From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 11341 invoked from network); 17 Dec 2020 23:54:23 -0000
Received: from ewsd.inri.net (107.191.116.128)
  by inbox.vuxu.org with ESMTPUTF8; 17 Dec 2020 23:54:23 -0000
Received: from mail.posixcafe.org ([45.76.19.58]) by ewsd; Thu Dec 17 18:52:05 -0500 2020
Received: from [10.68.200.62] (static-198-54-131-174.cust.tzulo.com [198.54.131.174])
	by mail.posixcafe.org (OpenSMTPD) with ESMTPSA id 74678c4a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO)
	for <9front@9front.org>;
	Thu, 17 Dec 2020 17:51:55 -0600 (CST)
To: 9front@9front.org
From: Jacob Moody <moody@mail.posixcafe.org>
Message-ID: <9df1d568-ff75-8e46-6b0f-98323786a8e1@mail.posixcafe.org>
Date: Thu, 17 Dec 2020 17:51:54 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.4.3
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: overflow-preventing responsive SSL core general-purpose-based information cache database 
Subject: [9front] [Patch] ndb/dns: DNSKEY and OPT RR types
Reply-To: 9front@9front.org
Precedence: bulk

Hello,



I recently ran in to some issues with pointing an unbound server towards a 9front dns server as its upstream.
The parsing seemed to fail when ndb/dns received a DNSKEY RR from it's own upstream source on behalf of unbound.
This patch catches and stores the DNSKEY from the upstream server to prevent this.



While working on this I upped the max UDP size the server is willing to accept from clients,
as well as the ability to broadcast this new size via EDNS through the OPT RR type when prompted by the client.
The new size of 4096 is based on the suggestion listed in rfc6891.


Thanks,
moody

diff -r 33920ebb68d1 sys/src/cmd/ndb/convDNS2M.c
--- a/sys/src/cmd/ndb/convDNS2M.c	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/convDNS2M.c	Thu Dec 17 17:48:13 2020 -0600
@@ -268,6 +268,9 @@
 		for(t = rp->txt; t != nil; t = t->next)
 			STRING(t->p);
 		break;
+	case Topt:
+		BYTES(rp->opt->data, rp->opt->dlen);
+		break;
 	case Tnull:
 		BYTES(rp->null->data, rp->null->dlen);
 		break;
@@ -275,6 +278,7 @@
 		NAME(rp->rmb->name);
 		NAME(rp->rp->name);
 		break;
+	case Tdnskey:
 	case Tkey:
 		USHORT(rp->key->flags);
 		UCHAR(rp->key->proto);
diff -r 33920ebb68d1 sys/src/cmd/ndb/convM2DNS.c
--- a/sys/src/cmd/ndb/convM2DNS.c	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/convM2DNS.c	Thu Dec 17 17:48:13 2020 -0600
@@ -441,6 +441,9 @@
 			l = &t->next;
 		}
 		break;
+	case Topt:
+		BYTES(rp->opt->data, rp->opt->dlen);
+		break;
 	case Tnull:
 		BYTES(rp->null->data, rp->null->dlen);
 		break;
@@ -448,6 +451,7 @@
 		rp->rmb = dnlookup(NAME(dname), Cin, 1);
 		rp->rp  = dnlookup(NAME(dname), Cin, 1);
 		break;
+	case Tdnskey:
 	case Tkey:
 		USHORT(rp->key->flags);
 		UCHAR(rp->key->proto);
diff -r 33920ebb68d1 sys/src/cmd/ndb/dn.c
--- a/sys/src/cmd/ndb/dn.c	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dn.c	Thu Dec 17 17:48:13 2020 -0600
@@ -1791,6 +1791,34 @@
 	return rp;
 }

+RR*
+mkopt(void)
+{
+	RR *rp;
+	DN *dp;
+
+	rp = rralloc(Topt);
+
+	dp = emalloc(sizeof(*dp));
+	dp->magic = DNmagic;
+	dp->name = estrdup("");
+	/* class holds our max UDP size */
+	dp->class = Maxudp;
+	dp->rr = nil;
+	dp->referenced = now;
+	dp->next = nil;
+
+	rp->owner = dp;
+	/*
+     * OPT TTL stores RSCODE, VERSION and DNSSEC Flag
+	 * This signals RSCODE = 0, VERSION = 0, and no DNSSEC
+     */
+	rp->ttl = 0;
+	rp->opt->dlen = 0;
+	rp->opt->data = nil;
+	return rp;
+}
+
 void	bytes2nibbles(uchar *nibbles, uchar *bytes, int nbytes);

