From b52b836ee134609a04c7b4b85a023b1a1456bffc Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Sun, 3 Aug 2025 17:57:34 +0200 Subject: [PATCH 01/17] Revert "Add ResponseWriter.Net function (#1651)" (#1665) This reverts commit 96a6b9c19dd7b14558793fa557a62cfd3da5282d. (not backwards compatible) --- server.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/server.go b/server.go index 2b4630f38..364149cfc 100644 --- a/server.go +++ b/server.go @@ -44,8 +44,6 @@ type ResponseWriter interface { LocalAddr() net.Addr // RemoteAddr returns the net.Addr of the client that sent the current request. RemoteAddr() net.Addr - // Network returns the value of the Net field of the Server (e.g., "tcp", "tcp-tls"). - Network() string // WriteMsg writes a reply back to the client. WriteMsg(*Msg) error // Write writes a raw buffer back to the client. @@ -79,7 +77,6 @@ type response struct { udpSession *SessionUDP // oob data to get egress interface right pcSession net.Addr // address to use when writing to a generic net.PacketConn writer Writer // writer to output the raw DNS bits - network string // corresponding Server.Net value } // handleRefused returns a HandlerFunc that returns REFUSED for every request it gets. @@ -560,7 +557,7 @@ func (srv *Server) serveUDP(l net.PacketConn) error { // Serve a new TCP connection. func (srv *Server) serveTCPConn(wg *sync.WaitGroup, rw net.Conn) { - w := &response{tsigProvider: srv.tsigProvider(), tcp: rw, network: srv.Net} + w := &response{tsigProvider: srv.tsigProvider(), tcp: rw} if srv.DecorateWriter != nil { w.writer = srv.DecorateWriter(w) } else { @@ -615,7 +612,7 @@ func (srv *Server) serveTCPConn(wg *sync.WaitGroup, rw net.Conn) { // Serve a new UDP request. func (srv *Server) serveUDPPacket(wg *sync.WaitGroup, m []byte, u net.PacketConn, udpSession *SessionUDP, pcSession net.Addr) { - w := &response{tsigProvider: srv.tsigProvider(), udp: u, udpSession: udpSession, pcSession: pcSession, network: srv.Net} + w := &response{tsigProvider: srv.tsigProvider(), udp: u, udpSession: udpSession, pcSession: pcSession} if srv.DecorateWriter != nil { w.writer = srv.DecorateWriter(w) } else { @@ -821,9 +818,6 @@ func (w *response) RemoteAddr() net.Addr { } } -// Network implements the ResponseWriter.Network method. -func (w *response) Network() string { return w.network } - // TsigStatus implements the ResponseWriter.TsigStatus method. func (w *response) TsigStatus() error { return w.tsigStatus } From 54c180dc19ce2b2cf1500b51f3c640d1c25272d7 Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Sun, 3 Aug 2025 17:58:10 +0200 Subject: [PATCH 02/17] Release 1.1.68 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index 4d402489f..4af7d286c 100644 --- a/version.go +++ b/version.go @@ -3,7 +3,7 @@ package dns import "fmt" // Version is current version of this library. -var Version = v{1, 1, 67} +var Version = v{1, 1, 68} // v holds the version of this library. type v struct { From 6c4c3f4611e00ea107eb5a8d4b07ed0580336a19 Mon Sep 17 00:00:00 2001 From: Oli Date: Sun, 3 Aug 2025 18:13:43 +0200 Subject: [PATCH 03/17] RFC9567 report channel (#1658) * attempt at implementing RFC 9567 Error Reporting * we do not need to initialize a compression map * mention RFC 9567 in README * remove error message prefix like in 09e0436 --- README.md | 1 + edns.go | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/README.md b/README.md index 54471f5c2..dd318031c 100644 --- a/README.md +++ b/README.md @@ -195,6 +195,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository. * 9461 - Service Binding Mapping for DNS Servers * 9462 - Discovery of Designated Resolvers * 9460 - SVCB and HTTPS Records +* 9567 - DNS Error Reporting * 9606 - DNS Resolver Information * Draft - Compact Denial of Existence in DNSSEC diff --git a/edns.go b/edns.go index 5c970ca7e..b257d54e2 100644 --- a/edns.go +++ b/edns.go @@ -24,6 +24,7 @@ const ( EDNS0TCPKEEPALIVE = 0xb // EDNS0 tcp keep