diff --git a/README.md b/README.md index 54471f5c2..7b2fcf092 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,11 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/miekg/dns)](https://goreportcard.com/report/miekg/dns) [![](https://godoc.org/github.com/miekg/dns?status.svg)](https://godoc.org/github.com/miekg/dns) +DNS version 2 is now available at , check it out if you want to +help shape the next 15 years of the Go DNS package. + +The version here will see no new features and less and less development. + # Alternative (more granular) approach to a DNS library > Less is more. @@ -17,96 +22,97 @@ avoiding breaking changes wherever reasonable. We support the last two versions # Goals -* KISS; -* Fast; -* Small API. If it's easy to code in Go, don't make a function for it. +- KISS; +- Fast; +- Small API. If it's easy to code in Go, don't make a function for it. # Users A not-so-up-to-date-list-that-may-be-actually-current: -* https://github.com/coredns/coredns -* https://github.com/abh/geodns -* https://github.com/baidu/bfe -* http://www.statdns.com/ -* http://www.dnsinspect.com/ -* https://github.com/chuangbo/jianbing-dictionary-dns -* http://www.dns-lg.com/ -* https://github.com/fcambus/rrda -* https://github.com/kenshinx/godns -* https://github.com/skynetservices/skydns -* https://github.com/hashicorp/consul -* https://github.com/DevelopersPL/godnsagent -* https://github.com/duedil-ltd/discodns -* https://github.com/StalkR/dns-reverse-proxy -* https://github.com/tianon/rawdns -* https://mesosphere.github.io/mesos-dns/ -* https://github.com/fcambus/statzone -* https://github.com/benschw/dns-clb-go -* https://github.com/corny/dnscheck for -* https://github.com/miekg/unbound -* https://github.com/miekg/exdns -* https://dnslookup.org -* https://github.com/looterz/grimd -* https://github.com/phamhongviet/serf-dns -* https://github.com/mehrdadrad/mylg -* https://github.com/bamarni/dockness -* https://github.com/fffaraz/microdns -* https://github.com/ipdcode/hades -* https://github.com/StackExchange/dnscontrol/ -* https://www.dnsperf.com/ -* https://dnssectest.net/ -* https://github.com/oif/apex -* https://github.com/jedisct1/dnscrypt-proxy -* https://github.com/jedisct1/rpdns -* https://github.com/xor-gate/sshfp -* https://github.com/rs/dnstrace -* https://blitiri.com.ar/p/dnss ([github mirror](https://github.com/albertito/dnss)) -* https://render.com -* https://github.com/peterzen/goresolver -* https://github.com/folbricht/routedns -* https://domainr.com/ -* https://zonedb.org/ -* https://router7.org/ -* https://github.com/fortio/dnsping -* https://github.com/Luzilla/dnsbl_exporter -* https://github.com/bodgit/tsig -* https://github.com/v2fly/v2ray-core (test only) -* https://kuma.io/ -* https://www.misaka.io/services/dns -* https://ping.sx/dig -* https://fleetdeck.io/ -* https://github.com/markdingo/autoreverse -* https://github.com/slackhq/nebula -* https://addr.tools/ -* https://dnscheck.tools/ -* https://github.com/egbakou/domainverifier -* https://github.com/semihalev/sdns -* https://github.com/wintbiit/NineDNS -* https://linuxcontainers.org/incus/ -* https://ifconfig.es -* https://github.com/zmap/zdns -* https://framagit.org/bortzmeyer/check-soa +- https://github.com/coredns/coredns +- https://github.com/abh/geodns +- https://github.com/baidu/bfe +- http://www.statdns.com/ +- http://www.dnsinspect.com/ +- https://github.com/chuangbo/jianbing-dictionary-dns +- http://www.dns-lg.com/ +- https://github.com/fcambus/rrda +- https://github.com/kenshinx/godns +- https://github.com/skynetservices/skydns +- https://github.com/hashicorp/consul +- https://github.com/DevelopersPL/godnsagent +- https://github.com/duedil-ltd/discodns +- https://github.com/StalkR/dns-reverse-proxy +- https://github.com/tianon/rawdns +- https://mesosphere.github.io/mesos-dns/ +- https://github.com/fcambus/statzone +- https://github.com/benschw/dns-clb-go +- https://github.com/corny/dnscheck for +- https://github.com/miekg/unbound +- https://github.com/miekg/exdns +- https://dnslookup.org +- https://github.com/looterz/grimd +- https://github.com/phamhongviet/serf-dns +- https://github.com/mehrdadrad/mylg +- https://github.com/bamarni/dockness +- https://github.com/fffaraz/microdns +- https://github.com/ipdcode/hades +- https://github.com/StackExchange/dnscontrol/ +- https://www.dnsperf.com/ +- https://dnssectest.net/ +- https://github.com/oif/apex +- https://github.com/jedisct1/dnscrypt-proxy +- https://github.com/jedisct1/rpdns +- https://github.com/xor-gate/sshfp +- https://github.com/rs/dnstrace +- https://blitiri.com.ar/p/dnss ([github mirror](https://github.com/albertito/dnss)) +- https://render.com +- https://github.com/peterzen/goresolver +- https://github.com/folbricht/routedns +- https://domainr.com/ +- https://zonedb.org/ +- https://router7.org/ +- https://github.com/fortio/dnsping +- https://github.com/Luzilla/dnsbl_exporter +- https://github.com/bodgit/tsig +- https://github.com/v2fly/v2ray-core (test only) +- https://kuma.io/ +- https://www.misaka.io/services/dns +- https://ping.sx/dig +- https://fleetdeck.io/ +- https://github.com/markdingo/autoreverse +- https://github.com/slackhq/nebula +- https://addr.tools/ +- https://dnscheck.tools/ +- https://github.com/egbakou/domainverifier +- https://github.com/semihalev/sdns +- https://github.com/wintbiit/NineDNS +- https://linuxcontainers.org/incus/ +- https://ifconfig.es +- https://github.com/zmap/zdns +- https://framagit.org/bortzmeyer/check-soa +- https://github.com/jkerdreux-imt/owns Send pull request if you want to be listed here. # Features -* UDP/TCP queries, IPv4 and IPv6 -* RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported -* Fast -* Server side programming (mimicking the net/http package) -* Client side programming -* DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519 -* EDNS0, NSID, Cookies -* AXFR/IXFR -* TSIG, SIG(0) -* DNS over TLS (DoT): encrypted connection between client and server over TCP -* DNS name compression +- UDP/TCP queries, IPv4 and IPv6 +- RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported +- Fast +- Server side programming (mimicking the net/http package) +- Client side programming +- DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519 +- EDNS0, NSID, Cookies +- AXFR/IXFR +- TSIG, SIG(0) +- DNS over TLS (DoT): encrypted connection between client and server over TCP +- DNS name compression Have fun! -Miek Gieben - 2010-2012 - +Miek Gieben - 2010-2012 - DNS Authors 2012- # Building @@ -126,81 +132,138 @@ Example programs can be found in the `github.com/miekg/exdns` repository. ## Supported RFCs -*all of them* - -* 103{4,5} - DNS standard -* 1183 - ISDN, X25 and other deprecated records -* 1348 - NSAP record (removed the record) -* 1982 - Serial Arithmetic -* 1876 - LOC record -* 1995 - IXFR -* 1996 - DNS notify -* 2136 - DNS Update (dynamic updates) -* 2181 - RRset definition - there is no RRset type though, just []RR -* 2537 - RSAMD5 DNS keys -* 2065 - DNSSEC (updated in later RFCs) -* 2671 - EDNS record -* 2782 - SRV record -* 2845 - TSIG record -* 2915 - NAPTR record -* 2929 - DNS IANA Considerations -* 3110 - RSASHA1 DNS keys -* 3123 - APL record -* 3225 - DO bit (DNSSEC OK) -* 340{1,2,3} - NAPTR record -* 3445 - Limiting the scope of (DNS)KEY -* 3596 - AAAA record -* 3597 - Unknown RRs -* 4025 - A Method for Storing IPsec Keying Material in DNS -* 403{3,4,5} - DNSSEC + validation functions -* 4255 - SSHFP record -* 4343 - Case insensitivity -* 4408 - SPF record -* 4509 - SHA256 Hash in DS -* 4592 - Wildcards in the DNS -* 4635 - HMAC SHA TSIG -* 4701 - DHCID -* 4892 - id.server -* 5001 - NSID -* 5155 - NSEC3 record -* 5205 - HIP record -* 5702 - SHA2 in the DNS -* 5936 - AXFR -* 5966 - TCP implementation recommendations -* 6605 - ECDSA -* 6725 - IANA Registry Update -* 6742 - ILNP DNS -* 6840 - Clarifications and Implementation Notes for DNS Security -* 6844 - CAA record -* 6891 - EDNS0 update -* 6895 - DNS IANA considerations -* 6944 - DNSSEC DNSKEY Algorithm Status -* 6975 - Algorithm Understanding in DNSSEC -* 7043 - EUI48/EUI64 records -* 7314 - DNS (EDNS) EXPIRE Option -* 7477 - CSYNC RR -* 7828 - edns-tcp-keepalive EDNS0 Option -* 7553 - URI record -* 7858 - DNS over TLS: Initiation and Performance Considerations -* 7871 - EDNS0 Client Subnet -* 7873 - Domain Name System (DNS) Cookies -* 8080 - EdDSA for DNSSEC -* 8490 - DNS Stateful Operations -* 8499 - DNS Terminology -* 8659 - DNS Certification Authority Authorization (CAA) Resource Record -* 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery -* 8914 - Extended DNS Errors -* 8976 - Message Digest for DNS Zones (ZONEMD RR) -* 9460 - Service Binding and Parameter Specification via the DNS -* 9461 - Service Binding Mapping for DNS Servers -* 9462 - Discovery of Designated Resolvers -* 9460 - SVCB and HTTPS Records -* 9606 - DNS Resolver Information -* Draft - Compact Denial of Existence in DNSSEC +_all of them_ + +- 103{4,5} - DNS standard +- 1183 - ISDN, X25 and other deprecated records +- 1348 - NSAP record (removed the record) +- 1982 - Serial Arithmetic +- 1876 - LOC record +- 1995 - IXFR +- 1996 - DNS notify +- 2136 - DNS Update (dynamic updates) +- 2181 - RRset definition - there is no RRset type though, just []RR +- 2537 - RSAMD5 DNS keys +- 2065 - DNSSEC (updated in later RFCs) +- 2671 - EDNS record +- 2782 - SRV record +- 2845 - TSIG record +- 2915 - NAPTR record +- 2929 - DNS IANA Considerations +- 3110 - RSASHA1 DNS keys +- 3123 - APL record +- 3225 - DO bit (DNSSEC OK) +- 340{1,2,3} - NAPTR record +- 3445 - Limiting the scope of (DNS)KEY +- 3596 - AAAA record +- 3597 - Unknown RRs +- 4025 - A Method for Storing IPsec Keying Material in DNS +- 403{3,4,5} - DNSSEC + validation functions +- 4255 - SSHFP record +- 4343 - Case insensitivity +- 4408 - SPF record +- 4509 - SHA256 Hash in DS +- 4592 - Wildcards in the DNS +- 4635 - HMAC SHA TSIG +- 4701 - DHCID +- 4892 - id.server +- 5001 - NSID +- 5155 - NSEC3 record +- 5205 - HIP record +- 5702 - SHA2 in the DNS +- 5936 - AXFR +- 5966 - TCP implementation recommendations +- 6605 - ECDSA +- 6725 - IANA Registry Update +- 6742 - ILNP DNS +- 6840 - Clarifications and Implementation Notes for DNS Security +- 6844 - CAA record +- 6891 - EDNS0 update +- 6895 - DNS IANA considerations +- 6944 - DNSSEC DNSKEY Algorithm Status +- 6975 - Algorithm Understanding in DNSSEC +- 7043 - EUI48/EUI64 records +- 7314 - DNS (EDNS) EXPIRE Option +- 7477 - CSYNC RR +- 7828 - edns-tcp-keepalive EDNS0 Option +- 7553 - URI record +- 7858 - DNS over TLS: Initiation and Performance Considerations +- 7871 - EDNS0 Client Subnet +- 7873 - Domain Name System (DNS) Cookies +- 8080 - EdDSA for DNSSEC +- 8490 - DNS Stateful Operations +- 8499 - DNS Terminology +- 8659 - DNS Certification Authority Authorization (CAA) Resource Record +- 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery +- 8914 - Extended DNS Errors +- 8976 - Message Digest for DNS Zones (ZONEMD RR) +- 9460 - Service Binding and Parameter Specification via the DNS +- 9461 - Service Binding Mapping for DNS Servers +- 9462 - Discovery of Designated Resolvers +- 9460 - SVCB and HTTPS Records +- 9567 - DNS Error Reporting +- 9606 - DNS Resolver Information +- 9660 - DNS Zone Version (ZONEVERSION) Option +- Draft - Compact Denial of Existence in DNSSEC ## Loosely Based Upon -* ldns - -* NSD - -* Net::DNS - -* GRONG - +- ldns - +- NSD - +- Net::DNS - +- GRONG - + +# Upstream Synchronization + +Assumes that multiple remotes are present: + +``` +> git remote -v +origin git@github.com:banyansecurity/dns.git (fetch) +origin git@github.com:banyansecurity/dns.git (push) +upstream git@github.com:miekg/dns.git (fetch) +upstream git@github.com:miekg/dns.git (push) +``` + +As an example, for syncing `v1.1.69`, fetch the latest tags: + +``` +> git fetch --all +Fetching origin +Fetching upstream +remote: Enumerating objects: 44, done. +remote: Counting objects: 100% (23/23), done. +remote: Compressing objects: 100% (13/13), done. +remote: Total 44 (delta 13), reused 10 (delta 10), pack-reused 21 (from 3) +Unpacking objects: 100% (44/44), 69.33 KiB | 559.00 KiB/s, done. +From github.com:miekg/dns + * [new branch] dependabot/go_modules/all-e97dd7be45 -> upstream/dependabot/go_modules/all-e97dd7be45 + 4145b390..3126b782 master -> upstream/master + * [new tag] v1.1.69 -> v1.1.69 +``` + +Create a new branch based on that tag and make sure it looks good: + +``` +> git checkout -b sync-v1.1.69 v1.1.69 +Switched to a new branch 'sync-v1.1.69' + +> git log -n 1 +commit 49a9cee9c07326338c622657fde8f0cc8128bf0a (HEAD -> sync-v1.1.69, tag: v1.1.69) +Author: Miek Gieben +Date: Thu Dec 11 17:10:38 2025 +0100 + + Release 1.1.69 +``` + +Merge in our changes (`master`), handle any merge conflicts, push / handle the pull request as usual with `master` as the target: + +``` +> git merge master +Auto-merging server.go +Auto-merging version.go +CONFLICT (content): Merge conflict in version.go +Automatic merge failed; fix conflicts and then commit the result. + +> git add . && git commit && git push origin sync-v1.1.69 +``` \ No newline at end of file diff --git a/dnssec_test.go b/dnssec_test.go index 4f04e85f6..461612ec3 100644 --- a/dnssec_test.go +++ b/dnssec_test.go @@ -129,7 +129,10 @@ func TestSignVerify(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = RSASHA256 - privkey, _ := key.Generate(512) + privkey, err := key.Generate(1024) + if err != nil { + t.Fatal("failure to generate private key:", err) + } // Fill in the values of