Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extended DNS Errors a la RFC8914 #504

Open
wants to merge 69 commits into
base: master
Choose a base branch
from
Open

Extended DNS Errors a la RFC8914 #504

wants to merge 69 commits into from

Conversation

wtoorop
Copy link
Member

@wtoorop wtoorop commented Jun 24, 2021
edited by TCY16
Loading

Still TODO:

  • Answer EDE code 4 Forged for local-data answers
  • Fix unit tests
  • Configure option(s?) whether or not local-zone should result in EDE code inclusion
  • Write subroutine to parse packets which are REFUSED caused by an ACL to either return REFUSED with or without EDE 18
  • figure out how to do ACL PROHIBITED reply FORMERROR
  • Document how the log-val-level: config options influences the returned EDE option text
  • add logic for per zone EDE for RPZ and configurable rpz-do-ede
  • add remote-control support for the added configuration options
  • configurable stale answer

For future iterations, we would like to have cached EDEs and add DNSSEC indeterminate with a configuration option,

wcawijngaards
wcawijngaards reviewed Aug 17, 2021
View reviewed changes
util/data/msgreply.c Outdated Show resolved Hide resolved
Tom Carpay added 23 commits August 17, 2021 14:10
add variable bogus reason
a9e6f6b
add local anwser blocked
b3f60db
Revert "add local anwser blocked"
935634d 
This reverts commit b3f60db.
Fix dont echo edns0 option list ...
5fff0f7 
when refusing to answer authoritatively.
Also remove TODO comments that were already done
EDE Blocked with local-zone refused answers
a986597
Merge branch 'master' into features/rfc8914-ede
d9a947f
set up for tpkg test
ec4cf69
add localzones test
fba1c30
add setup of RPZ and full tests of earlier implemented EDEs
33445be
add ede to always_refuse and always_null
7079f0b
add DNSSEC indeterminate EDE and DNAME expansion test
9df75a8
add mesh bogus test, possible locations for more EDE and remove super…
2360120 
…fluous todo comments
First step towards specific EDE DNSSEC errors
a664e8c
add possible EDE spots
3576033
Answer LDNS_EDE_RRSIGS_MISSING for normal answers with missing signat…
5617de6 
…ures
add routine to do EDE on ACL blocked messages
4d15603
Merge branch 'features/rfc8914-ede' of github.com:NLnetLabs/unbound i…
65852bc 
…nto features/rfc8914-ede
add forgotten compile error fixes from previous commit
4df2965
Merge branch 'features/rfc8914-ede' of github.com:NLnetLabs/unbound i…
b606c82 
…nto features/rfc8914-ede
add routine to add EDE to ACL:refused at correct location
0b376cc
change strncpy to memmove at @wcawijngaards' suggestion
84da240
process @wcawijngaards' comments
732ad94
process @wcawijngaards' comments v2
42ba5ae
chantra
chantra reviewed Nov 16, 2021
View reviewed changes
daemon/worker.c Outdated
Comment on lines 1584 to 1592

// // stale answer?
// if (worker->env.cfg->serve_expired &&
// *worker->env.now >= ((struct reply_info*)e->data)->ttl) {
// // EDE Error Code 3 - Stale Answer
// EDNS_OPT_LIST_APPEND_EDE(&edns.opt_list_out, worker->scratchpad,
// LDNS_EDE_STALE_ANSWER, "");
// }

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought I add commented about this earlier, but I don't seem to find that message again.
Is there any plan to have stale answers EDE handled from the get go of the RFC support?

@chantra
Copy link

chantra commented Nov 16, 2021

Not sure if I forgot to submit my previous comment a couple of weeks ago, or if it got overridden as the diff took shape.

TL;DR I am looking forward this making in into the main branch and was wondering if EDE stale answer (code 3) was going to be supported from the get go as the current diff has it commented out.
Thanks @TCY16 for tackling this!

@TCY16
Copy link
Contributor

TCY16 commented Nov 17, 2021

Hi @chantra, please don't let the commented-out code dishearten you, this is very much WIP 😄
Although I can't guarantee that EDE stale answer will be in the eventual release, we'll definitively look at this particular piece of code again!

TCY16 and others added 18 commits November 19, 2021 11:27
change do_ede to be local-zone specific and add places for more EDE c…
0572870 
…odes
add forgotten autogenerated files
575a686
add config option for global EDE flag, local-zone specific EDE flag a…
7926874 
…nd default EDE code for a zone
add error in case of incorrect string for local-zone-default-ede
ff356b9
change local-zone-default-ede keywords to '-', add missing {}, and ad…
3ccb4c6 
…d manpage entry for local-zone-do-ede, local-zone-default-ede, and ede-local-zones
add ede-local-zones in the manpage and update the iana_ports.inc for …
db98a8b 
…some reason
finish up adding validator EDEs and other TODOs and fix tests with mo…
65ee2f2 
…re specific EDE codes
add config options to test conf, fix local-zone EDE printing logic, a…
63e6604 
…nd fix typo in the unbound.conf
expand ede.tdir to do validator test for DNSKEY, RRSIG and NSEC missing
dc38aac
add todo for tests and fix EDE codes for DNSKEY missing
ea1a5f3
fix DNSSEC nsec-failure test
4f37d64
@TCY16
Merge branch 'master' into features/rfc8914-ede
df229db
fix rpl tests
05e06fd
Document how the log-val-level: config options influences the returne…
7902448 
…d EDE option text
add logic for per zone EDE for RPZ and configurable rpz-do-ede
fe8ef6e
remove superfluous linebreaks
94f04a7
add remote control options for local-zone and RPZ do_ede
49f2960
fix missing disable in remote-control local_zone do_ede and typos
69e188b
@TCY16 TCY16 marked this pull request as ready for review January 3, 2022 14:09
@TCY16 TCY16 mentioned this pull request Jan 12, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chantra chantra chantra left review comments

@wcawijngaards wcawijngaards wcawijngaards left review comments

@TCY16 TCY16 TCY16 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@wtoorop @chantra @TCY16 @wcawijngaards @gthess