From: Jacob Moody <moody@mail.posixcafe.org>
To: 9front@9front.org
Subject: [9front] [Patch] ndb/dns: DNSKEY and OPT RR types
Date: Thu, 17 Dec 2020 17:51:54 -0600 [thread overview]
Message-ID: <9df1d568-ff75-8e46-6b0f-98323786a8e1@mail.posixcafe.org> (raw)
Hello,
I recently ran in to some issues with pointing an unbound server towards a 9front dns server as its upstream.
The parsing seemed to fail when ndb/dns received a DNSKEY RR from it's own upstream source on behalf of unbound.
This patch catches and stores the DNSKEY from the upstream server to prevent this.
While working on this I upped the max UDP size the server is willing to accept from clients,
as well as the ability to broadcast this new size via EDNS through the OPT RR type when prompted by the client.
The new size of 4096 is based on the suggestion listed in rfc6891.
Thanks,
moody
diff -r 33920ebb68d1 sys/src/cmd/ndb/convDNS2M.c
--- a/sys/src/cmd/ndb/convDNS2M.c Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/convDNS2M.c Thu Dec 17 17:48:13 2020 -0600
@@ -268,6 +268,9 @@
for(t = rp->txt; t != nil; t = t->next)
STRING(t->p);
break;
+ case Topt:
+ BYTES(rp->opt->data, rp->opt->dlen);
+ break;
case Tnull:
BYTES(rp->null->data, rp->null->dlen);
break;
@@ -275,6 +278,7 @@
NAME(rp->rmb->name);
NAME(rp->rp->name);
break;
+ case Tdnskey:
case Tkey:
USHORT(rp->key->flags);
UCHAR(rp->key->proto);
diff -r 33920ebb68d1 sys/src/cmd/ndb/convM2DNS.c
--- a/sys/src/cmd/ndb/convM2DNS.c Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/convM2DNS.c Thu Dec 17 17:48:13 2020 -0600
@@ -441,6 +441,9 @@
l = &t->next;
}
break;
+ case Topt:
+ BYTES(rp->opt->data, rp->opt->dlen);
+ break;
case Tnull:
BYTES(rp->null->data, rp->null->dlen);
break;
@@ -448,6 +451,7 @@
rp->rmb = dnlookup(NAME(dname), Cin, 1);
rp->rp = dnlookup(NAME(dname), Cin, 1);
break;
+ case Tdnskey:
case Tkey:
USHORT(rp->key->flags);
UCHAR(rp->key->proto);
diff -r 33920ebb68d1 sys/src/cmd/ndb/dn.c
--- a/sys/src/cmd/ndb/dn.c Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dn.c Thu Dec 17 17:48:13 2020 -0600
@@ -1791,6 +1791,34 @@
return rp;
}
+RR*
+mkopt(void)
+{
+ RR *rp;
+ DN *dp;
+
+ rp = rralloc(Topt);
+
+ dp = emalloc(sizeof(*dp));
+ dp->magic = DNmagic;
+ dp->name = estrdup("");
+ /* class holds our max UDP size */
+ dp->class = Maxudp;
+ dp->rr = nil;
+ dp->referenced = now;
+ dp->next = nil;
+
+ rp->owner = dp;
+ /*
+ * OPT TTL stores RSCODE, VERSION and DNSSEC Flag
+ * This signals RSCODE = 0, VERSION = 0, and no DNSSEC
+ */
+ rp->ttl = 0;
+ rp->opt->dlen = 0;
+ rp->opt->data = nil;
+ return rp;
+}
+
void bytes2nibbles(uchar *nibbles, uchar *bytes, int nbytes);
/*
@@ -1951,6 +1979,7 @@
rp->srv = emalloc(sizeof(*rp->srv));
setmalloctag(rp->srv, rp->pc);
break;
+ case Tdnskey:
case Tkey:
rp->key = emalloc(sizeof(*rp->key));
setmalloctag(rp->key, rp->pc);
@@ -1963,6 +1992,10 @@
rp->sig = emalloc(sizeof(*rp->sig));
setmalloctag(rp->sig, rp->pc);
break;
+ case Topt:
+ rp->opt = emalloc(sizeof(*rp->opt));