alive (See RFC 7828) EDNS0PADDING = 0xc // EDNS0 padding (See RFC 7830) EDNS0EDE = 0xf // EDNS0 extended DNS errors (See RFC 8914) + EDNS0REPORTING = 0x12 // EDNS0 reporting (See RFC 9567) EDNS0LOCALSTART = 0xFDE9 // Beginning of range reserved for local/experimental use (See RFC 6891) EDNS0LOCALEND = 0xFFFE // End of range reserved for local/experimental use (See RFC 6891) _DO = 1 << 15 // DNSSEC OK @@ -60,6 +61,8 @@ func makeDataOpt(code uint16) EDNS0 { return new(EDNS0_EDE) case EDNS0ESU: return new(EDNS0_ESU) + case EDNS0REPORTING: + return new(EDNS0_REPORTING) default: e := new(EDNS0_LOCAL) e.Code = code @@ -127,6 +130,8 @@ func (rr *OPT) String() string { s += "\n; EDE: " + o.String() case *EDNS0_ESU: s += "\n; ESU: " + o.String() + case *EDNS0_REPORTING: + s += "\n; REPORT-CHANNEL: " + o.String() } } return s @@ -875,3 +880,29 @@ func (e *EDNS0_ESU) unpack(b []byte) error { e.Uri = string(b) return nil } + +// EDNS0_REPORTING implements the EDNS0 Reporting Channel option (RFC 9567). +type EDNS0_REPORTING struct { + Code uint16 // always EDNS0REPORTING + AgentDomain string +} + +func (e *EDNS0_REPORTING) Option() uint16 { return EDNS0REPORTING } +func (e *EDNS0_REPORTING) String() string { return e.AgentDomain } +func (e *EDNS0_REPORTING) copy() EDNS0 { return &EDNS0_REPORTING{e.Code, e.AgentDomain} } +func (e *EDNS0_REPORTING) pack() ([]byte, error) { + b := make([]byte, 255) + off1, err := PackDomainName(Fqdn(e.AgentDomain), b, 0, nil, false) + if err != nil { + return nil, fmt.Errorf("bad agent domain: %w", err) + } + return b[:off1], nil +} +func (e *EDNS0_REPORTING) unpack(b []byte) error { + domain, _, err := UnpackDomainName(b, 0) + if err != nil { + return fmt.Errorf("bad agent domain: %w", err) + } + e.AgentDomain = domain + return nil +} From 28c618b3a0abaadcae2f6f56beee59025ff1c498 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 3 Aug 2025 18:16:24 +0200 Subject: [PATCH 04/17] Bump the all group with 4 updates (#1664) Bumps the all group with 4 updates: [golang.org/x/net](https://github.com/golang/net), [golang.org/x/sync](https://github.com/golang/sync), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/net` from 0.40.0 to 0.42.0 - [Commits](https://github.com/golang/net/compare/v0.40.0...v0.42.0) Updates `golang.org/x/sync` from 0.14.0 to 0.16.0 - [Commits](https://github.com/golang/sync/compare/v0.14.0...v0.16.0) Updates `golang.org/x/sys` from 0.33.0 to 0.34.0 - [Commits](https://github.com/golang/sys/compare/v0.33.0...v0.34.0) Updates `golang.org/x/tools` from 0.33.0 to 0.35.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.33.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/sync dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/sys dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/tools dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index ec0932a94..2c962bced 100644 --- a/go.mod +++ b/go.mod @@ -5,10 +5,10 @@ go 1.23.0 toolchain go1.24.2 require ( - golang.org/x/net v0.40.0 - golang.org/x/sync v0.14.0 - golang.org/x/sys v0.33.0 - golang.org/x/tools v0.33.0 + golang.org/x/net v0.42.0 + golang.org/x/sync v0.16.0 + golang.org/x/sys v0.34.0 + golang.org/x/tools v0.35.0 ) -require golang.org/x/mod v0.24.0 // indirect +require golang.org/x/mod v0.26.0 // indirect diff --git a/go.sum b/go.sum index d9d371e9d..db1095c2e 100644 --- a/go.sum +++ b/go.sum @@ -1,12 +1,12 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= -golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= -golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= -golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= -golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ= -golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= -golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= +golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= +golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= +golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= +golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= From