diff options
Diffstat (limited to 'vendor/github.com/miekg')
33 files changed, 528 insertions, 216 deletions
diff --git a/vendor/github.com/miekg/dns/Makefile.release b/vendor/github.com/miekg/dns/Makefile.release index 8fb748e..a0ce9b7 100644 --- a/vendor/github.com/miekg/dns/Makefile.release +++ b/vendor/github.com/miekg/dns/Makefile.release @@ -1,7 +1,7 @@ # Makefile for releasing. # # The release is controlled from version.go. The version found there is -# used to tag the git repo, we're not building any artifects so there is nothing +# used to tag the git repo, we're not building any artifacts so there is nothing # to upload to github. # # * Up the version in version.go diff --git a/vendor/github.com/miekg/dns/README.md b/vendor/github.com/miekg/dns/README.md index 767eb6b..4ed217e 100644 --- a/vendor/github.com/miekg/dns/README.md +++ b/vendor/github.com/miekg/dns/README.md @@ -71,6 +71,12 @@ A not-so-up-to-date-list-that-may-be-actually-current: * https://github.com/fortio/dnsping * https://github.com/Luzilla/dnsbl_exporter * https://github.com/bodgit/tsig +* https://github.com/v2fly/v2ray-core (test only) +* https://kuma.io/ +* https://www.misaka.io/services/dns +* https://ping.sx/dig +* https://fleetdeck.io/ + Send pull request if you want to be listed here. @@ -167,6 +173,9 @@ Example programs can be found in the `github.com/miekg/exdns` repository. * 7873 - Domain Name System (DNS) Cookies * 8080 - EdDSA for DNSSEC * 8499 - DNS Terminology +* 8659 - DNS Certification Authority Authorization (CAA) Resource Record +* 8914 - Extended DNS Errors +* 8976 - Message Digest for DNS Zones (ZONEMD RR) ## Loosely Based Upon diff --git a/vendor/github.com/miekg/dns/acceptfunc.go b/vendor/github.com/miekg/dns/acceptfunc.go index 825617f..ac479db 100644 --- a/vendor/github.com/miekg/dns/acceptfunc.go +++ b/vendor/github.com/miekg/dns/acceptfunc.go @@ -12,7 +12,7 @@ type MsgAcceptFunc func(dh Header) MsgAcceptAction // // * Zero bit isn't zero // -// * has more than 1 question in the question section +// * does not have exactly 1 question in the question section // // * has more than 1 RR in the Answer section // @@ -25,6 +25,7 @@ var DefaultMsgAcceptFunc MsgAcceptFunc = defaultMsgAcceptFunc // MsgAcceptAction represents the action to be taken. type MsgAcceptAction int +// Allowed returned values from a MsgAcceptFunc. const ( MsgAccept MsgAcceptAction = iota // Accept the message MsgReject // Reject the message with a RcodeFormatError diff --git a/vendor/github.com/miekg/dns/client.go b/vendor/github.com/miekg/dns/client.go index aa2c49d..6bae3a1 100644 --- a/vendor/github.com/miekg/dns/client.go +++ b/vendor/github.com/miekg/dns/client.go @@ -82,6 +82,12 @@ func (c *Client) writeTimeout() time.Duration { // Dial connects to the address on the named network. func (c *Client) Dial(address string) (conn *Conn, err error) { + return c.DialContext(context.Background(), address) +} + +// DialContext connects to the address on the named network, with a context.Context. +// For TLS over TCP (DoT) the context isn't used yet. This will be enabled when Go 1.18 is released. +func (c *Client) DialContext(ctx context.Context, address string) (conn *Conn, err error) { // create a new dialer with the appropriate timeout var d net.Dialer if c.Dialer == nil { @@ -101,9 +107,17 @@ func (c *Client) Dial(address string) (conn *Conn, err error) { if useTLS { network = strings.TrimSuffix(network, "-tls") + // TODO(miekg): Enable after Go 1.18 is released, to be able to support two prev. releases. + /* + tlsDialer := tls.Dialer{ + NetDialer: &d, + Config: c.TLSConfig, + } + conn.Conn, err = tlsDialer.DialContext(ctx, network, address) + */ conn.Conn, err = tls.DialWithDialer(&d, network, address, c.TLSConfig) } else { - conn.Conn, err = d.Dial(network, address) + conn.Conn, err = d.DialContext(ctx, network, address) } if err != nil { return nil, err @@ -139,24 +153,34 @@ func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, er // ExchangeWithConn has the same behavior as Exchange, just with a predetermined connection // that will be used instead of creating a new one. // Usage pattern with a *dns.Client: +// // c := new(dns.Client) // // connection management logic goes here // // conn := c.Dial(address) // in, rtt, err := c.ExchangeWithConn(message, conn) // -// This allows users of the library to implement their own connection management, -// as opposed to Exchange, which will always use new connections and incur the added overhead -// that entails when using "tcp" and especially "tcp-tls" clients. +// This allows users of the library to implement their own connection management, +// as opposed to Exchange, which will always use new connections and incur the added overhead +// that entails when using "tcp" and especially "tcp-tls" clients. +// +// When the singleflight is set for this client the context is _not_ forwarded to the (shared) exchange, to +// prevent one cancelation from canceling all outstanding requests. func (c *Client) ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error) { + return c.exchangeWithConnContext(context.Background(), m, conn) +} + +func (c *Client) exchangeWithConnContext(ctx context.Context, m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error) { if !c.SingleInflight { - return c.exchange(m, conn) + return c.exchangeContext(ctx, m, conn) } q := m.Question[0] key := fmt.Sprintf("%s:%d:%d", q.Name, q.Qtype, q.Qclass) r, rtt, err, shared := c.group.Do(key, func() (*Msg, time.Duration, error) { - return c.exchange(m, conn) + // When we're doing singleflight we don't want one context cancelation, cancel _all_ outstanding queries. + // Hence we ignore the context and use Background(). + return c.exchangeContext(context.Background(), m, conn) }) if r != nil && shared { r = r.Copy() @@ -165,8 +189,7 @@ func (c *Client) ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration return r, rtt, err } -func (c *Client) exchange(m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error) { - +func (c *Client) exchangeContext(ctx context.Context, m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error) { opt := m.IsEdns0() // If EDNS0 is used use that for size. if opt != nil && opt.UDPSize() >= MinMsgSize { @@ -177,15 +200,27 @@ func (c *Client) exchange(m *Msg, co *Conn) (r *Msg, rtt time.Duration, err erro co.UDPSize = c.UDPSize } - co.TsigSecret, co.TsigProvider = c.TsigSecret, c.TsigProvider - t := time.Now() // write with the appropriate write timeout - co.SetWriteDeadline(t.Add(c.getTimeoutForRequest(c.writeTimeout()))) + t := time.Now() + writeDeadline := t.Add(c.getTimeoutForRequest(c.writeTimeout())) + readDeadline := t.Add(c.getTimeoutForRequest(c.readTimeout())) + if deadline, ok := ctx.Deadline(); ok { + if deadline.Before(writeDeadline) { + writeDeadline = deadline + } + if deadline.Before(readDeadline) { + readDeadline = deadline + } + } + co.SetWriteDeadline(writeDeadline) + co.SetReadDeadline(readDeadline) + + co.TsigSecret, co.TsigProvider = c.TsigSecret, c.TsigProvider + if err = co.WriteMsg(m); err != nil { return nil, 0, err } - co.SetReadDeadline(time.Now().Add(c.getTimeoutForRequest(c.readTimeout()))) if _, ok := co.Conn.