[9front] [Patch] ndb/dns: DNSKEY and OPT RR types

9front - general discussion about 9front
 help / color / mirror / Atom feed

From: Jacob Moody <moody@mail.posixcafe.org>
To: 9front@9front.org
Subject: [9front] [Patch] ndb/dns: DNSKEY and OPT RR types
Date: Thu, 17 Dec 2020 17:51:54 -0600	[thread overview]
Message-ID: <9df1d568-ff75-8e46-6b0f-98323786a8e1@mail.posixcafe.org> (raw)

Hello,



I recently ran in to some issues with pointing an unbound server towards a 9front dns server as its upstream.
The parsing seemed to fail when ndb/dns received a DNSKEY RR from it's own upstream source on behalf of unbound.
This patch catches and stores the DNSKEY from the upstream server to prevent this.



While working on this I upped the max UDP size the server is willing to accept from clients,
as well as the ability to broadcast this new size via EDNS through the OPT RR type when prompted by the client.
The new size of 4096 is based on the suggestion listed in rfc6891.


Thanks,
moody

diff -r 33920ebb68d1 sys/src/cmd/ndb/convDNS2M.c
--- a/sys/src/cmd/ndb/convDNS2M.c	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/convDNS2M.c	Thu Dec 17 17:48:13 2020 -0600
@@ -268,6 +268,9 @@
 		for(t = rp->txt; t != nil; t = t->next)
 			STRING(t->p);
 		break;
+	case Topt:
+		BYTES(rp->opt->data, rp->opt->dlen);
+		break;
 	case Tnull:
 		BYTES(rp->null->data, rp->null->dlen);
 		break;
@@ -275,6 +278,7 @@
 		NAME(rp->rmb->name);
 		NAME(rp->rp->name);
 		break;
+	case Tdnskey:
 	case Tkey:
 		USHORT(rp->key->flags);
 		UCHAR(rp->key->proto);
diff -r 33920ebb68d1 sys/src/cmd/ndb/convM2DNS.c
--- a/sys/src/cmd/ndb/convM2DNS.c	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/convM2DNS.c	Thu Dec 17 17:48:13 2020 -0600
@@ -441,6 +441,9 @@
 			l = &t->next;
 		}
 		break;
+	case Topt:
+		BYTES(rp->opt->data, rp->opt->dlen);
+		break;
 	case Tnull:
 		BYTES(rp->null->data, rp->null->dlen);
 		break;
@@ -448,6 +451,7 @@
 		rp->rmb = dnlookup(NAME(dname), Cin, 1);
 		rp->rp  = dnlookup(NAME(dname), Cin, 1);
 		break;
+	case Tdnskey:
 	case Tkey:
 		USHORT(rp->key->flags);
 		UCHAR(rp->key->proto);
diff -r 33920ebb68d1 sys/src/cmd/ndb/dn.c
--- a/sys/src/cmd/ndb/dn.c	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dn.c	Thu Dec 17 17:48:13 2020 -0600
@@ -1791,6 +1791,34 @@
 	return rp;
 }

+RR*
+mkopt(void)
+{
+	RR *rp;
+	DN *dp;
+
+	rp = rralloc(Topt);
+
+	dp = emalloc(sizeof(*dp));
+	dp->magic = DNmagic;
+	dp->name = estrdup("");
+	/* class holds our max UDP size */
+	dp->class = Maxudp;
+	dp->rr = nil;
+	dp->referenced = now;
+	dp->next = nil;
+
+	rp->owner = dp;
+	/*
+     * OPT TTL stores RSCODE, VERSION and DNSSEC Flag
+	 * This signals RSCODE = 0, VERSION = 0, and no DNSSEC
+     */
+	rp->ttl = 0;
+	rp->opt->dlen = 0;
+	rp->opt->data = nil;
+	return rp;
+}
+
 void	bytes2nibbles(uchar *nibbles, uchar *bytes, int nbytes);