b01620ea8d7713772f417479cf6449e592a5baed Mon Sep 17 00:00:00 2001 From: Sami Kerola Date: Wed, 13 Aug 2025 14:13:29 +0100 Subject: [PATCH 05/17] future proof rsa key length to match minimum allowed (#1671) Since go1.24.0 the minimum key lenth is 1024. That becomes obvious when generate key error is handled, and related error is printed. For example: dnssec_test.go:134: failure to generate private key: crypto/rsa: 512-bit keys are insecure (see https://go.dev/pkg/crypto/rsa#hdr-Minimum_key_size) Signed-off-by: Sami Kerola --- dnssec_test.go | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/dnssec_test.go b/dnssec_test.go index 4f04e85f6..461612ec3 100644 --- a/dnssec_test.go +++ b/dnssec_test.go @@ -129,7 +129,10 @@ func TestSignVerify(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = RSASHA256 - privkey, _ := key.Generate(512) + privkey, err := key.Generate(1024) + if err != nil { + t.Fatal("failure to generate private key:", err) + } // Fill in the values of the Sig, before signing sig := new(RRSIG) @@ -185,7 +188,10 @@ func TestShouldNotVerifyInvalidSig(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = RSASHA256 - privkey, _ := key.Generate(512) + privkey, err := key.Generate(1024) + if err != nil { + t.Fatal("failure to generate private key:", err) + } normalSoa := getSoa() @@ -278,7 +284,10 @@ func Test65534(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = RSASHA256 - privkey, _ := key.Generate(512) + privkey, err := key.Generate(1024) + if err != nil { + t.Fatal("failure to generate private key:", err) + } sig := new(RRSIG) sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0} @@ -361,7 +370,10 @@ func TestKeyRSA(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = RSASHA256 - priv, _ := key.Generate(512) + priv, err := key.Generate(1024) + if err != nil { + t.Fatal("failure to generate private key:", err) + } soa := new(SOA) soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0} From 3098189c14578e37935f98fbe918e351ff1ffce6 Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Mon, 18 Aug 2025 07:30:16 +0200 Subject: [PATCH 06/17] Add notice about dnsv2 in the readme Signed-off-by: Miek Gieben --- README.md | 309 +++++++++++++++++++++++++++--------------------------- 1 file changed, 156 insertions(+), 153 deletions(-) diff --git a/README.md b/README.md index dd318031c..e2a42db0f 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,9 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/miekg/dns)](https://goreportcard.com/report/miekg/dns) [![](https://godoc.org/github.com/miekg/dns?status.svg)](https://godoc.org/github.com/miekg/dns) +A dnsv2 is in the works. Development happens at , check it out if you want to +help shape the next 15 years of the Go DNS package. + # Alternative (more granular) approach to a DNS library > Less is more. @@ -17,96 +20,96 @@ avoiding breaking changes wherever reasonable. We support the last two versions # Goals -* KISS; -* Fast; -* Small API. If it's easy to code in Go, don't make a function for it. +- KISS; +- Fast; +- Small API. If it's easy to code in Go, don't make a function for it. # Users A not-so-up-to-date-list-that-may-be-actually-current: -* https://github.com/coredns/coredns -* https://github.com/abh/geodns -* https://github.com/baidu/bfe -* http://www.statdns.com/ -* http://www.dnsinspect.com/ -* https://github.com/chuangbo/jianbing-dictionary-dns -* http://www.dns-lg.com/ -* https://github.com/fcambus/rrda -* https://github.com/kenshinx/godns -* https://github.com/skynetservices/skydns -* https://github.com/hashicorp/consul -* https://github.com/DevelopersPL/godnsagent -* https://github.com/duedil-ltd/discodns -* https://github.com/StalkR/dns-reverse-proxy -* https://github.com/tianon/rawdns -* https://mesosphere.github.io/mesos-dns/ -* https://github.com/fcambus/statzone -* https://github.com/benschw/dns-clb-go -* https://github.com/corny/dnscheck for -* https://github.com/miekg/unbound -* https://github.com/miekg/exdns -* https://dnslookup.org -* https://github.com/looterz/grimd -* https://github.com/phamhongviet/serf-dns -* https://github.com/mehrdadrad/mylg -* https://github.com/bamarni/dockness -* https://github.com/fffaraz/microdns -* https://github.com/ipdcode/hades -* https://github.com/StackExchange/dnscontrol/ -* https://www.dnsperf.com/ -* https://dnssectest.net/ -* https://github.com/oif/apex -* https://github.com/jedisct1/dnscrypt-proxy -* https://github.com/jedisct1/rpdns -* https://github.com/xor-gate/sshfp -* https://github.com/rs/dnstrace -* https://blitiri.com.ar/p/dnss ([github mirror](https://github.com/albertito/dnss)) -* https://render.com -* https://github.com/peterzen/goresolver -* https://github.com/folbricht/routedns -* https://domainr.com/ -* https://zonedb.org/ -* https://router7.org/ -* https://github.com/fortio/dnsping -* https://github.com/Luzilla/dnsbl_exporter -* https://github.com/bodgit/tsig -* https://github.com/v2fly/v2ray-core (test only) -* https://kuma.io/ -* https://www.misaka.io/services/dns -* https://ping.sx/dig -* https://fleetdeck.io/ -* https://github.com/markdingo/autoreverse -* https://github.com/slackhq/nebula -* https://addr.tools/ -* https://dnscheck.tools/ -* https://github.com/egbakou/domainverifier -* https://github.com/semihalev/sdns -* https://github.com/wintbiit/NineDNS -* https://linuxcontainers.org/incus/ -* https://ifconfig.es -* https://github.com/zmap/zdns -* https://framagit.org/bortzmeyer/check-soa +- https://github.com/coredns/coredns +- https://github.com/abh/geodns +- https://github.com/baidu/bfe +- http://www.statdns.com/ +- http://www.dnsinspect.com/ +- https://github.com/chuangbo/jianbing-dictionary-dns +- http://www.dns-lg.com/ +- https://github.com/fcambus/rrda +- https://github.com/kenshinx/godns +- https://github.com/skynetservices/skydns +- https://github.com/hashicorp/consul +- https://github.com/DevelopersPL/godnsagent +- https://github.com/duedil-ltd/discodns +- https://github.com/StalkR/dns-reverse-proxy +- https://github.com/tianon/rawdns +- https://mesosphere.github.io/mesos-dns/ +- https://github.com/fcambus/statzone +- https://github.com/benschw/dns-clb-go +- https://github.com/corny/dnscheck for +- https://github.com/miekg/unbound +- https://github.com/miekg/exdns +- https://dnslookup.org +- https://github.com/looterz/grimd +- https://github.com/phamhongviet/serf-dns +- https://github.com/mehrdadrad/mylg +- https://github.com/bamarni/dockness +- https://github.com/fffaraz/microdns +- https://github.com/ipdcode/hades +- https://github.com/StackExchange/dnscontrol/ +- https://www.dnsperf.com/ +- https://dnssectest.net/ +- https://github.com/oif/apex +- https://github.com/jedisct1/dnscrypt-proxy +- https://github.com/jedisct1/rpdns +- https://github.com/xor-gate/sshfp +- https://github.com/rs/dnstrace +- https://blitiri.com.ar/p/dnss ([github mirror](https://github.com/albertito/dnss)) +- https://render.com +- https://github.com/peterzen/goresolver +- https://github.com/folbricht/routedns +- https://domainr.com/ +- https://zonedb.org/ +- https://router7.org/ +- https://github.com/fortio/dnsping +- https://github.com/Luzilla/dnsbl_exporter +- https://github.com/bodgit/tsig +- https://github.com/v2fly/v2ray-core (test only) +- https://kuma.io/ +- https://www.misaka.io/services/dns +- https://ping.sx/dig +- https://fleetdeck.io/ +- https://github.com/markdingo/autoreverse +- https://github.com/slackhq/nebula +- https://addr.tools/ +- https://dnscheck.tools/ +- https://github.com/egbakou/domainverifier +- https://github.com/semihalev/sdns +- https://github.com/wintbiit/NineDNS +- https://linuxcontainers.org/incus/ +- https://ifconfig.es +- https://github.com/zmap/zdns +- https://framagit.org/bortzmeyer/check-soa Send pull request if you want to be listed here. # Features -* UDP/TCP queries, IPv4 