Merge upstream miekg/dns from v1.1.45 -> v.1.1.59 #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Automatically submitted.
Using Exchange doesn't add anything, as it just wraps client.Exchange with a default client. Remove them and speed up the tests, goes from 3s to 1s (for the entire test suite). Signed-off-by: Miek Gieben <[email protected]>
This adds hash.go and creates a identityHash that is used for algorithms that do their own hashing (ED25519) for instance. This unifies the hash variable naming between dnssec and sig(0) signing and removes the special casing that existed for ED25519. This unifies the variable naming between sig(0) and dnssec signing and verifying. I didn't want to used crypto.RegisterHash as not to fiddle with the global namespaces of hashes, so the value of '0' from AlgorithmsToHash is handled specially in dnssec and sig(0) code. Note that ED448 isn't implemented at all. Signed-off-by: Miek Gieben <[email protected]>
…ekg#1292) (miekg#1293) * Change EDNS_EXPIRE field to support zero length option data (Resolves miekg#1292) As per [RFC7134](https://datatracker.ietf.org/doc/html/rfc7314#section-2) the Expire Option in queries should be zero-length. In the current implementation the field is uint32 which always instatiates 4bytes for that field when packing to wire format. For that reason we change the field to []uint8 so it can support 0-length and 4-byte length option data. * addressed comments * addressed comments * make change backwards compatible * add comment for Empty field
* Rename ECH, bump draft number * AliasForm new treatment * alpn is no longer mandatory by default * Document the non-empty value requirement * new test cases * more test cases * Continue forbidding v4-map-v6 but not v4-embed-v6 miekg#1067 (comment) and MikeBishop/dns-alt-svc#361 * Update documentation * revert rename ech * Reword AliasMode with key=value pairs
* Invalid NSEC/3 bitmap on non-zero buffer If the PackBuffer is used to encode an NSEC/3 record, the bitmap is xored with the content of the buffer instead of being zeroed first. The algorithm has been changed so it is able zero bytes without losing too much performance (around 2x slower). * Add some comments + rename some vars to make algo clearer * Revert to previous algo with window length compute+0 on new window * Use typeBitMapLen to compute the bitmap length to zero
Of course the wording was changed (for the better) in an errata: https://www.rfc-editor.org/errata/eid193 We still followed the original RFC4034 text. Note I haven't given this much thought, just changed the 2 into a 3 and ran the test. Fixes: miekg#1352 Signed-off-by: Miek Gieben <[email protected]>
Signed-off-by: Miek Gieben <[email protected]>
* Add SVCB dohpath key The parameter is being added in [its own IETF draft][1] and also being used in the [IETF draft about Descovery of Designated Resolvers][2]. Additionally, the mappings of the numeric key values to strings are exported, under names consistent with the already existing exported mappings, to make it easier for the clients of the module to validate and print SVCB keys. Testing was done by sending SVCB queries for the "_dns.resolver.arpa" domain to OpenDNS's 146.112.41.2 server. [1]: https://datatracker.ietf.org/doc/html/draft-ietf-add-svcb-dns-02 [2]: https://datatracker.ietf.org/doc/html/draft-ietf-add-ddr-06.html * Fix template length, docs; reverse some changes * Remove incorrect validations; improve docs
* Add notes about SVCB draft changes to SVCB-related API * Decrease number of warnings, rephrase
Small fix in the examples to properly work with v6 addresses. Closes: miekg#1365 miekg#1367 Signed-off-by: Miek Gieben <[email protected]>
Signed-off-by: Miek Gieben <[email protected]>
* Modify the SVCBAlpn to properly parse/print * Remove debug * Change SVCB test from reflect to loop * Refactor SVCB code to reduce indentation * When stringifying SVCBAlpn, use strings.Builder for whole process * Update comment in svcb.go Co-authored-by: Miek Gieben <[email protected]> * Describe why we use a specific size for the alpn buffer Co-authored-by: Miek Gieben <[email protected]>
* dohpath escaped in String(), and parsed such values * Update the test for dohpath with escaping * Fix cut & paste error with svcdohpath error
* Disallow names that start with '.' in IsDomainName() * Also update packDomain()
Add 'in the type bitmap' to make clear where in the RR the error occurs. Also use 'NSEC(3)' - as this code is shared between NSEC and NSEC3, the first error used NSECx. Technically backwards incompatible, but checking strings in errors as bad practice (although this lib lacks library types). See miekg#1373 Signed-off-by: Miek Gieben <[email protected]>
This was broken by PR: miekg#1322
Make it public as TsigGenerateWithProvider and update the docs a little. And TsigVerifyWithProvider also - tweak those docs also a little. Signed-off-by: Miek Gieben <[email protected]>
fixes invalid syntax in one of the examples of the README
This is currently used to provide DNS server capabilities to the nebula lighthouses.