 /*
@@ -1951,6 +1979,7 @@
 		rp->srv = emalloc(sizeof(*rp->srv));
 		setmalloctag(rp->srv, rp->pc);
 		break;
+	case Tdnskey:
 	case Tkey:
 		rp->key = emalloc(sizeof(*rp->key));
 		setmalloctag(rp->key, rp->pc);
@@ -1963,6 +1992,10 @@
 		rp->sig = emalloc(sizeof(*rp->sig));
 		setmalloctag(rp->sig, rp->pc);
 		break;
+	case Topt:
+		rp->opt = emalloc(sizeof(*rp->opt));
+		setmalloctag(rp->opt, rp->pc);
+		break;
 	case Tnull:
 		rp->null = emalloc(sizeof(*rp->null));
 		setmalloctag(rp->null, rp->pc);
@@ -1994,6 +2027,7 @@
 		memset(rp->srv, 0, sizeof *rp->srv);	/* cause trouble */
 		free(rp->srv);
 		break;
+	case Tdnskey:
 	case Tkey:
 		free(rp->key->data);
 		memset(rp->key, 0, sizeof *rp->key);	/* cause trouble */
@@ -2009,6 +2043,11 @@
 		memset(rp->sig, 0, sizeof *rp->sig);	/* cause trouble */
 		free(rp->sig);
 		break;
+	case Topt:
+		free(rp->opt->data);
+		memset(rp->opt, 0, sizeof *rp->opt);
+		free(rp->opt);
+		break;
 	case Tnull:
 		free(rp->null->data);
 		memset(rp->null, 0, sizeof *rp->null);	/* cause trouble */
diff -r 33920ebb68d1 sys/src/cmd/ndb/dns.h
--- a/sys/src/cmd/ndb/dns.h	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dns.h	Thu Dec 17 17:48:13 2020 -0600
@@ -135,7 +135,7 @@
 	Reserved=	5*Min,

 	/* packet sizes */
-	Maxudp=		512,	/* maximum bytes per udp message sent */
+	Maxudp=		4096,	/* maximum bytes per udp message sent */
 	Maxudpin=	2048,	/* maximum bytes per udp message rcv'd */

 	/* length of domain name hash table */
@@ -171,6 +171,7 @@
 typedef struct Sig	Sig;
 typedef struct Srv	Srv;
 typedef struct Txt	Txt;
+typedef struct Opt	Opt;

 /*
  *  a structure to track a request and any slave process handling it
@@ -236,6 +237,10 @@
 {
 	Block;
 };
+struct Opt
+{
+	Block;
+};

 /*
  *  text strings
@@ -292,6 +297,7 @@
 		Sig	*sig;
 		Null	*null;
 		Txt	*txt;
+		Opt	*opt;
 	};
 };

@@ -485,6 +491,7 @@
 int	tsame(int, int);
 void	unique(RR*);
 void	warning(char*, ...);
+RR*	mkopt(void);

 /* dnarea.c */
 void	refresh_areas(Area*);
diff -r 33920ebb68d1 sys/src/cmd/ndb/dnudpserver.c
--- a/sys/src/cmd/ndb/dnudpserver.c	Thu Dec 17 21:02:11 2020 +0100
+++ b/sys/src/cmd/ndb/dnudpserver.c	Thu Dec 17 17:48:13 2020 -0600
@@ -9,6 +9,7 @@

 static int	udpannounce(char*);
 static void	reply(int, uchar*, DNSmsg*, Request*);
+static void addopt(DNSmsg*, DNSmsg*);

 typedef struct Inprogress Inprogress;
 struct Inprogress
@@ -258,6 +259,7 @@
 				dnnotify(&reqmsg, &repmsg, &req);
 				break;
 			}
+			addopt(&reqmsg, &repmsg);
 			/* send reply on fd to address in buf's udp hdr */
 			reply(fd, buf, &repmsg, &req);
 			freeanswers(&repmsg);
@@ -334,3 +336,18 @@
 	if(write(fd, buf, len) != len)
 		dnslog("error sending reply: %r");
 }
+
+static void
+addopt(DNSmsg *reqmsg, DNSmsg *repmsg)
+{
+	RR *qr, *rr;
+
+	for(qr = reqmsg->ar; qr != nil; qr = qr->next)
+		if(qr->type == Topt){
+			for(rr = repmsg->ar; rr->next != nil; rr = rr->next)
+				;
+			rr->next = mkopt();
+			repmsg->arcount++;
+			break;
+		}
+}