(net.PacketConn); ok { for { r, err = co.ReadMsg() @@ -340,11 +375,10 @@ func (co *Conn) Write(p []byte) (int, error) { return co.Conn.Write(p) } - l := make([]byte, 2) - binary.BigEndian.PutUint16(l, uint16(len(p))) - - n, err := (&net.Buffers{l, p}).WriteTo(co.Conn) - return int(n), err + msg := make([]byte, 2+len(p)) + binary.BigEndian.PutUint16(msg, uint16(len(p))) + copy(msg[2:], p) + return co.Conn.Write(msg) } // Return the appropriate timeout for a specific request @@ -380,7 +414,7 @@ func Dial(network, address string) (conn *Conn, err error) { func ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, err error) { client := Client{Net: "udp"} r, _, err = client.ExchangeContext(ctx, m, a) - // ignorint rtt to leave the original ExchangeContext API unchanged, but + // ignoring rtt to leave the original ExchangeContext API unchanged, but // this function will go away return r, err } @@ -436,15 +470,11 @@ func DialTimeoutWithTLS(network, address string, tlsConfig *tls.Config, timeout // context, if present. If there is both a context deadline and a configured // timeout on the client, the earliest of the two takes effect. func (c *Client) ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, rtt time.Duration, err error) { - var timeout time.Duration - if deadline, ok := ctx.Deadline(); !ok { - timeout = 0 - } else { - timeout = time.Until(deadline) + conn, err := c.DialContext(ctx, a) + if err != nil { + return nil, 0, err } - // not passing the context to the underlying calls, as the API does not support - // context. For timeouts you should set up Client.Dialer and call Client.Exchange. - // TODO(tmthrgd,miekg): this is a race condition. - c.Dialer = &net.Dialer{Timeout: timeout} - return c.Exchange(m, a) + defer conn.Close() + + return c.exchangeWithConnContext(ctx, m, conn) } diff --git a/vendor/github.com/miekg/dns/defaults.go b/vendor/github.com/miekg/dns/defaults.go index d874e30..d47b0b1 100644 --- a/vendor/github.com/miekg/dns/defaults.go +++ b/vendor/github.com/miekg/dns/defaults.go @@ -349,10 +349,7 @@ func ReverseAddr(addr string) (arpa string, err error) { // Add it, in reverse, to the buffer for i := len(ip) - 1; i >= 0; i-- { v := ip[i] - buf = append(buf, hexDigit[v&0xF]) - buf = append(buf, '.') - buf = append(buf, hexDigit[v>>4]) - buf = append(buf, '.') + buf = append(buf, hexDigit[v&0xF], '.', hexDigit[v>>4], '.') } // Append "ip6.arpa." and return (buf already has the final .) buf = append(buf, "ip6.arpa."...) diff --git a/vendor/github.com/miekg/dns/dnssec.go b/vendor/github.com/miekg/dns/dnssec.go index 900f6e0..8539aae 100644 --- a/vendor/github.com/miekg/dns/dnssec.go +++ b/vendor/github.com/miekg/dns/dnssec.go @@ -4,12 +4,13 @@ import ( "bytes" "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/elliptic" "crypto/rand" "crypto/rsa" - _ "crypto/sha1" - _ "crypto/sha256" - _ "crypto/sha512" + _ "crypto/sha1" // need its init function + _ "crypto/sha256" // need its init function + _ "crypto/sha512" // need its init function "encoding/asn1" "encoding/binary" "encoding/hex" @@ -17,8 +18,6 @@ import ( "sort" "strings" "time" - - "golang.org/x/crypto/ed25519" ) // DNSSEC encryption algorithm codes. @@ -373,6 +372,8 @@ func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte, // Verify validates an RRSet with the signature and key. This is only the // cryptographic test, the signature validity period must be checked separately. // This function copies the rdata of some RRs (to lowercase domain names) for the validation to work. +// It also checks that the Zone Key bit (RFC 4034 2.1.1) is set on the DNSKEY +// and that the Protocol field is set to 3 (RFC 4034 2.1.2). func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error { // First the easy checks if !IsRRset(rrset) { @@ -393,6 +394,12 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error { if k.Protocol != 3 { return ErrKey } + // RFC 4034 2.1.1 If bit 7 has value 0, then the DNSKEY record holds some + // other type of DNS public key and MUST NOT be used to verify RRSIGs that + // cover RRsets. + if k.Flags&ZONE == 0 { + return ErrKey + } // IsRRset checked that we have at least one RR and that the RRs in // the set have consistent type, class, and name. Also check that type and @@ -500,7 +507,7 @@ func (rr *RRSIG) ValidityPeriod(t time.Time) bool { return ti <= utc && utc <= te } -// Return the signatures base64 encodedig sigdata as a byte slice. +// Return the signatures base64 encoding sigdata as a byte slice. func (rr *RRSIG) sigBuf() []byte { sigbuf, err := fromBase64([]byte(rr.Signature)) if err != nil { diff --git a/vendor/github.com/miekg/dns/dnssec_keygen.go b/vendor/github.com/miekg/dns/dnssec_keygen.go index 2ab7b6d..b8124b5 100644 --- a/vendor/github.com/miekg/dns/dnssec_keygen.go +++ b/vendor/github.com/miekg/dns/dnssec_keygen.go @@ -3,12 +3,11 @@ package dns import ( "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/elliptic" "crypto/rand" "crypto/rsa" "math/big" - - "golang.org/x/crypto/ed25519" ) // Generate generates a DNSKEY of the given bit size. diff --git a/vendor/github.com/miekg/dns/dnssec_keyscan.go b/vendor/github.com/miekg/dns/dnssec_keyscan.go index 6cbc284..f796581 100644 --- a/vendor/github.com/miekg/dns/dnssec_keyscan.go +++ b/vendor/github.com/miekg/dns/dnssec_keyscan.go @@ -4,13 +4,12 @@ import ( "bufio" "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/rsa" "io" "math/big" "strconv" "strings" - - "golang.org/x/crypto/ed25519" ) // NewPrivateKey