Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix queries default EDNS behavior #1397

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Fix queries default EDNS behavior #1397

wants to merge 1 commit into from

Conversation

tgreenx
Copy link
Contributor

@tgreenx tgreenx commented Nov 19, 2024

Purpose

This PR proposes a fix which made queries to default as EDNS queries, which was unintended. Documentation has been updated to reflect the new behavior.

Context

Fixes zonemaster/zonemaster#1308

How to test this PR

Manual testing can be done using the commands below.

$ perl -MZonemaster::Engine -E 'my $ns = Zonemaster::Engine->ns("d.nic.fr", "194.0.9.1"); say $ns->query("afnic.fr", "A")->string';
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35768
;; flags: qr ; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 2
;; QUESTION SECTION:
;; afnic.fr.    IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
afnic.fr.       3600    IN      NS      ns1.nic.fr.
afnic.fr.       3600    IN      NS      g.ext.nic.fr.
afnic.fr.       3600    IN      NS      ns3.nic.fr.
afnic.fr.       3600    IN      NS      ns2.nic.fr.

;; ADDITIONAL SECTION:
g.ext.nic.fr.   3600    IN      A       194.0.36.1
g.ext.nic.fr.   3600    IN      AAAA    2001:678:4c::1

;; Query time: 18 msec
;; SERVER: 194.0.9.1
;; WHEN: Tue Nov 19 19:27:39 2024
;; MSG SIZE  rcvd: 156

An optional hash can be passed as parameter to the query method, with keys such as dnssec and edns_size. They should be changed and/or removed to see the different behaviors. The EDNS line in the response should be inspected to see the outcome.

$ perl -MZonemaster::Engine -E 'my $ns = Zonemaster::Engine->ns("d.nic.fr", "194.0.9.1"); say $ns->query("afnic.fr", "A", { "dnssec" => 0, "edns_size" => 1024 })->string';
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 33671
;; flags: qr ; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 2
;; QUESTION SECTION:
;; afnic.fr.    IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
afnic.fr.       3600    IN      NS      ns3.nic.fr.
afnic.fr.       3600    IN      NS      g.ext.nic.fr.
afnic.fr.       3600    IN      NS      ns1.nic.fr.
afnic.fr.       3600    IN      NS      ns2.nic.fr.

;; ADDITIONAL SECTION:
g.ext.nic.fr.   3600    IN      A       194.0.36.1
g.ext.nic.fr.   3600    IN      AAAA    2001:678:4c::1

;; Query time: 17 msec
;; EDNS: version 0; flags: ; udp: 1232
;; SERVER: 194.0.9.1
;; WHEN: Tue Nov 19 19:28:46 2024
;; MSG SIZE  rcvd: 167

@tgreenx
Fix default EDNS behavior
24fa248 
This commit fixes queries defaulting as EDNS queries, which was unintended.
Documentation has been updated to reflect the new behavior.
@tgreenx tgreenx added T-Bug Type: Bug in software or error in test case description V-Patch Versioning: The change gives an update of patch in version. labels Nov 19, 2024
@tgreenx tgreenx added this to the v2024.2 milestone Nov 19, 2024
@tgreenx tgreenx linked an issue Nov 19, 2024 that may be closed by this pull request
Initial request for NS set when the auth. nameservers refuse EDNS zonemaster/zonemaster#1308
Open
@tgreenx tgreenx changed the title Fix default EDNS behavior Fix queries default EDNS behavior Nov 19, 2024
matsduf
matsduf reviewed Nov 19, 2024
View reviewed changes
lib/Zonemaster/Engine/Nameserver.pm
Comment on lines +410 to +415
if ( $flags{q{dnssec}} ) {
$flags{q{edns_size}} = $href->{q{edns_size}} // $UDP_EDNS_QUERY_DEFAULT;
}
else {
$flags{q{edns_size}} = $href->{q{edns_size}} // 0;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The value must no be larger than 64 kB. If the value is smaller than 512 it must be treated as 512. Maybe we will create a test case where it is set smaller.

Is it possible by this code to create a non-DNSSEC EDNS query without specifying the size and get the default?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matsduf matsduf matsduf left review comments

@mattias-p mattias-p Awaiting requested review from mattias-p

@marc-vanderwal marc-vanderwal Awaiting requested review from marc-vanderwal

@MichaelTimbert MichaelTimbert Awaiting requested review from MichaelTimbert

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
T-Bug Type: Bug in software or error in test case description V-Patch Versioning: The change gives an update of patch in version.
Projects
None yet
Milestone
v2024.2
Development

Successfully merging this pull request may close these issues.

Initial request for NS set when the auth. nameservers refuse EDNS
2 participants
@tgreenx @matsduf