+ setmalloctag(rp->opt, rp->pc);
+ break;
case Tnull:
rp->null = emalloc(sizeof(*rp->null));
setmalloctag(rp->null, rp->pc);
@@ -1994,6 +2027,7 @@
memset(rp->srv, 0, sizeof *rp->srv); /* cause trouble */
free(rp->srv);
break;
+ case Tdnskey:
case Tkey:
free(rp->key->data);
memset(rp->key, 0, sizeof *rp->key); /* cause trouble */
@@ -2009,6 +2043,11 @@
memset(rp->sig, 0, sizeof *rp->sig); /* cause trouble */
free(rp->sig);
break;
+ case Topt:
+ free(rp->opt->data);
+ memset(rp->opt, 0, sizeof *rp->opt);
+ free(rp->opt);
+ break;
case Tnull:
free(rp->null->data);
memset(rp->null, 0, sizeof *rp->null); /* cause trouble */
diff -r 33920ebb68d1 sys/src/cmd/ndb/dns.h
--- a/sys/src/cmd/ndb/dns.h Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dns.h Thu Dec 17 17:48:13 2020 -0600
@@ -135,7 +135,7 @@
Reserved= 5*Min,
/* packet sizes */
- Maxudp= 512, /* maximum bytes per udp message sent */
+ Maxudp= 4096, /* maximum bytes per udp message sent */
Maxudpin= 2048, /* maximum bytes per udp message rcv'd */
/* length of domain name hash table */
@@ -171,6 +171,7 @@
typedef struct Sig Sig;
typedef struct Srv Srv;
typedef struct Txt Txt;
+typedef struct Opt Opt;
/*
* a structure to track a request and any slave process handling it
@@ -236,6 +237,10 @@
{
Block;
};
+struct Opt
+{
+ Block;
+};
/*
* text strings
@@ -292,6 +297,7 @@
Sig *sig;
Null *null;
Txt *txt;
+ Opt *opt;
};
};
@@ -485,6 +491,7 @@
int tsame(int, int);
void unique(RR*);
void warning(char*, ...);
+RR* mkopt(void);
/* dnarea.c */
void refresh_areas(Area*);
diff -r 33920ebb68d1 sys/src/cmd/ndb/dnudpserver.c
--- a/sys/src/cmd/ndb/dnudpserver.c Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dnudpserver.c Thu Dec 17 17:48:13 2020 -0600
@@ -9,6 +9,7 @@
static int udpannounce(char*);
static void reply(int, uchar*, DNSmsg*, Request*);
+static void addopt(DNSmsg*, DNSmsg*);
typedef struct Inprogress Inprogress;
struct Inprogress
@@ -258,6 +259,7 @@
dnnotify(&reqmsg, &repmsg, &req);
break;
}
+ addopt(&reqmsg, &repmsg);
/* send reply on fd to address in buf's udp hdr */
reply(fd, buf, &repmsg, &req);
freeanswers(&repmsg);
@@ -334,3 +336,18 @@
if(write(fd, buf, len) != len)
dnslog("error sending reply: %r");
}
+
+static void
+addopt(DNSmsg *reqmsg, DNSmsg *repmsg)
+{
+ RR *qr, *rr;
+
+ for(qr = reqmsg->ar; qr != nil; qr = qr->next)
+ if(qr->type == Topt){
+ for(rr = repmsg->ar; rr->next != nil; rr = rr->next)
+ ;
+ rr->next = mkopt();
+ repmsg->arcount++;
+ break;
+ }
+}
next reply other threads:[~2020-12-17 23:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-17 23:51 Jacob Moody [this message]
2020-12-18 12:25 ` hiro
2020-12-18 15:21 ` cinap_lenrek
2020-12-18 16:05 ` Jacob Moody
2020-12-18 18:18 ` cinap_lenrek
2020-12-20 7:59 ` Jacob Moody
2020-12-20 22:03 ` cinap_lenrek
2020-12-18 15:30 ` cinap_lenrek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9df1d568-ff75-8e46-6b0f-98323786a8e1@mail.posixcafe.org \
--to=moody@mail.posixcafe.org \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).