returns a PrivateKey by parsing the string s. diff --git a/vendor/github.com/miekg/dns/dnssec_privkey.go b/vendor/github.com/miekg/dns/dnssec_privkey.go index 072e445..f160772 100644 --- a/vendor/github.com/miekg/dns/dnssec_privkey.go +++ b/vendor/github.com/miekg/dns/dnssec_privkey.go @@ -3,11 +3,10 @@ package dns import ( "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/rsa" "math/big" "strconv" - - "golang.org/x/crypto/ed25519" ) const format = "Private-key-format: v1.3\n" diff --git a/vendor/github.com/miekg/dns/doc.go b/vendor/github.com/miekg/dns/doc.go index f7629ec..5c83f82 100644 --- a/vendor/github.com/miekg/dns/doc.go +++ b/vendor/github.com/miekg/dns/doc.go @@ -159,7 +159,7 @@ shows the options you have and what functions to call. TRANSACTION SIGNATURE An TSIG or transaction signature adds a HMAC TSIG record to each message sent. -The supported algorithms include: HmacMD5, HmacSHA1, HmacSHA256 and HmacSHA512. +The supported algorithms include: HmacSHA1, HmacSHA256 and HmacSHA512. Basic use pattern when querying with a TSIG name "axfr." (note that these key names must be fully qualified - as they are domain names) and the base64 secret @@ -174,7 +174,7 @@ changes to the RRset after calling SetTsig() the signature will be incorrect. c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} m := new(dns.Msg) m.SetQuestion("miek.nl.", dns.TypeMX) - m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) + m.SetTsig("axfr.", dns.HmacSHA256, 300, time.Now().Unix()) ... // When sending the TSIG RR is calculated and filled in before sending @@ -187,7 +187,7 @@ request an AXFR for miek.nl. with TSIG key named "axfr." and secret m := new(dns.Msg) t.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} m.SetAxfr("miek.nl.") - m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) + m.SetTsig("axfr.", dns.HmacSHA256, 300, time.Now().Unix()) c, err := t.In(m, "176.58.119.54:53") for r := range c { ... } @@ -214,7 +214,7 @@ client must be configured with an implementation of the TsigProvider interface: c.TsigProvider = new(Provider) m := new(dns.Msg) m.SetQuestion("miek.nl.", dns.TypeMX) - m.SetTsig(keyname, dns.HmacSHA1, 300, time.Now().Unix()) + m.SetTsig(keyname, dns.HmacSHA256, 300, time.Now().Unix()) ... // TSIG RR is calculated by calling your Generate method @@ -231,7 +231,7 @@ Basic use pattern validating and replying to a message that has TSIG set. if r.IsTsig() != nil { if w.TsigStatus() == nil { // *Msg r has an TSIG record and it was validated - m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) + m.SetTsig("axfr.", dns.HmacSHA256, 300, time.Now().Unix()) } else { // *Msg r has an TSIG records and it was not validated } diff --git a/vendor/github.com/miekg/dns/edns.go b/vendor/github.com/miekg/dns/edns.go index f3fb1c6..862e534 100644 --- a/vendor/github.com/miekg/dns/edns.go +++ b/vendor/github.com/miekg/dns/edns.go @@ -14,6 +14,7 @@ const ( EDNS0LLQ = 0x1 // long lived queries: http://tools.ietf.org/html/draft-sekar-dns-llq-01 EDNS0UL = 0x2 // update lease draft: http://files.dns-sd.org/draft-sekar-dns-ul.txt EDNS0NSID = 0x3 // nsid (See RFC 5001) + EDNS0ESU = 0x4 // ENUM Source-URI draft: https://datatracker.ietf.org/doc/html/draft-kaplan-enum-source-uri-00 EDNS0DAU = 0x5 // DNSSEC Algorithm Understood EDNS0DHU = 0x6 // DS Hash Understood EDNS0N3U = 0x7 // NSEC3 Hash Understood @@ -22,11 +23,49 @@ const ( EDNS0COOKIE = 0xa // EDNS0 Cookie EDNS0TCPKEEPALIVE = 0xb // EDNS0 tcp keep alive (See RFC 7828) EDNS0PADDING = 0xc // EDNS0 padding (See RFC 7830) + EDNS0EDE = 0xf // EDNS0 extended DNS errors (See RFC 8914) EDNS0LOCALSTART = 0xFDE9 // Beginning of range reserved for local/experimental use (See RFC 6891) EDNS0LOCALEND = 0xFFFE // End of range reserved for local/experimental use (See RFC 6891) _DO = 1 << 15 // DNSSEC OK ) +// makeDataOpt is used to unpack the EDNS0 option(s) from a message. +func makeDataOpt(code uint16) EDNS0 { + // All the EDNS0.* constants above need to be in this switch. + switch code { + case EDNS0LLQ: + return new(EDNS0_LLQ) + case EDNS0UL: + return new(EDNS0_UL) + case EDNS0NSID: + return new(EDNS0_NSID) + case EDNS0DAU: + return new(EDNS0_DAU) + case EDNS0DHU: + return new(EDNS0_DHU) + case EDNS0N3U: + return new(EDNS0_N3U) + case EDNS0SUBNET: + return new(EDNS0_SUBNET) + case EDNS0EXPIRE: + return new(EDNS0_EXPIRE) + case EDNS0COOKIE: + return new(EDNS0_COOKIE) + case EDNS0TCPKEEPALIVE: + return new(EDNS0_TCP_KEEPALIVE) + case EDNS0PADDING: + return new(EDNS0_PADDING) + case EDNS0EDE: + return new(EDNS0_EDE) + case EDNS0ESU: + return &EDNS0_ESU{Code: EDNS0ESU} + default: + e := new(EDNS0_LOCAL) + e.Code = code + return e + } +} + // OPT is the EDNS0 RR appended to messages to convey extra (meta) information. // See RFC 6891. type OPT struct { @@ -59,6 +98,8 @@ func (rr *OPT) String() string { s += "\n; SUBNET: " + o.String() case *EDNS0_COOKIE: s += "\n; COOKIE: " + o.String() + case *EDNS0_TCP_KEEPALIVE: + s += "\n; KEEPALIVE: " + o.String() case *EDNS0_UL: s += "\n; UPDATE LEASE: " + o.String() case *EDNS0_LLQ: @@ -73,6 +114,10 @@ func (rr *OPT) String() string { s += "\n; LOCAL OPT: " + o.String() case *EDNS0_PADDING: s += "\n; PADDING: " + o.String() + case *EDNS0_EDE: + s += "\n; EDE: " + o.String() + case *EDNS0_ESU: + s += "\n; ESU: " + o.String() } } return s @@ -92,7 +137,7 @@ func (*OPT) parse(c *zlexer, origin string) *ParseError { return &ParseError{err: "OPT records do not have a presentation format"} } -func (r1 *OPT) isDuplicate(r2 RR) bool { return false } +func (rr *OPT) isDuplicate(r2 RR) bool { return false } // return the old value -> delete SetVersion? @@ -148,6 +193,16 @@ func (rr *OPT) SetDo(do ...bool) { } } +// Z returns the Z part of the OPT RR as a uint16 with only the 15 least significant bits used. +func (rr *OPT) Z() uint16 { + return uint16(rr.Hdr.Ttl & 0x7FFF) +} + +// SetZ sets the Z part of the OPT RR, note only the 15 least significant bits of z are used. +func (rr *OPT) SetZ(z uint16) { + rr.Hdr.Ttl = rr.Hdr.Ttl&^0x7FFF | uint32(z&0x7FFF) +} + // EDNS0 defines an EDNS0 Option. An OPT RR can have multiple options appended to it. type EDNS0 interface { // Option returns the option code for the option. @@ -452,7 +507,7 @@ func (e *EDNS0_LLQ) copy() EDNS0 { return &EDNS0_LLQ{e.Code, e.Version, e.Opcode, e.Error, e.Id, e.LeaseLife} } -// EDNS0_DUA implements the EDNS0 "DNSSEC Algorithm Understood" option. See RFC 6975. +// EDNS0_DAU implements the EDNS0 "DNSSEC Algorithm Understood" option. See RFC 6975. type EDNS0_DAU struct { Code uint16 // Always EDNS0DAU AlgCode []uint8 @@ -525,7 +580,7 @@ func (e *EDNS0_N3U) String() string { } func (e *EDNS0_N3U) copy() EDNS0 { return &EDNS0_N3U{e.Code, e.AlgCode} } -// EDNS0_EXPIRE implementes the EDNS0 option as described in RFC 7314. +// EDNS0_EXPIRE implements the EDNS0 option as described in RFC 7314. type EDNS0_EXPIRE struct { Code uint16 // Always EDNS0EXPIRE Expire uint32 @@ -604,57 +659,52 @@ func (e *EDNS0_LOCAL) unpack(b []byte) error { // EDNS0_TCP_KEEPALIVE is an EDNS0 option that instructs the server to keep // the TCP connection alive. See RFC 7828. type EDNS0_TCP_KEEPALIVE struct { - Code uint16 // Always EDNSTCPKEEPALIVE - Length uint16 // the value 0 if the TIMEOUT is omitted, the value 2 if it is present; - Timeout uint16 // an idle timeout value for the TCP connection, specified in units of 100 milliseconds, encoded in network byte order. + Code uint16 // Always EDNSTCPKEEPALIVE + + // Timeout is an idle timeout value for the TCP connection, specified in + // units of 100 milliseconds, encoded in network byte order. If set to 0, + // pack will return a nil slice. + Timeout uint16 + + // Length is the option's length. + // Deprecated: this field is deprecated and is always equal to 0. + Length uint16 } // Option implements the EDNS0 interface. func (e *EDNS0_TCP_KEEPALIVE) Option() uint16 { return EDNS0TCPKEEPALIVE } func (e *EDNS0_TCP_KEEPALIVE) pack() ([]byte, error) { - if e.Timeout != 0 && e.Length != 2 { - return nil, errors.New("dns: timeout specified but length is not 2") + if e.Timeout > 0 { + b := make([]byte, 2) + binary.BigEndian.PutUint16(b, e.Timeout) + return b, nil } - if e.Timeout == 0 && e.Length != 0 { - return nil, errors.New("dns: timeout not specified but length is not 0") - } - b := make([]byte, 4+e.Length) - binary.BigEndian.PutUint16(b[0:], e.Code) - binary.BigEndian.PutUint16(b[2:], e.Length) - if e.Length == 2 { - binary.BigEndian.PutUint16(b[4:], e.Timeout) - } - return b, nil + return nil, nil } func (e *EDNS0_TCP_KEEPALIVE) unpack(b []byte) error { - if len(b) < 4 { - return ErrBuf - } - e.Length = binary.BigEndian.Uint16(b[2:4]) - if e.Length != 0 && e.Length != 2 { - return errors.New("dns: length mismatch, want 0/2 but got " + strconv.FormatUint(uint64(e.Length), 10)) - } - if e.Length == 2 { - if len(b) < 6 { - return ErrBuf - } - e.Timeout = binary.BigEndian.Uint16(b[4:6]) + switch len(b) { + case 0: + case 2: + e.Timeout = binary.BigEndian.Uint16(b) + default: + return fmt.Errorf("dns: length mismatch, want 0/2 but got %d", len(b)) } return nil } -func (e *EDNS0_TCP_KEEPALIVE) String() (s string) { - s = "use tcp keep-alive" - if e.Length == 0 { +func (e *EDNS0_TCP_KEEPALIVE) String() string { + s := "use tcp keep-alive" + if e.Timeout == 0 { s += ", timeout omitted" } else { s += fmt.Sprintf(", timeout %dms", e.Timeout*100) } - return + return s } -func (e *EDNS0_TCP_KEEPALIVE) copy() EDNS0 { return &EDNS0_TCP_KEEPALIVE{e.Code, e.Length, e.Timeout} } + +func (e *EDNS0_TCP_KEEPALIVE) copy() EDNS0 { return &EDNS0_TCP_KEEPALIVE{e.Code, e.Timeout, e.Length} } // EDNS0_PADDING option is used to add padding to a request/response. The default // value of padding SHOULD be 0x0 but other values MAY be used, for instance if @@ -673,3 +723,117 @@ func (e *EDNS0_PADDING) copy() EDNS0 { copy(b, e.Padding) return &EDNS0_PADDING{b} } + +// Extended DNS Error Codes (RFC 8914). +const ( + ExtendedErrorCodeOther uint16 = iota + ExtendedErrorCodeUnsupportedDNSKEYAlgorithm + ExtendedErrorCodeUnsupportedDSDigestType + ExtendedErrorCodeStaleAnswer + ExtendedErrorCodeForgedAnswer + ExtendedErrorCodeDNSSECIndeterminate + ExtendedErrorCodeDNSBogus + ExtendedErrorCodeSignatureExpired + ExtendedErrorCodeSignatureNotYetValid + ExtendedErrorCodeDNSKEYMissing + ExtendedErrorCodeRRSIGsMissing + ExtendedErrorCodeNoZoneKeyBitSet + ExtendedErrorCodeNSECMissing + ExtendedErrorCodeCachedError + ExtendedErrorCodeNotReady + ExtendedErrorCodeBlocked + ExtendedErrorCodeCensored + ExtendedErrorCodeFiltered + ExtendedErrorCodeProhibited + ExtendedErrorCodeStaleNXDOMAINAnswer + ExtendedErrorCodeNotAuthoritative + ExtendedErrorCodeNotSupported + ExtendedErrorCodeNoReachableAuthority + ExtendedErrorCodeNetworkError + ExtendedErrorCodeInvalidData +) + +// ExtendedErrorCodeToString maps extended error info codes to a human readable +// description. +var ExtendedErrorCodeToString = map[uint16]string{ + ExtendedErrorCodeOther: "Other", + ExtendedErrorCodeUnsupportedDNSKEYAlgorithm: "Unsupported DNSKEY Algorithm", + ExtendedErrorCodeUnsupportedDSDigestType: "Unsupported DS Digest Type", + ExtendedErrorCodeStaleAnswer: "Stale Answer", + ExtendedErrorCodeForgedAnswer: "Forged Answer", + ExtendedErrorCodeDNSSECIndeterminate: "DNSSEC Indeterminate", + ExtendedErrorCodeDNSBogus: "DNSSEC Bogus", + ExtendedErrorCodeSignatureExpired: "Signature Expired", + ExtendedErrorCodeSignatureNotYetValid: "Signature Not Yet Valid", + ExtendedErrorCodeDNSKEYMissing: "DNSKEY Missing", + ExtendedErrorCodeRRSIGsMissing: "RRSIGs Missing", + ExtendedErrorCodeNoZoneKeyBitSet: "No Zone Key Bit Set", + ExtendedErrorCodeNSECMissing: "NSEC Missing", + ExtendedErrorCodeCachedError: "Cached Error", + ExtendedErrorCodeNotReady: "Not Ready", + ExtendedErrorCodeBlocked: "Blocked", + ExtendedErrorCodeCensored: "Censored", + ExtendedErrorCodeFiltered: "Filtered", + ExtendedErrorCodeProhibited: "Prohibited", + ExtendedErrorCodeStaleNXDOMAINAnswer: "Stale NXDOMAIN Answer", + ExtendedErrorCodeNotAuthoritative: "Not Authoritative", + ExtendedErrorCodeNotSupported: "Not Supported", + ExtendedErrorCodeNoReachableAuthority: "No Reachable Authority", + ExtendedErrorCodeNetworkError: "Network Error", + ExtendedErrorCodeInvalidData: "Invalid Data", +} + +// StringToExtendedErrorCode is a map from human readable descriptions to +// extended error info codes. +var StringToExtendedErrorCode = reverseInt16(ExtendedErrorCodeToString) + +// EDNS0_EDE option is used to return additional information about the cause of +// DNS errors. +type EDNS0_EDE struct { + InfoCode uint16 + ExtraText string +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_EDE) Option() uint16 { return EDNS0EDE } +func (e *EDNS0_EDE) copy() EDNS0 { return &EDNS0_EDE{e.InfoCode, e.ExtraText} } + +func (e *EDNS0_EDE) String() string { + info := strconv.FormatUint(uint64(e.InfoCode), 10) + if s, ok := ExtendedErrorCodeToString[e.InfoCode]; ok { + info += fmt.Sprintf(" (%s)", s) + } + return fmt.Sprintf("%s: (%s)", info, e.ExtraText) +} + +func (e *EDNS0_EDE) pack() ([]byte, error) { + b := make([]byte, 2+len(e.ExtraText)) + binary.BigEndian.PutUint16(b[0:], e.InfoCode) + copy(b[2:], []byte(e.ExtraText)) + return b, nil +} + +func (e *EDNS0_EDE) unpack(b []byte) error { + if len(b) < 2 { + return ErrBuf + } + e.InfoCode = binary.BigEndian.Uint16(b[0:]) + e.ExtraText = string(b[2:]) + return nil +} + +// The EDNS0_ESU option for ENUM Source-URI Extension +type EDNS0_ESU struct { + Code uint16 + Uri string +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_ESU) Option() uint16 { return EDNS0ESU } +func (e *EDNS0_ESU) String() string { return e.Uri } +func (e *EDNS0_ESU) copy() EDNS0 { return &EDNS0_ESU{e.Code, e.Uri} } +func (e *EDNS0_ESU) pack() ([]byte, error) { return []byte(e.Uri), nil } +func (e *EDNS0_ESU) unpack(b []byte) error { + e.Uri = string(b) + return nil +} diff --git a/vendor/github.com/miekg/dns/go.mod b/vendor/github.com/miekg/dns/go.mod deleted file mode 100644 index 6003d05..0000000 --- a/vendor/github.com/miekg/dns/go.mod +++ /dev/null @@ -1,11 +0,0 @@ -module github.com/miekg/dns - -go 1.12 - -require ( - golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 - golang.org/x/net v0.0.0-20190923162816-aa69164e4478 - golang.org/x/sync v0.0.0-20190423024810-112230192c58 - golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe - golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 // indirect -) diff --git a/vendor/github.com/miekg/dns/go.sum b/vendor/github.com/miekg/dns/go.sum deleted file mode 100644 index 96bda3a..0000000 --- a/vendor/github.com/miekg/dns/go.sum +++ /dev/null @@ -1,39 +0,0 @@ -golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc= -golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM= -golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 h1:ACG4HJsFiNMf47Y4PeRoebLNy/2lXT9EtprMuTFWt1M= -golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3 h1:dgd4x4kJt7G4k4m93AYLzM8Ni6h2qLTfh9n9vXJT3/0= -golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611 h1:O33LKL7WyJgjN9CvxfTIomjIClbd/Kq86/iipowHQU0= -golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd h1:DBH9mDw0zluJT/R+nGuV3jWFWLFaHyYZWD4tOT+cjn0= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M= -golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 h1:VvQyQJN0tSuecqgcIxMWnnfG5kSmgy9KZR9sW3W5QeA= -golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/vendor/github.com/miekg/dns/labels.go b/vendor/github.com/miekg/dns/labels.go index df1675d..f9faacf 100644 --- a/vendor/github.com/miekg/dns/labels.go +++ b/vendor/github.com/miekg/dns/labels.go @@ -10,7 +10,7 @@ package dns // escaped dots (\.) for instance. // s must be a syntactically valid domain name, see IsDomainName. func SplitDomainName(s string) (labels []string) { - if len(s) == 0 { + if s == "" { return nil } fqdnEnd := 0 // offset of the final '.' or the length of the name diff --git a/vendor/github.com/miekg/dns/listen_go_not111.go b/vendor/github.com/miekg/dns/listen_no_reuseport.go index b920141..b920141 100644 --- a/vendor/github.com/miekg/dns/listen_go_not111.go +++ b/vendor/github.com/miekg/dns/listen_no_reuseport.go diff --git a/vendor/github.com/miekg/dns/listen_go111.go b/vendor/github.com/miekg/dns/listen_reuseport.go index fad195c..fad195c 100644 --- a/vendor/github.com/miekg/dns/listen_go111.go +++ b/vendor/github.com/miekg/dns/listen_reuseport.go diff --git a/vendor/github.com/miekg/dns/msg.go b/vendor/github.com/miekg/dns/msg.go index 1728a98..ead4b69 100644 --- a/vendor/github.com/miekg/dns/msg.go +++ b/vendor/github.com/miekg/dns/msg.go @@ -742,7 +742,7 @@ func (dns *Msg) packBufferWithCompressionMap(buf []byte, compression compression } // Set extended rcode unconditionally if we have an opt, this will allow - // reseting the extended rcode bits if they need to. + // resetting the extended rcode bits if they need to. if opt := dns.IsEdns0(); opt != nil { opt.SetExtendedRcode(uint16(dns.Rcode)) } else if dns.Rcode > 0xF { diff --git a/vendor/github.com/miekg/dns/msg_helpers.go b/vendor/github.com/miekg/dns/msg_helpers.go index 47625ed..10754c8 100644 --- a/vendor/github.com/miekg/dns/msg_helpers.go +++ b/vendor/github.com/miekg/dns/msg_helpers.go @@ -438,35 +438,6 @@ Option: return edns, off, nil } -func makeDataOpt(code uint16) EDNS0 { - switch code { - case EDNS0NSID: - return new(EDNS0_NSID) - case EDNS0SUBNET: - return new(EDNS0_SUBNET) - case EDNS0COOKIE: - return new(EDNS0_COOKIE) - case EDNS0EXPIRE: - return new(EDNS0_EXPIRE) - case EDNS0UL: - return new(EDNS0_UL) - case EDNS0LLQ: - return new(EDNS0_LLQ) - case EDNS0DAU: - return new(EDNS0_DAU) - case EDNS0DHU: - return new(EDNS0_DHU) - case EDNS0N3U: - return new(EDNS0_N3U) - case EDNS0PADDING: - return new(EDNS0_PADDING) - default: - e := new(EDNS0_LOCAL) - e.Code = code - return e - } -} - func packDataOpt(options []EDNS0, msg []byte, off int) (int, error) { for _, el := range options { b, err := el.pack() @@ -810,6 +781,8 @@ func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) { if off+afdlen > len(msg) { return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL address"} } + + // Address MUST NOT contain trailing zero bytes per RFC3123 Sections 4.1 and 4.2. off += copy(ip, msg[off:off+afdlen]) if afdlen > 0 { last := ip[afdlen-1] @@ -821,10 +794,6 @@ func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) { IP: ip, Mask: net.CIDRMask(int(prefix), 8*len(ip)), } - network := ipnet.IP.Mask(ipnet.Mask) - if !network.Equal(ipnet.IP) { - return APLPrefix{}, len(msg), &Error{err: "invalid APL address length"} - } return APLPrefix{ Negation: (nlen & 0x80) != 0, diff --git a/vendor/github.com/miekg/dns/msg_truncate.go b/vendor/github.com/miekg/dns/msg_truncate.go index 156c5a0..2ddc9a7 100644 --- a/vendor/github.com/miekg/dns/msg_truncate.go +++ b/vendor/github.com/miekg/dns/msg_truncate.go @@ -8,6 +8,11 @@ package dns // record adding as many records as possible without