and IPv6 -* RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported -* Fast -* Server side programming (mimicking the net/http package) -* Client side programming -* DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519 -* EDNS0, NSID, Cookies -* AXFR/IXFR -* TSIG, SIG(0) -* DNS over TLS (DoT): encrypted connection between client and server over TCP -* DNS name compression +- UDP/TCP queries, IPv4 and IPv6 +- RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported +- Fast +- Server side programming (mimicking the net/http package) +- Client side programming +- DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519 +- EDNS0, NSID, Cookies +- AXFR/IXFR +- TSIG, SIG(0) +- DNS over TLS (DoT): encrypted connection between client and server over TCP +- DNS name compression Have fun! -Miek Gieben - 2010-2012 - +Miek Gieben - 2010-2012 - DNS Authors 2012- # Building @@ -126,82 +129,82 @@ Example programs can be found in the `github.com/miekg/exdns` repository. ## Supported RFCs -*all of them* - -* 103{4,5} - DNS standard -* 1183 - ISDN, X25 and other deprecated records -* 1348 - NSAP record (removed the record) -* 1982 - Serial Arithmetic -* 1876 - LOC record -* 1995 - IXFR -* 1996 - DNS notify -* 2136 - DNS Update (dynamic updates) -* 2181 - RRset definition - there is no RRset type though, just []RR -* 2537 - RSAMD5 DNS keys -* 2065 - DNSSEC (updated in later RFCs) -* 2671 - EDNS record -* 2782 - SRV record -* 2845 - TSIG record -* 2915 - NAPTR record -* 2929 - DNS IANA Considerations -* 3110 - RSASHA1 DNS keys -* 3123 - APL record -* 3225 - DO bit (DNSSEC OK) -* 340{1,2,3} - NAPTR record -* 3445 - Limiting the scope of (DNS)KEY -* 3596 - AAAA record -* 3597 - Unknown RRs -* 4025 - A Method for Storing IPsec Keying Material in DNS -* 403{3,4,5} - DNSSEC + validation functions -* 4255 - SSHFP record -* 4343 - Case insensitivity -* 4408 - SPF record -* 4509 - SHA256 Hash in DS -* 4592 - Wildcards in the DNS -* 4635 - HMAC SHA TSIG -* 4701 - DHCID -* 4892 - id.server -* 5001 - NSID -* 5155 - NSEC3 record -* 5205 - HIP record -* 5702 - SHA2 in the DNS -* 5936 - AXFR -* 5966 - TCP implementation recommendations -* 6605 - ECDSA -* 6725 - IANA Registry Update -* 6742 - ILNP DNS -* 6840 - Clarifications and Implementation Notes for DNS Security -* 6844 - CAA record -* 6891 - EDNS0 update -* 6895 - DNS IANA considerations -* 6944 - DNSSEC DNSKEY Algorithm Status -* 6975 - Algorithm Understanding in DNSSEC -* 7043 - EUI48/EUI64 records -* 7314 - DNS (EDNS) EXPIRE Option -* 7477 - CSYNC RR -* 7828 - edns-tcp-keepalive EDNS0 Option -* 7553 - URI record -* 7858 - DNS over TLS: Initiation and Performance Considerations -* 7871 - EDNS0 Client Subnet -* 7873 - Domain Name System (DNS) Cookies -* 8080 - EdDSA for DNSSEC -* 8490 - DNS Stateful Operations -* 8499 - DNS Terminology -* 8659 - DNS Certification Authority Authorization (CAA) Resource Record -* 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery -* 8914 - Extended DNS Errors -* 8976 - Message Digest for DNS Zones (ZONEMD RR) -* 9460 - Service Binding and Parameter Specification via the DNS -* 9461 - Service Binding Mapping for DNS Servers -* 9462 - Discovery of Designated Resolvers -* 9460 - SVCB and HTTPS Records -* 9567 - DNS Error Reporting -* 9606 - DNS Resolver Information -* Draft - Compact Denial of Existence in DNSSEC +_all of them_ + +- 103{4,5} - DNS standard +- 1183 - ISDN, X25 and other deprecated records +- 1348 - NSAP record (removed the record) +- 1982 - Serial Arithmetic +- 1876 - LOC record +- 1995 - IXFR +- 1996 - DNS notify +- 2136 - DNS Update (dynamic updates) +- 2181 - RRset definition - there is no RRset type though, just []RR +- 2537 - RSAMD5 DNS keys +- 2065 - DNSSEC (updated in later RFCs) +- 2671 - EDNS record +- 2782 - SRV record +- 2845 - TSIG record +- 2915 - NAPTR record +- 2929 - DNS IANA Considerations +- 3110 - RSASHA1 DNS keys +- 3123 - APL record +- 3225 - DO bit (DNSSEC