ make -f Makefile.fuzz build
$ make -f Makefile.fuzz fuzz
Will build and fuzz the library. Both pack/unpack and NewRR are fuzz
targets, but we could open this up.
* TSIG name must be presented in canonical form
Update the documentation to make clear that the zonename in the
TsigSecret map must be in canonical form.
* Reference RFC 4034 for canonical form
* txt parser: fix goroutine leak
When a higher level (grammar or syntax) error was encountered the lower
level zlexer routine would be left open and trying to send more tokens
on the channel c. This leaks a goroutine, per failed parse...
This PR fixes this by signalling this error - by canceling a context -
retrieving any remaining items from the channel, so zlexer can return.
It also adds a goroutine leak test that can be re-used in other tests,
the TestParseBadNAPTR test uses this leak detector.
The private key parsing code had the same bug and is also fixed in this
PR.
Fixes#586
Fixes https://github.com/coredns/coredns/issues/1233
* sem not needed anymore
* Server: drop inflight waitgroup
This drops the waitgroup in Server, the suspicion is this can make the server
fail to stop; doing this make graceful shutdown not work.
Add test that tries to find a race between starting on stopping race;
there was a data race on srv.Inflight.
The coredns' TestReadme doesn't race anymore with this as it did with
the more evasive PR #546.
Drop all graceful handling. There is just too much locking in
waitgrouping going on for very little gain; deal with it.
Make the error handling between serve{TCP,UDP} identical.
* Fix https://github.com/miekg/dns/issues/555 dnsutil.TrimDomainName tests fail
* Remove comment
* Clean up comments and code.
* Clean up comments, use dns.Fqdn() where we can, lint.
Use :0 for loopback testing. This is more portable between testing environments.
Add testRR that calls NewRR and throws error away - apply it everywhere where needed.
It seems only Go 1.9 can deal with :0 being used. Disable 1.8 in travis.
Move some of them to Errorf and friends, but most of them are just
gone: This make go test -v actually readable.
Remove a bunch of test that used ipv6 on localhost as this does not work
on Travis.
I spent several hours trying to figure out why my TSIG signatures were
failing on requests to a server. I finally discovered this little
detail in the RFC which turned out to be my whole problem. Amending the
documentation to hopefully spare others the same confusion.
If an incoming message contains a TSIG record, it MUST be the last
record in the additional section.
RFC2845 3.2
Optimize CompareDomainName:
old: BenchmarkCompareDomainName-2 1000000 1869 ns/op 64 B/op 2 allocs/op
new: BenchmarkCompareDomainName-2 2000000 854 ns/op 64 B/op 2 allocs/op
This removes the strings.ToLower and fixes the documentation. It also
does not Fqdn's the names anymore (the documentation said we didn't, now
the documentation is right again).
Unlike what the documentation said we are comparing in a ignore-case
manor, add helper function equal that does this without calling
strings.ToLower.
* Allow parsing resolv.conf from io.Reader
This allows projects that use this parser to write unit tests without
writing temporary files to the filesystem.
* Avoid allocation by using strings.NewReader
Miek Gieben
Twitch
Lorenz Bauer
Matthijs Mekking
James Hartig
spsholleman
Marc Ende
JeremyRand
Tom Limoncelli
andrewtj
David McNett
Ethan J. Jackson
Neo Zhuo
sarneaud
Star Brilliant