exceeding the // requested buffer size. // +// If the message fits within the requested size without compression, +// Truncate will set the message's Compress attribute to false. It is +// the caller's responsibility to set it back to true if they wish to +// compress the payload regardless of size. +// // The TC bit will be set if any records were excluded from the message. // If the TC bit is already set on the message it will be retained. // TC indicates that the client should retry over TCP. diff --git a/vendor/github.com/miekg/dns/privaterr.go b/vendor/github.com/miekg/dns/privaterr.go index cda6cae..d256b65 100644 --- a/vendor/github.com/miekg/dns/privaterr.go +++ b/vendor/github.com/miekg/dns/privaterr.go @@ -6,7 +6,7 @@ import "strings" // RFC 6895. This allows one to experiment with new RR types, without requesting an // official type code. Also see dns.PrivateHandle and dns.PrivateHandleRemove. type PrivateRdata interface { - // String returns the text presentaton of the Rdata of the Private RR. + // String returns the text presentation of the Rdata of the Private RR. String() string // Parse parses the Rdata of the private RR. Parse([]string) error @@ -90,7 +90,7 @@ Fetch: return nil } -func (r1 *PrivateRR) isDuplicate(r2 RR) bool { return false } +func (r *PrivateRR) isDuplicate(r2 RR) bool { return false } // PrivateHandle registers a private resource record type. It requires // string and numeric representation of private RR type and generator function as argument. diff --git a/vendor/github.com/miekg/dns/scan.go b/vendor/github.com/miekg/dns/scan.go index 67161de..57be988 100644 --- a/vendor/github.com/miekg/dns/scan.go +++ b/vendor/github.com/miekg/dns/scan.go @@ -150,6 +150,9 @@ func ReadRR(r io.Reader, file string) (RR, error) { // The text "; this is comment" is returned from Comment. Comments inside // the RR are returned concatenated along with the RR. Comments on a line // by themselves are discarded. +// +// Callers should not assume all returned data in an Resource Record is +// syntactically correct, e.g. illegal base64 in RRSIGs will be returned as-is. type ZoneParser struct { c *zlexer @@ -1233,7 +1236,7 @@ func stringToCm(token string) (e, m uint8, ok bool) { // 'nn.1' must be treated as 'nn-meters and 10cm, not 1cm. cmeters *= 10 } - if len(s[0]) == 0 { + if s[0] == "" { // This will allow omitting the 'meter' part, like .01 (meaning 0.01m = 1cm). break } @@ -1352,7 +1355,7 @@ func stringToNodeID(l lex) (uint64, *ParseError) { if len(l.token) < 19 { return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l} } - // There must be three colons at fixes postitions, if not its a parse error + // There must be three colons at fixes positions, if not its a parse error if l.token[4] != ':' && l.token[9] != ':' && l.token[14] != ':' { return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l} } diff --git a/vendor/github.com/miekg/dns/scan_rr.go b/vendor/github.com/miekg/dns/scan_rr.go index 23b4043..e398484 100644 --- a/vendor/github.com/miekg/dns/scan_rr.go +++ b/vendor/github.com/miekg/dns/scan_rr.go @@ -609,7 +609,7 @@ func (rr *LOC) parse(c *zlexer, o string) *ParseError { c.Next() // zBlank l, _ = c.Next() - if i, err := strconv.ParseFloat(l.token, 32); err != nil || l.err || i < 0 || i >= 60 { + if i, err := strconv.ParseFloat(l.token, 64); err != nil || l.err || i < 0 || i >= 60 { return &ParseError{"", "bad LOC Latitude seconds", l} } else { rr.Latitude += uint32(1000 * i) @@ -645,7 +645,7 @@ East: } c.Next() // zBlank l, _ = c.Next() - if i, err := strconv.ParseFloat(l.token, 32); err != nil || l.err || i < 0 || i >= 60 { + if i, err := strconv.ParseFloat(l.token, 64); err != nil || l.err || i < 0 || i >= 60 { return &ParseError{"", "bad LOC Longitude seconds", l} } else { rr.Longitude += uint32(1000 * i) @@ -662,7 +662,7 @@ East: Altitude: c.Next() // zBlank l, _ = c.Next() - if len(l.token) == 0 || l.err { + if l.token == "" || l.err { return &ParseError{"", "bad LOC Altitude", l} } if l.token[len(l.token)-1] == 'M' || l.token[len(l.token)-1] == 'm' { @@ -722,7 +722,7 @@ func (rr *HIP) parse(c *zlexer, o string) *ParseError { c.Next() // zBlank l, _ = c.Next() // zString - if len(l.token) == 0 || l.err { + if l.token == "" || l.err { return &ParseError{"", "bad HIP Hit", l} } rr.Hit = l.token // This can not contain spaces, see RFC 5205 Section 6. @@ -730,11 +730,15 @@ func (rr *HIP) parse(c *zlexer, o string) *ParseError { c.Next() // zBlank l, _ = c.Next() // zString - if len(l.token) == 0 || l.err { + if l.token == "" || l.err { return &ParseError{"", "bad HIP PublicKey", l} } rr.PublicKey = l.token // This cannot contain spaces - rr.PublicKeyLength = uint16(base64.StdEncoding.DecodedLen(len(rr.PublicKey))) + decodedPK, decodedPKerr := base64.StdEncoding.DecodeString(rr.PublicKey) + if decodedPKerr != nil { + return &ParseError{"", "bad HIP PublicKey", l} + } + rr.PublicKeyLength = uint16(len(decodedPK)) // RendezvousServers (if any) l, _ = c.Next() @@ -846,6 +850,38 @@ func (rr *CSYNC) parse(c *zlexer, o string) *ParseError { return nil } +func (rr *ZONEMD) parse(c *zlexer, o string) *ParseError { + l, _ := c.Next() + i, e := strconv.ParseUint(l.token, 10, 32) + if e != nil || l.err { + return &ParseError{"", "bad ZONEMD Serial", l} + } + rr.Serial = uint32(i) + + c.Next() // zBlank + l, _ = c.Next() + i, e1 := strconv.ParseUint(l.token, 10, 8) + if e1 != nil || l.err { + return &ParseError{"", "bad ZONEMD Scheme", l} + } + rr.Scheme = uint8(i) + + c.Next() // zBlank + l, _ = c.Next() + i, err := strconv.ParseUint(l.token, 10, 8) + if err != nil || l.err { + return &ParseError{"", "bad ZONEMD Hash Algorithm", l} + } + rr.Hash = uint8(i) + + s, e2 := endingToString(c, "bad ZONEMD Digest") + if e2 != nil { + return e2 + } + rr.Digest = s + return nil +} + func (rr *SIG) parse(c *zlexer, o string) *ParseError { return rr.RRSIG.parse(c, o) } func (rr *RRSIG) parse(c *zlexer, o string) *ParseError { @@ -997,7 +1033,7 @@ func (rr *NSEC3) parse(c *zlexer, o string) *ParseError { rr.Iterations = uint16(i) c.Next() l, _ = c.Next() - if len(l.token) == 0 || l.err { + if l.token == "" || l.err { return &ParseError{"", "bad NSEC3 Salt", l} } if l.token != "-" { @@ -1007,7 +1043,7 @@ func (rr *NSEC3) parse(c *zlexer, o string) *ParseError { c.Next() l, _ = c.Next() - if len(l.token) == 0 || l.err { + if l.token == "" || l.err { return &ParseError{"", "bad NSEC3 NextDomain", l} } rr.HashLength = 20 // Fix for NSEC3 (sha1 160 bits) diff --git a/vendor/github.com/miekg/dns/server.go b/vendor/github.com/miekg/dns/server.go index 30dfd41..b2a63bd 100644 --- a/vendor/github.com/miekg/dns/server.go +++ b/vendor/github.com/miekg/dns/server.go @@ -321,6 +321,7 @@ func (srv *Server) ListenAndServe() error { } u := l.