OK) +- 340{1,2,3} - NAPTR record +- 3445 - Limiting the scope of (DNS)KEY +- 3596 - AAAA record +- 3597 - Unknown RRs +- 4025 - A Method for Storing IPsec Keying Material in DNS +- 403{3,4,5} - DNSSEC + validation functions +- 4255 - SSHFP record +- 4343 - Case insensitivity +- 4408 - SPF record +- 4509 - SHA256 Hash in DS +- 4592 - Wildcards in the DNS +- 4635 - HMAC SHA TSIG +- 4701 - DHCID +- 4892 - id.server +- 5001 - NSID +- 5155 - NSEC3 record +- 5205 - HIP record +- 5702 - SHA2 in the DNS +- 5936 - AXFR +- 5966 - TCP implementation recommendations +- 6605 - ECDSA +- 6725 - IANA Registry Update +- 6742 - ILNP DNS +- 6840 - Clarifications and Implementation Notes for DNS Security +- 6844 - CAA record +- 6891 - EDNS0 update +- 6895 - DNS IANA considerations +- 6944 - DNSSEC DNSKEY Algorithm Status +- 6975 - Algorithm Understanding in DNSSEC +- 7043 - EUI48/EUI64 records +- 7314 - DNS (EDNS) EXPIRE Option +- 7477 - CSYNC RR +- 7828 - edns-tcp-keepalive EDNS0 Option +- 7553 - URI record +- 7858 - DNS over TLS: Initiation and Performance Considerations +- 7871 - EDNS0 Client Subnet +- 7873 - Domain Name System (DNS) Cookies +- 8080 - EdDSA for DNSSEC +- 8490 - DNS Stateful Operations +- 8499 - DNS Terminology +- 8659 - DNS Certification Authority Authorization (CAA) Resource Record +- 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery +- 8914 - Extended DNS Errors +- 8976 - Message Digest for DNS Zones (ZONEMD RR) +- 9460 - Service Binding and Parameter Specification via the DNS +- 9461 - Service Binding Mapping for DNS Servers +- 9462 - Discovery of Designated Resolvers +- 9460 - SVCB and HTTPS Records +- 9567 - DNS Error Reporting +- 9606 - DNS Resolver Information +- Draft - Compact Denial of Existence in DNSSEC ## Loosely Based Upon -* ldns - -* NSD - -* Net::DNS - -* GRONG - +- ldns - +- NSD - +- Net::DNS - +- GRONG - From d495d332977200d75cfcb37669df92ecec663549 Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Mon, 1 Sep 2025 10:26:24 +0200 Subject: [PATCH 07/17] update readme some more Signed-off-by: Miek Gieben --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e2a42db0f..f182c544e 100644 --- a/README.md +++ b/README.md @@ -3,9 +3,11 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/miekg/dns)](https://goreportcard.com/report/miekg/dns) [![](https://godoc.org/github.com/miekg/dns?status.svg)](https://godoc.org/github.com/miekg/dns) -A dnsv2 is in the works. Development happens at , check it out if you want to +DNS version 2 is now available at , check it out if you want to help shape the next 15 years of the Go DNS package. +The version here will see no new features and less and less development. + # Alternative (more granular) approach to a DNS library > Less is more. From 294d37389cccc53250740798dde72a0c1810be2a Mon Sep 17 00:00:00 2001 From: jkerdreux-imt Date: Sat, 20 Sep 2025 08:51:50 +0200 Subject: [PATCH 08/17] Added OwNS (NS for VPN users) (#1674) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f182c544e..8b6ab0c4b 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,7 @@ A not-so-up-to-date-list-that-may-be-actually-current: - https://ifconfig.es - https://github.com/zmap/zdns - https://framagit.org/bortzmeyer/check-soa +- https://github.com/jkerdreux-imt/owns Send pull request if you want to be listed here. From f640e4b3696a9e4247778d99e89397ebd6a9fa2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Oct 2025 20:03:27 +0200 Subject: [PATCH 09/17] Bump the all group across 1 directory with 4 updates (#1679) Bumps the all group with 3 updates in the / directory: [golang.org/x/net](https://github.com/golang/net), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/net` from 0.42.0 to 0.44.0 - [Commits](https://github.com/golang/net/compare/v0.42.0...v0.44.0) Updates `golang.org/x/sync` from 0.16.0 to 0.17.0 - [Commits](https://github.com/golang/sync/compare/v0.16.0...v0.17.0) Updates `golang.org/x/sys` from 0.34.0 to 0.36.0 - [Commits](https://github.com/golang/sys/compare/v0.34.0...v0.36.0) Updates `golang.org/x/tools` from 0.35.0 to 0.37.