Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CDS/CDNSKEY RRsets comparison in DNSSEC15 #1383

Merged
merged 2 commits into from
Nov 12, 2024
Merged

Fix CDS/CDNSKEY RRsets comparison in DNSSEC15 #1383

merged 2 commits into from
Nov 12, 2024

Conversation

tgreenx
Copy link
Contributor

@tgreenx tgreenx commented Aug 27, 2024
edited
Loading

Purpose

This PR proposes a fix to the handling of CDS and CDNSKEY RRsets comparison in DNSSEC15.

PS: The proper fix for the code below https://github.com/zonemaster/zonemaster-engine/pull/1383/files#diff-3c6ad87ddb974fb813839bacdaafd4e212c238d0ff6865a9bf6cf677403343deR3953 requires changes in LDNS. PRs have been made to make it happen, and it should be available in the next release of LDNS (1.8.5). See NLnetLabs/ldns@b398138.

Context

Fixes #1381

Requires zonemaster/zonemaster-ldns#199

Changes

  • Update code logic
  • Refactoring

How to test this PR

This requires zonemaster/zonemaster-ldns#199.

Unit tests should pass.

Manual testing (from #1381):

$ zonemaster-cli 8.1.7.0.1.0.0.2.ip6.arpa --ns decsys.vsb.cz --ns nsa.ces.net --ns nsa.cesnet.cz --show-testcase --test dnssec15
  -
Seconds Level    Testcase       Message
======= ======== ============== =======
Looks OK.

@tgreenx tgreenx added A-TestCase Area: Test case specification or implementation of test case V-Patch Versioning: The change gives an update of patch in version. labels Aug 27, 2024
@tgreenx tgreenx added this to the v2024.2 milestone Aug 27, 2024
@tgreenx tgreenx mentioned this pull request Aug 27, 2024
Open
@tgreenx
Copy link
Contributor Author

tgreenx commented Aug 28, 2024

PS2: A more elegant solution to this PR would require more change in Zonemaster-LDNS. See zonemaster/zonemaster-ldns#196.

I've proposed zonemaster/zonemaster-ldns#203, which would allow for making a more straightforward solution for this PR. So I'm switching it to a draft state for now.

@tgreenx tgreenx marked this pull request as draft August 28, 2024 15:23
@tgreenx tgreenx linked an issue Sep 24, 2024 that may be closed by this pull request
CDS/CDNSKEY inconsistency error #1381
Open
@tgreenx tgreenx marked this pull request as ready for review October 1, 2024 16:24
@tgreenx
Copy link
Contributor Author

tgreenx commented Oct 1, 2024

I've proposed zonemaster/zonemaster-ldns#203, which would allow for making a more straightforward solution for this PR. So I'm switching it to a draft state for now.

@mattias-p @matsduf @MichaelTimbert @marc-vanderwal This PR has been updated and is now ready for review.

matsduf
matsduf previously approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@matsduf matsduf left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find the code quite hard to follow. I would like to see comments that says what sections are meant to do. This is not due to the current PR. That is how the code is already. But that fact makes it harder to review the code.

I have tested the update and I have found no issues.

@matsduf
Copy link
Contributor

matsduf commented Oct 11, 2024

@mattias-p , @marc-vanderwal, @MichaelTimbert - please review.

@marc-vanderwal marc-vanderwal mentioned this pull request Oct 16, 2024
Merged
marc-vanderwal
marc-vanderwal reviewed Oct 16, 2024
View reviewed changes
Copy link
Contributor

@marc-vanderwal marc-vanderwal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest that we wait until zonemaster/zonemaster-ldns#209 is merged.

lib/Zonemaster/Engine/Test/DNSSEC.pm Outdated Show resolved Hide resolved
lib/Zonemaster/Engine/Test/DNSSEC.pm Outdated Show resolved Hide resolved
lib/Zonemaster/Engine/Test/DNSSEC.pm Outdated Show resolved Hide resolved
lib/Zonemaster/Engine/Test/DNSSEC.pm Outdated Show resolved Hide resolved
@tgreenx
Copy link
Contributor Author

tgreenx commented Nov 12, 2024

@matsduf please re-review

@matsduf matsduf merged commit 799bbf9 into zonemaster:develop Nov 12, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marc-vanderwal marc-vanderwal marc-vanderwal approved these changes

@mattias-p mattias-p Awaiting requested review from mattias-p

@MichaelTimbert MichaelTimbert Awaiting requested review from MichaelTimbert

@matsduf matsduf Awaiting requested review from matsduf

Assignees
No one assigned
Labels
A-TestCase Area: Test case specification or implementation of test case V-Patch Versioning: The change gives an update of patch in version.
Projects
None yet
Milestone
v2024.2
Development

Successfully merging this pull request may close these issues.

CDS/CDNSKEY inconsistency error
3 participants
@tgreenx @matsduf @marc-vanderwal