(*net.UDPConn) if e := setUDPSocketOptions(u); e != nil { + u.Close() return e } srv.PacketConn = l @@ -752,11 +753,10 @@ func (w *response) Write(m []byte) (int, error) { return 0, &Error{err: "message too large"} } - l := make([]byte, 2) - binary.BigEndian.PutUint16(l, uint16(len(m))) - - n, err := (&net.Buffers{l, m}).WriteTo(w.tcp) - return int(n), err + msg := make([]byte, 2+len(m)) + binary.BigEndian.PutUint16(msg, uint16(len(m))) + copy(msg[2:], m) + return w.tcp.Write(msg) default: panic("dns: internal error: udp and tcp both nil") } diff --git a/vendor/github.com/miekg/dns/sig0.go b/vendor/github.com/miekg/dns/sig0.go index 9ef13cc..e781c9b 100644 --- a/vendor/github.com/miekg/dns/sig0.go +++ b/vendor/github.com/miekg/dns/sig0.go @@ -17,7 +17,7 @@ func (rr *SIG) Sign(k crypto.Signer, m *Msg) ([]byte, error) { if k == nil { return nil, ErrPrivKey } - if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 { + if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 { return nil, ErrKey } @@ -78,7 +78,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { if k == nil { return ErrKey } - if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 { + if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 { return ErrKey } diff --git a/vendor/github.com/miekg/dns/svcb.go b/vendor/github.com/miekg/dns/svcb.go index 1373fe2..3344253 100644 --- a/vendor/github.com/miekg/dns/svcb.go +++ b/vendor/github.com/miekg/dns/svcb.go @@ -10,6 +10,7 @@ import ( "strings" ) +// SVCBKey is the type of the keys used in the SVCB RR. type SVCBKey uint16 // Keys defined in draft-ietf-dnsop-svcb-https-01 Section 12.3.2. @@ -321,7 +322,7 @@ func (s *SVCBAlpn) pack() ([]byte, error) { // Liberally estimate the size of an alpn as 10 octets b := make([]byte, 0, 10*len(s.Alpn)) for _, e := range s.Alpn { - if len(e) == 0 { + if e == "" { return nil, errors.New("dns: svcbalpn: empty alpn-id") } if len(e) > 255 { @@ -390,7 +391,7 @@ func (*SVCBNoDefaultAlpn) unpack(b []byte) error { } func (*SVCBNoDefaultAlpn) parse(b string) error { - if len(b) != 0 { + if b != "" { return errors.New("dns: svcbnodefaultalpn: no_default_alpn must have no value") } return nil @@ -511,8 +512,13 @@ func (s *SVCBIPv4Hint) parse(b string) error { } func (s *SVCBIPv4Hint) copy() SVCBKeyValue { + hint := make([]net.IP, len(s.Hint)) + for i, ip := range s.Hint { + hint[i] = copyIP(ip) + } + return &SVCBIPv4Hint{ - append([]net.IP(nil), s.Hint...), + Hint: hint, } } @@ -629,8 +635,13 @@ func (s *SVCBIPv6Hint) parse(b string) error { } func (s *SVCBIPv6Hint) copy() SVCBKeyValue { + hint := make([]net.IP, len(s.Hint)) + for i, ip := range s.Hint { + hint[i] = copyIP(ip) + } + return &SVCBIPv6Hint{ - append([]net.IP(nil), s.Hint...), + Hint: hint, } } diff --git a/vendor/github.com/miekg/dns/tools.go b/vendor/github.com/miekg/dns/tools.go new file mode 100644 index 0000000..d111825 --- /dev/null +++ b/vendor/github.com/miekg/dns/tools.go @@ -0,0 +1,9 @@ +// +build tools + +// We include our tool dependencies for `go generate` here to ensure they're +// properly tracked by the go tool. See the Go Wiki for the rationale behind this: +// https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module. + +package dns + +import _ "golang.org/x/tools/go/packages" diff --git a/vendor/github.com/miekg/dns/tsig.go b/vendor/github.com/miekg/dns/tsig.go index b49562d..55ca752 100644 --- a/vendor/github.com/miekg/dns/tsig.go +++ b/vendor/github.com/miekg/dns/tsig.go @@ -162,20 +162,29 @@ func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, time if err != nil { return nil, "", err } + buf, err := tsigBuffer(mbuf, rr, requestMAC, timersOnly) if err != nil { return nil, "", err } t := new(TSIG) - // Copy all TSIG fields except MAC and its size, which are filled using the computed digest. + // Copy all TSIG fields except MAC, its size, and time signed which are filled when signing. *t = *rr - mac, err := provider.Generate(buf, rr) - if err != nil { - return nil, "", err + t.TimeSigned = 0 + t.MAC = "" + t.MACSize = 0 + + // Sign unless there is a key or MAC validation error (RFC 8945 5.3.2) + if rr.Error != RcodeBadKey && rr.Error != RcodeBadSig { + mac, err := provider.Generate(buf, rr) + if err != nil { + return nil, "", err + } + t.TimeSigned = rr.TimeSigned + t.MAC = hex.EncodeToString(mac) + t.MACSize = uint16(len(t.MAC) / 2) // Size is half! } - t.MAC = hex.EncodeToString(mac) - t.MACSize = uint16(len(t.MAC) / 2) // Size is half! tbuf := make([]byte, Len(t)) off, err := PackRR(t, tbuf, 0, nil, false) diff --git a/vendor/github.com/miekg/dns/types.go b/vendor/github.com/miekg/dns/types.go index 9e379eb..d9becb6 100644 --- a/vendor/github.com/miekg/dns/types.go +++ b/vendor/github.com/miekg/dns/types.go @@ -81,6 +81,7 @@ const ( TypeCDNSKEY uint16 = 60 TypeOPENPGPKEY uint16 = 61 TypeCSYNC uint16 = 62 + TypeZONEMD uint16 = 63 TypeSVCB uint16 = 64 TypeHTTPS uint16 = 65 TypeSPF uint16 = 99 @@ -150,6 +151,14 @@ const ( OpcodeUpdate = 5 ) +// Used in ZONEMD https://tools.ietf.org/html/rfc8976 +const ( + ZoneMDSchemeSimple = 1 + + ZoneMDHashAlgSHA384 = 1 + ZoneMDHashAlgSHA512 = 2 +) + // Header is the wire format for the DNS packet header. type Header struct { Id uint16 @@ -1361,6 +1370,23 @@ func (rr *CSYNC) len(off int, compression map[string]struct{}) int { return l } +// ZONEMD RR, from draft-ietf-dnsop-dns-zone-digest +type ZONEMD struct { + Hdr RR_Header + Serial uint32 + Scheme uint8 + Hash uint8 + Digest string `dns:"hex"` +} + +func (rr *ZONEMD) String() string { + return rr.Hdr.String() + + strconv.Itoa(int(rr.Serial)) + + " " + strconv.Itoa(int(rr.Scheme)) + + " " + strconv.Itoa(int(rr.Hash)) + + " " + rr.Digest +} + // APL RR. See RFC 3123. type APL struct { Hdr RR_Header @@ -1387,13 +1413,13 @@ func (rr *APL) String() string { } // str returns presentation form of the APL prefix. -func (p *APLPrefix) str() string { +func (a *APLPrefix) str() string { var sb strings.Builder - if p.Negation { + if a.Negation { sb.WriteByte('!') } - switch len(p.Network.IP) { + switch len(a.Network.IP) { case net.IPv4len: sb.WriteByte('1') case net.IPv6len: @@ -1402,20 +1428,20 @@ func (p *APLPrefix) str() string { sb.WriteByte(':') - switch len(p.Network.IP) { + switch len(a.Network.IP) { case net.IPv4len: - sb.WriteString(p.Network.IP.String()) + sb.WriteString(a.Network.IP.String()) case net.IPv6len: // add prefix for IPv4-mapped IPv6 - if v4 := p.Network.IP.To4(); v4 != nil { + if v4 := a.Network.IP.To4(); v4 != nil { sb.WriteString("::ffff:") } - sb.WriteString(p.Network.IP.String()) + sb.WriteString(a.Network.IP.String()) } sb.WriteByte('/') - prefix, _ := p.Network.Mask.Size() + prefix, _ := a.Network.Mask.Size() sb.WriteString(strconv.Itoa(prefix)) return sb.String() @@ -1429,17 +1455,17 @@ func (a *APLPrefix) equals(b *APLPrefix) bool { } // copy returns a copy of the APL prefix. -func (p *APLPrefix) copy() APLPrefix { +func (a *APLPrefix) copy() APLPrefix { return APLPrefix{ - Negation: p.Negation, - Network: copyNet(p.Network), + Negation: a.Negation, + Network: copyNet(a.Network), } } // len returns size of the prefix in wire format. -func (p *APLPrefix) len() int { +func (a *APLPrefix) len() int { // 4-byte header and the network address prefix (see Section 4 of RFC 3123) - prefix, _ := p.Network.Mask.Size() + prefix, _ := a.Network.Mask.Size() return 4 + (prefix+7)/8 } @@ -1472,7 +1498,7 @@ func StringToTime(s string) (uint32, error) { // saltToString converts a NSECX salt to uppercase and returns "-" when it is empty. func saltToString(s string) string { - if len(s) == 0 { + if s == "" { return "-" } return strings.ToUpper(s) diff --git a/vendor/github.com/miekg/dns/update.go b/vendor/github.com/miekg/dns/update.go index 69dd386..16f9ee8 100644 --- a/vendor/github.com/miekg/dns/update.go +++ b/vendor/github.com/miekg/dns/update.go @@ -32,7 +32,9 @@ func (u *Msg) Used(rr []RR) { u.Answer = make([]RR, 0, len(rr)) } for _, r := range rr { - r.Header().Class = u.Question[0].Qclass + hdr := r.Header() + hdr.Class = u.Question[0].Qclass + hdr.Ttl = 0 u.Answer = append(u.Answer, r) } } diff --git a/vendor/github.com/miekg/dns/version.go b/vendor/github.com/miekg/dns/version.go index dc80a82..5094af7 100644 --- a/vendor/github.com/miekg/dns/version.go +++ b/vendor/github.com/miekg/dns/version.go @@ -3,7 +3,7 @@ package dns import "fmt" // Version is current version of this library. -var Version = v{1, 1, 38} +var Version = v{1, 1, 45} // v holds the version of this library. type v struct { diff --git a/vendor/github.com/miekg/dns/zduplicate.go b/vendor/github.com/miekg/dns/zduplicate.go index 0d3b34b..9eb1dac 100644 --- a/vendor/github.com/miekg/dns/zduplicate.go +++ b/vendor/github.com/miekg/dns/zduplicate.go @@ -1317,3 +1317,24 @@ func (r1 *X25) isDuplicate(_r2 RR) bool { } return true } + +func (r1 *ZONEMD) isDuplicate(_r2 RR) bool { + r2, ok := _r2.(*ZONEMD) + if !ok { + return false + } + _ = r2 + if r1.Serial != r2.Serial { + return false + } + if r1.Scheme != r2.Scheme { + return false + } + if r1.Hash != r2.Hash { + return false + } + if r1.Digest != r2.Digest { + return false + } + return true +} diff --git a/vendor/github.com/miekg/dns/zmsg.go b/vendor/github.com/miekg/dns/zmsg.go index d24a10f..fc0822f 100644 --- a/vendor/github.com/miekg/dns/zmsg.go +++ b/vendor/github.com/miekg/dns/zmsg.go @@ -1118,6 +1118,26 @@ func (rr *X25) pack(msg []byte, off int, compression compressionMap, compress bo return off, nil } +func (rr *ZONEMD) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) { + off, err = packUint32(rr.Serial, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Scheme, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Hash, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.Digest, msg, off) + if err != nil { + return off, err + } + return off, nil +} + // unpack*() functions func (rr *A) unpack(msg []byte, off int) (off1 int, err error) { @@ -2821,3 +2841,35 @@ func (rr *X25) unpack(msg []byte, off int) (off1 int, err error) { } return off, nil } + +func (rr *ZONEMD) unpack(msg []byte, off int) (off1 int, err error) { + rdStart := off + _ = rdStart + + rr.Serial, off, err = unpackUint32(msg, off) + if err != nil { + return off, err + } + if off == len(msg) { + return off, nil + } + rr.Scheme, off, err = unpackUint8(msg, off) + if err != nil { + return off, err + } + if off == len(msg) { + return off, nil + } + rr.Hash, off, err = unpackUint8(msg, off) + if err != nil { + return off, err + } + if off == len(msg) { + return off, nil + } + rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return off, err + } + return off, nil +} diff --git a/vendor/github.com/miekg/dns/ztypes.go b/vendor/github.com/miekg/dns/ztypes.go index 11b51bf..5d060cf 100644 --- a/vendor/github.com/miekg/dns/ztypes.go +++ b/vendor/github.com/miekg/dns/ztypes.go @@ -82,6 +82,7 @@ var TypeToRR = map[uint16]func() RR{ TypeUINFO: func() RR { return new(UINFO) }, TypeURI: func() RR { return new(URI) }, TypeX25: func() RR { return new(X25) }, + TypeZONEMD: func() RR { return new(ZONEMD) }, } // TypeToString is a map of strings for each RR type. @@ -168,6 +169,7 @@ var TypeToString = map[uint16]string{ TypeUNSPEC: "UNSPEC", TypeURI: "URI", TypeX25: "X25", + TypeZONEMD: "ZONEMD", TypeNSAPPTR: "NSAP-PTR", } @@ -245,6 +247,7 @@ func (rr *UID) Header() *RR_Header { return &rr.Hdr } func (rr *UINFO) Header() *RR_Header { return &rr.Hdr } func (rr *URI) Header() *RR_Header { return &rr.Hdr } func (rr *X25) Header() *RR_Header { return &rr.Hdr } +func (rr *ZONEMD) Header() *RR_Header { return &rr.Hdr } // len() functions func (rr *A) len(off int, compression map[string]struct{}) int { @@ -684,6 +687,14 @@ func (rr *X25) len(off int, compression map[string]struct{}) int { l += len(rr.PSDNAddress) + 1 return l } +func (rr *ZONEMD) len(off int, compression map[string]struct{}) int { + l := rr.Hdr.len(off, compression) + l += 4 // Serial + l++ // Scheme + l++ // Hash + l += len(rr.Digest) / 2 + return l +} // copy() functions func (rr *A) copy() RR { @@ -936,3 +947,6 @@ func (rr *URI) copy() RR { func (rr *X25) copy() RR { return &X25{rr.Hdr, rr.PSDNAddress} } +func (rr *ZONEMD) copy() RR { + return &ZONEMD{rr.Hdr, rr.Serial, rr.Scheme, rr.Hash, rr.Digest} +} |