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.35.0...v0.37.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/sync dependency-version: 0.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/sys dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/tools dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 20 ++++++++++---------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 2c962bced..6a6e0b775 100644 --- a/go.mod +++ b/go.mod @@ -1,14 +1,14 @@ module github.com/miekg/dns -go 1.23.0 +go 1.24.0 toolchain go1.24.2 require ( - golang.org/x/net v0.42.0 - golang.org/x/sync v0.16.0 - golang.org/x/sys v0.34.0 - golang.org/x/tools v0.35.0 + golang.org/x/net v0.44.0 + golang.org/x/sync v0.17.0 + golang.org/x/sys v0.36.0 + golang.org/x/tools v0.37.0 ) -require golang.org/x/mod v0.26.0 // indirect +require golang.org/x/mod v0.28.0 // indirect diff --git a/go.sum b/go.sum index db1095c2e..69d5f1b8c 100644 --- a/go.sum +++ b/go.sum @@ -1,12 +1,12 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= -golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= -golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= -golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= -golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= +golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= +golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= +golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= +golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= +golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= +golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= +golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= +golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= From f15b2dd5e7c76d923edeb607c4ef6ec0c9382b2f Mon Sep 17 00:00:00 2001 From: Steffen Sassalla <32709406+steffsas@users.noreply.github.com> Date: Thu, 9 Oct 2025 16:40:44 +0200 Subject: [PATCH 10/17] feat(edns0): Add zoneversion option from RFC9660 (#1680) --- README.md | 1 + edns.go | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/README.md b/README.md index 8b6ab0c4b..2a7d8c265 100644 --- a/README.md +++ b/README.md @@ -203,6 +203,7 @@ _all of them_ - 9460 - SVCB and HTTPS Records - 9567 - DNS Error Reporting - 9606 - DNS Resolver Information +- 9660 - DNS Zone Version (ZONEVERSION) Option - Draft - Compact Denial of Existence in DNSSEC ## Loosely Based Upon diff --git a/edns.go b/edns.go index b257d54e2..c80c01cc5 100644 --- a/edns.go +++ b/edns.go @@ -25,6 +25,7 @@ const ( EDNS0PADDING = 0xc // EDNS0 padding (See RFC 7830) EDNS0EDE = 0xf // EDNS0 extended DNS errors (See RFC 8914) EDNS0REPORTING = 0x12 // EDNS0 reporting (See RFC 9567) + EDNS0ZONEVERSION = 0x13 // EDNS0 Zone Version (See RFC 9660) EDNS0LOCALSTART = 0xFDE9 // Beginning of range reserved for local/experimental use (See RFC 6891) EDNS0LOCALEND = 0xFFFE // End of range reserved for local/experimental use (See RFC 6891) _DO = 1 << 15 // DNSSEC OK @@ -63,6 +64,8 @@ func makeDataOpt(code uint16) EDNS0 { return new(EDNS0_ESU) case EDNS0REPORTING: return new(EDNS0_REPORTING) + case EDNS0ZONEVERSION: + return new(EDNS0_ZONEVERSION) default: e := new(EDNS0_LOCAL) e.Code = code @@ -132,6 +135,8 @@ func (rr *OPT) String() string { s += "\n; ESU: " + o.String() case *EDNS0_REPORTING: s += "\n; REPORT-CHANNEL: " + o.String() + case *EDNS0_ZONEVERSION: + s += "\n; ZONEVERSION: " + o.String() } } return s @@ -906,3 +911,48 @@ func (e *EDNS0_REPORTING) unpack(b []byte) error { e.AgentDomain = domain return nil } + +// EDNS0_ZONEVERSION implements the EDNS0 Zone Version option (RFC 9660). +type EDNS0_ZONEVERSION struct { + // always EDNS0ZONEVERSION (19) + Code uint16 + // An unsigned 1-octet Label Count indicating + // the number of labels for the name of the zone that VERSION value refers to. + LabelCount