 /*
@@ -1951,6 +1979,7 @@
 		rp->srv = emalloc(sizeof(*rp->srv));
 		setmalloctag(rp->srv, rp->pc);
 		break;
+	case Tdnskey:
 	case Tkey:
 		rp->key = emalloc(sizeof(*rp->key));
 		setmalloctag(rp->key, rp->pc);
@@ -1963,6 +1992,10 @@
 		rp->sig = emalloc(sizeof(*rp->sig));
 		setmalloctag(rp->sig, rp->pc);
 		break;
+	case Topt:
+		rp->opt = emalloc(sizeof(*rp->opt));
+		setmalloctag(rp->opt, rp->pc);
+		break;
 	case Tnull:
 		rp->null = emalloc(sizeof(*rp->null));
 		setmalloctag(rp->null, rp->pc);
@@ -1994,6 +2027,7 @@
 		memset(rp->srv, 0, sizeof *rp->srv);	/* cause trouble */
 		free(rp->srv);
 		break;
+	case Tdnskey:
 	case Tkey:
 		free(rp->key->data);
 		memset(rp->key, 0, sizeof *rp->key);	/* cause trouble */
@@ -2009,6 +2043,11 @@
 		memset(rp->sig, 0, sizeof *rp->sig);	/* cause trouble */
 		free(rp->sig);
 		break;
+	case Topt:
+		free(rp->opt->data);
+		memset(rp->opt, 0, sizeof *rp->opt);
+		free(rp->opt);
+		break;
 	case Tnull:
 		free(rp->null->data);
 		memset(rp->null, 0, sizeof *rp->null);	/* cause trouble */
diff -r 33920ebb68d1 sys/src/cmd/ndb/dns.h
--- a/sys/src/cmd/ndb/dns.h	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dns.h	Thu Dec 17 17:48:13 2020 -0600
@@ -135,7 +135,7 @@
 	Reserved=	5*Min,

 	/* packet sizes */
-	Maxudp=		512,	/* maximum bytes per udp message sent */
+	Maxudp=		4096,	/* maximum bytes per udp message sent */
 	Maxudpin=	2048,	/* maximum bytes per udp message rcv'd */

 	/* length of domain name hash table */
@@ -171,6 +171,7 @@
 typedef struct Sig	Sig;
 typedef struct Srv	Srv;
 typedef struct Txt	Txt;
+typedef struct Opt	Opt;

 /*
  *  a structure to track a request and any slave process handling it
@@ -236,6 +237,10 @@
 {
 	Block;
 };
+struct Opt
+{
+	Block;
+};

 /*
  *  text strings
@@ -292,6 +297,7 @@
 		Sig	*sig;
 		Null	*null;
 		Txt	*txt;
+		Opt	*opt;
 	};
 };

@@ -485,6 +491,7 @@
 int	tsame(int, int);
 void	unique(RR*);
 void	warning(char*, ...);
+RR*	mkopt(void);

 /* dnarea.c */
 void	refresh_areas(Area*);
diff -r 33920ebb68d1 sys/src/cmd/ndb/dnudpserver.c
--- a/sys/src/cmd/ndb/dnudpserver.c	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dnudpserver.c	Thu Dec 17 17:48:13 2020 -0600
@@ -9,6 +9,7 @@

 static int	udpannounce(char*);
 static void	reply(int, uchar*, DNSmsg*, Request*);
+static void addopt(DNSmsg*, DNSmsg*);

 typedef struct Inprogress Inprogress;
 struct Inprogress
@@ -258,6 +259,7 @@
 				dnnotify(&reqmsg, &repmsg, &req);
 				break;
 			}
+			addopt(&reqmsg, &repmsg);
 			/* send reply on fd to address in buf's udp hdr */
 			reply(fd, buf, &repmsg, &req);
 			freeanswers(&repmsg);
@@ -334,3 +336,18 @@
 	if(write(fd, buf, len) != len)
 		dnslog("error sending reply: %r");
 }
+
+static void
+addopt(DNSmsg *reqmsg, DNSmsg *repmsg)
+{
+	RR *qr, *rr;
+
+	for(qr = reqmsg->ar; qr != nil; qr = qr->next)
+		if(qr->type == Topt){
+			for(rr = repmsg->ar; rr->next != nil; rr = rr->next)
+				;
+			rr->next = mkopt();
+			repmsg->arcount++;
+			break;
+		}
+}

next             reply	other threads:[~2020-12-17 23:54 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-17 23:51 Jacob Moody [this message]
2020-12-18 12:25 ` hiro
2020-12-18 15:21 ` cinap_lenrek
2020-12-18 16:05   ` Jacob Moody
2020-12-18 18:18     ` cinap_lenrek
2020-12-20  7:59       ` Jacob Moody
2020-12-20 22:03         ` cinap_lenrek
2020-12-18 15:30 ` cinap_lenrek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9df1d568-ff75-8e46-6b0f-98323786a8e1@mail.posixcafe.org \
    --to=moody@mail.posixcafe.org \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).