the Sig, before signing sig := new(RRSIG) @@ -185,7 +188,10 @@ func TestShouldNotVerifyInvalidSig(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = RSASHA256 - privkey, _ := key.Generate(512) + privkey, err := key.Generate(1024) + if err != nil { + t.Fatal("failure to generate private key:", err) + } normalSoa := getSoa() @@ -278,7 +284,10 @@ func Test65534(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = RSASHA256 - privkey, _ := key.Generate(512) + privkey, err := key.Generate(1024) + if err != nil { + t.Fatal("failure to generate private key:", err) + } sig := new(RRSIG) sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0} @@ -361,7 +370,10 @@ func TestKeyRSA(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = RSASHA256 - priv, _ := key.Generate(512) + priv, err := key.Generate(1024) + if err != nil { + t.Fatal("failure to generate private key:", err) + } soa := new(SOA) soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0} diff --git a/edns.go b/edns.go index 5c970ca7e..89318b750 100644 --- a/edns.go +++ b/edns.go @@ -24,6 +24,8 @@ const ( EDNS0TCPKEEPALIVE = 0xb // EDNS0 tcp keep alive (See RFC 7828) EDNS0PADDING = 0xc // EDNS0 padding (See RFC 7830) EDNS0EDE = 0xf // EDNS0 extended DNS errors (See RFC 8914) + EDNS0REPORTING = 0x12 // EDNS0 reporting (See RFC 9567) + EDNS0ZONEVERSION = 0x13 // EDNS0 Zone Version (See RFC 9660) EDNS0LOCALSTART = 0xFDE9 // Beginning of range reserved for local/experimental use (See RFC 6891) EDNS0LOCALEND = 0xFFFE // End of range reserved for local/experimental use (See RFC 6891) _DO = 1 << 15 // DNSSEC OK @@ -60,6 +62,10 @@ func makeDataOpt(code uint16) EDNS0 { return new(EDNS0_EDE) case EDNS0ESU: return new(EDNS0_ESU) + case EDNS0REPORTING: + return new(EDNS0_REPORTING) + case EDNS0ZONEVERSION: + return new(EDNS0_ZONEVERSION) default: e := new(EDNS0_LOCAL) e.Code = code @@ -75,17 +81,16 @@ type OPT struct { func (rr *OPT) String() string { s := "\n;; OPT PSEUDOSECTION:\n; EDNS: version " + strconv.Itoa(int(rr.Version())) + "; " + s += "flags:" if rr.Do() { - if rr.Co() { - s += "flags: do, co; " - } else { - s += "flags: do; " - } - } else { - s += "flags:; " + s += " do" } - if rr.Hdr.Ttl&0x7FFF != 0 { - s += fmt.Sprintf("MBZ: 0x%04x, ", rr.Hdr.Ttl&0x7FFF) + if rr.Co() { + s += " co" + } + s += "; " + if z := rr.Z(); z != 0 { + s += fmt.Sprintf("MBZ: 0x%04x, ", z) } s += "udp: " + strconv.Itoa(int(rr.UDPSize())) @@ -127,6 +132,10 @@ func (rr *OPT) String() string { s += "\n; EDE: " + o.String() case *EDNS0_ESU: s += "\n; ESU: " + o.String() + case *EDNS0_REPORTING: + s += "\n; REPORT-CHANNEL: " + o.String() + case *EDNS0_ZONEVERSION: + s += "\n; ZONEVERSION: " + o.String() } } return s @@ -308,10 +317,6 @@ type EDNS0_SUBNET struct { func (e *EDNS0_SUBNET) Option() uint16 { return EDNS0SUBNET } func (e *EDNS0_SUBNET) pack() ([]byte, error) { - b := make([]byte, 4) - binary.BigEndian.PutUint16(b[0:], e.Family) - b[2] = e.SourceNetmask - b[3] = e.SourceScope switch e.Family { case 0: // "dig" sets AddressFamily to 0 if SourceNetmask is also 0 @@ -319,16 +324,27 @@ func (e *EDNS0_SUBNET) pack() ([]byte, error) { if e.SourceNetmask != 0 { return nil, errors.New("bad address family") } + b := make([]byte, 4) + b[3] = e.SourceScope + return b, nil case 1: if e.SourceNetmask > net.IPv4len*8 { return nil, errors.New("bad netmask") } - if len(e.Address.To4()) != net.IPv4len { + ip4 := e.Address.To4() + if len(ip4) != net.IPv4len { return nil, errors.New("bad address") } - ip := e.Address.To4().Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv4len*8)) needLength := (e.SourceNetmask + 8 - 1) / 8 // division rounding up - b = append(b, ip[:needLength]...) + b := make([]byte, 4+needLength) + binary.BigEndian.PutUint16(b[0:], e.Family) + b[2] = e.SourceNetmask + b[3] = e.SourceScope + if needLength > 0 { + ip := ip4.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv4len*8)) + copy(b[4:], ip[:needLength]) + } + return b, nil case 2: if e.SourceNetmask > net.IPv6len*8 { return nil, errors.New("bad netmask") @@ -336,13 +352,19 @@ func (e *EDNS0_SUBNET) pack() ([]byte, error) { if len(e.Address) != net.IPv6len { return nil, errors.New("bad address") } - ip := e.Address.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv6len*8)) needLength := (e.SourceNetmask + 8 - 1) / 8 // division rounding up - b = append(b, ip[:needLength]...) + b := make([]byte, 4+needLength) + binary.BigEndian.PutUint16(b[0:], e.Family) + b[2] = e.SourceNetmask + b[3] = e.SourceScope + if needLength > 0 { + ip := e.Address.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv6len*8)) + copy(b[4:], ip[:needLength]) + } + return b, nil default: return nil, errors.New("bad address family") } - return b, nil } func (e *EDNS0_SUBNET) unpack(b []byte) error { @@ -875,3 +897,74 @@ func (e *EDNS0_ESU) unpack(b []byte) error { e.Uri = string(b) return nil } + +// EDNS0_REPORTING implements the EDNS0 Reporting Channel option (RFC 9567). +type EDNS0_REPORTING struct { + Code uint16 // always EDNS0REPORTING + AgentDomain string +} + +func (e *EDNS0_REPORTING) Option() uint16 { return EDNS0REPORTING } +func (e *EDNS0_REPORTING) String() string { return e.AgentDomain } +func (e *EDNS0_REPORTING) copy() EDNS0 { return &EDNS0_REPORTING{e.Code, e.AgentDomain} } +func (e *EDNS0_REPORTING) pack() ([]byte, error) { + b := make([]byte, 255) + off1, err := PackDomainName(Fqdn(e.AgentDomain), b, 0, nil, false) + if err != nil { + return nil, fmt.Errorf("bad agent domain: %w", err) + } + return b[:off1], nil +} +func (e *EDNS0_REPORTING) unpack(b []byte) error { + domain, _, err := UnpackDomainName(b, 0) + if err != nil { + return fmt.Errorf("bad agent domain: %w", err) + } + e.AgentDomain = domain + return nil +} + +// EDNS0_ZONEVERSION implements the EDNS0 Zone Version option (RFC 9660). +type EDNS0_ZONEVERSION struct { + // always EDNS0ZONEVERSION (19) + Code uint16 + // An unsigned 1-octet Label Count indicating + // the number of labels for the name of the zone that VERSION value refers to. + LabelCount uint8 + // An unsigned 1-octet type number distinguishing the format and meaning of version. + // 0 SOA-SERIAL, 1-245 Unassigned, 246-255 Reserved for private use, see RFC 9660. + Type uint8 + // An opaque octet string conveying the zone version data (VERSION). + Version string +} + +func (e *EDNS0_ZONEVERSION) Option() uint16 { return EDNS0ZONEVERSION } +func (e *EDNS0_ZONEVERSION) String() string { return e.Version } +func (e *EDNS0_ZONEVERSION) copy() EDNS0 { + return &EDNS0_ZONEVERSION{e.Code, e.LabelCount, e.Type, e.Version} +} +func (e *EDNS0_ZONEVERSION) pack() ([]byte, error) { + b := []byte{ + // first octet label count + e.LabelCount, + // second octet is type + e.Type, + } + if len(e.Version) > 0 { + b = append(b, []byte(e.Version)...) + } + return b, nil +} +func (e *EDNS0_ZONEVERSION) unpack(b []byte) error { + if len(b) < 2 { + return ErrBuf + } + e.LabelCount = b[0] + e.Type = b[1] + if len(b) > 2 { + e.Version = string(b[2:]) + } else { + e.Version = "" + } + return nil +} diff --git a/go.mod b/go.mod index ec0932a94..8bc6e21bc 100644 --- a/go.mod +++ b/go.mod @@ -1,14 +1,14 @@ module github.com/miekg/dns -go 1.23.0 +go 1.24.0 toolchain go1.24.2 require ( - golang.org/x/net v0.40.0 - golang.org/x/sync v0.14.0 - golang.org/x/sys v0.33.0 - golang.org/x/tools v0.33.0 + golang.org/x/net v0.47.0 + golang.org/x/sync v0.18.0 + golang.org/x/sys v0.38.0 + golang.org/x/tools v0.39.0 ) -require golang.org/x/mod v0.24.0 // indirect +require golang.org/x/mod v0.30.0 // indirect diff --git a/go.sum b/go.sum index d9d371e9d..c098eea76 100644 --- a/go.sum +++ b/go.sum @@ -1,12 +1,22 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= -golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= -golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= -golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= -golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ= -golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= -golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= +golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= +golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= +golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= +golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= +golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= +golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= +golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= +golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= +golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= +golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= diff --git a/parse_test.go b/parse_test.go index f0d68a44e..e4ed216eb 100644 --- a/parse_test.go +++ b/parse_test.go @@ -1250,8 +1250,8 @@ func TestNewPrivateKey(t *testing.T) { algorithms := []algorithm{ {ECDSAP256SHA256, 256}, {ECDSAP384SHA384, 384}, - {RSASHA1, 512}, - {RSASHA256, 512}, + {RSASHA1, 1024}, + {RSASHA256, 1024}, {ED25519, 256}, } diff --git a/server.go b/server.go index b516d7107..5c1343472 100644 --- a/server.go +++ b/server.go @@ -194,7 +194,9 @@ type DecorateWriter func(Writer) Writer // rejected (or ignored) by the MsgAcceptFunc, or passed to this function. type MsgInvalidFunc func(m []byte, err error) -func DefaultMsgInvalidFunc(m []byte, err error) {} +var DefaultMsgInvalidFunc MsgInvalidFunc = defaultMsgInvalidFunc + +func defaultMsgInvalidFunc(m []byte, err error) {} // A Server defines parameters for running an DNS server. type Server struct { diff --git a/sig0_test.go b/sig0_test.go index 5b991d22f..a8bf867c7 100644 --- a/sig0_test.go +++ b/sig0_test.go @@ -25,7 +25,7 @@ func TestSIG0(t *testing.T) { keysize = 256 case ECDSAP384SHA384: keysize = 384 - case RSASHA512: + case RSASHA1, RSASHA256, RSASHA512: keysize = 1024 } pk, err := keyrr.Generate(keysize) diff --git a/version.go b/version.go index 4af7d286c..c53a63d7c 100644 --- a/version.go +++ b/version.go @@ -3,7 +3,7 @@ package dns import "fmt" // Version is current version of this library. -var Version = v{1, 1, 68} +var Version = v{1, 1, 69} // v holds the version of this library. type v struct {