Fixes: miekg#1404 Signed-off-by: Miek Gieben <[email protected]> Signed-off-by: Miek Gieben <[email protected]>
* edns: add missing dig options Signed-off-by: Sam Therapy <[email protected]> * Apply suggested change Signed-off-by: Sam Therapy <[email protected]> Signed-off-by: Sam Therapy <[email protected]>
Signed-off-by: Miek Gieben <[email protected]> Signed-off-by: Miek Gieben <[email protected]>
This was mistakenly added in miekg#1406.
I missed this pattern in miekg#1432. These seem to be the only two occurrences. Updates miekg#1432
We definitely shouldn't be using goto for a simple loop. This is technically a behaviour change when off == len(msg), but we're always called with off < len(msg) so this is unobservable.
This will cause one less allocation as String allocates on a bytes.Buffer but not on a strings.Builder.
No one has complained about this in the four years it's been here. I think we can safely accept this new behaviour.
* Fix closing order * Comment to make clear that the close order is deliberate --------- Co-authored-by: Tim Scheuermann <[email protected]>
* feat: add support for ReuseAddr * Update listen_reuseport.go * Update listen_reuseport.go * fixup! feat: add support for ReuseAddr --------- Co-authored-by: Miek Gieben <[email protected]>
Add extra link to the docs for the duplicate Rcode entries See miekg#1523 Signed-off-by: Miek Gieben <[email protected]>
* Allow use of fs.FS for $INCLUDE and wrap errors This adds ZoneParser.SetIncludeAllowedFS, to specify an fs.FS when enabling support for $INCLUDE, for reading included files from somewhere other than the local filesystem. I've also modified ParseError to support wrapping another error, such as errors encountered while opening the $INCLUDE target. This allows for much more robust handling, using errors.Is() instead of testing for particular strings (which may not be identical between fs.FS implementations). ParseError was being constructed in a lot of places using positional instead of named members. Updating ParseError initialization after the new member field was added makes this change seem a lot larger than it actually is. The changes here should be completely backwards compatible. The ParseError change should be invisible to anyone not trying to unwrap it, and ZoneParser will continue to use os.Open if the existing SetIncludeAllowed method is called instead of the new SetIncludeAllowedFS method. * Don't duplicate SetIncludeAllowed; clarify edge cases Rather than duplicate functionality between SetIncludeAllowed and SetIncludeAllowedFS, have a method SetIncludeFS, which only sets the fs.FS. I've improved the documentation to point out some considerations for users hoping to use fs.FS as a security boundary. Per the fs.ValidPath documentation, fs.FS implementations must use path (not filepath) semantics, with slash as a separator (even on Windows). Some, like os.DirFS, also require all paths to be relative. I've clarified this in the documentation, made the includePath manipulation more robust to edge cases, and added some additional tests for relative and absolute paths.
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.19.0. - [Commits](golang/net@v0.17.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.13.0 to 0.15.0. - [Commits](golang/sys@v0.13.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This add the NXT record (2535) to implement all records from the RFC. Also does a s/RFC RFC/RFC/ as I happen to bumb into that will editing the comments. Signed-off-by: Miek Gieben <[email protected]>
We had the type code, this add the rest. Other RRs from 1183 are also fully impl. don't know why this one wasn't. Signed-off-by: Miek Gieben <[email protected]>
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.13.0 to 0.17.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.13.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In particular, document the default origin.
* New func InTLS Perform zone transfer via TLS * Test xfr via TLS * New field TLS, used to transfer via TLS --------- Co-authored-by: Cesar Kuroiwa <[email protected]>
Keep track if the escape, if still true when returning isDomainName should return false. TODO: - Should still be done in packDomainName as well. - And that should be tested - Some tests now fail There are multiple other places that supposedly also check for this, but they are not called in the parsing. Fixes: miekg#1528 Signed-off-by: Miek Gieben <[email protected]>
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.16.0 to 0.17.0. - [Commits](golang/sys@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.20.0 to 0.21.0. - [Commits](golang/net@v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.17.0 to 0.19.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.17.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: xiaoxiangxianzi <[email protected]>
`endingToTxtSlice`, used by TXT, SPF and a few other types, parses a string such as `"hello world"` from an RR's content in a zone file. These strings are limited to 255 characters, and `endingToTxtSlice` automatically splits them if they're longer than that. However, it didn't count the length correctly: escape sequences such as `\\` or `\123` were counted as multiple characters (2 and 4 respectively in these examples), but they should only count as one character because they represent a single byte in wire format (which is where this 255 character limit comes from). This commit fixes that.
zakird
approved these changes
Jun 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge in the latest release from
miekg/dns