uint8 + // An unsigned 1-octet type number distinguishing the format and meaning of version. + // 0 SOA-SERIAL, 1-245 Unassigned, 246-255 Reserved for private use, see RFC 9660. + Type uint8 + // An opaque octet string conveying the zone version data (VERSION). + Version string +} + +func (e *EDNS0_ZONEVERSION) Option() uint16 { return EDNS0ZONEVERSION } +func (e *EDNS0_ZONEVERSION) String() string { return e.Version } +func (e *EDNS0_ZONEVERSION) copy() EDNS0 { + return &EDNS0_ZONEVERSION{e.Code, e.LabelCount, e.Type, e.Version} +} +func (e *EDNS0_ZONEVERSION) pack() ([]byte, error) { + b := []byte{ + // first octet label count + e.LabelCount, + // second octet is type + e.Type, + } + if len(e.Version) > 0 { + b = append(b, []byte(e.Version)...) + } + return b, nil +} +func (e *EDNS0_ZONEVERSION) unpack(b []byte) error { + if len(b) < 2 { + return ErrBuf + } + e.LabelCount = b[0] + e.Type = b[1] + if len(b) > 2 { + e.Version = string(b[2:]) + } else { + e.Version = "" + } + return nil +} From a0f8faa2499961cdf5dec15ea960ecaf681e0ede Mon Sep 17 00:00:00 2001 From: Steffen Sassalla <32709406+steffsas@users.noreply.github.com> Date: Fri, 10 Oct 2025 11:02:42 +0200 Subject: [PATCH 11/17] fix(test): Increase RSA key length for sig0 (#1682) --- parse_test.go | 4 ++-- sig0_test.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/parse_test.go b/parse_test.go index f0d68a44e..e4ed216eb 100644 --- a/parse_test.go +++ b/parse_test.go @@ -1250,8 +1250,8 @@ func TestNewPrivateKey(t *testing.T) { algorithms := []algorithm{ {ECDSAP256SHA256, 256}, {ECDSAP384SHA384, 384}, - {RSASHA1, 512}, - {RSASHA256, 512}, + {RSASHA1, 1024}, + {RSASHA256, 1024}, {ED25519, 256}, } diff --git a/sig0_test.go b/sig0_test.go index 5b991d22f..a8bf867c7 100644 --- a/sig0_test.go +++ b/sig0_test.go @@ -25,7 +25,7 @@ func TestSIG0(t *testing.T) { keysize = 256 case ECDSAP384SHA384: keysize = 384 - case RSASHA512: + case RSASHA1, RSASHA256, RSASHA512: keysize = 1024 } pk, err := keyrr.Generate(keysize) From b39ef963336bc62108809fa7f08b734dd643b6fd Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Thu, 13 Nov 2025 17:05:55 +0100 Subject: [PATCH 12/17] Update deps (#1688) Mechanical change Signed-off-by: Miek Gieben --- go.mod | 10 +++++----- go.sum | 10 ++++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 6a6e0b775..8bc6e21bc 100644 --- a/go.mod +++ b/go.mod @@ -5,10 +5,10 @@ go 1.24.0 toolchain go1.24.2 require ( - golang.org/x/net v0.44.0 - golang.org/x/sync v0.17.0 - golang.org/x/sys v0.36.0 - golang.org/x/tools v0.37.0 + golang.org/x/net v0.47.0 + golang.org/x/sync v0.18.0 + golang.org/x/sys v0.38.0 + golang.org/x/tools v0.39.0 ) -require golang.org/x/mod v0.28.0 // indirect +require golang.org/x/mod v0.30.0 // indirect diff --git a/go.sum b/go.sum index 69d5f1b8c..c098eea76 100644 --- a/go.sum +++ b/go.sum @@ -2,11 +2,21 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= +golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= +golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= From 74d2ba14afb73f93ce986fe5fc51a67b4e34008a Mon Sep 17 00:00:00 2001 From: Ilya Kulakov Date: Thu, 11 Dec 2025 07:06:29 -0800 Subject: [PATCH 13/17] MsgInvalidFunc: Make DefaultMsgInvalidFunc a variable. (#1690) For parity with DefaultMsgAcceptFunc that is a variable. Signed-off-by: Ilya Kulakov --- server.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server.go b/server.go index 364149cfc..50478b324 100644 --- a/server.go +++ b/server.go @@ -194,7 +194,9 @@ type DecorateWriter func(Writer) Writer // rejected (or ignored) by the MsgAcceptFunc, or passed to this function. type MsgInvalidFunc func(m []byte, err error) -func DefaultMsgInvalidFunc(m []byte, err error) {} +var DefaultMsgInvalidFunc MsgInvalidFunc = defaultMsgInvalidFunc + +func defaultMsgInvalidFunc(m []byte, err error) {} // A Server defines parameters for running an DNS server. type Server struct { From acb3aba38edeacc29cf85741899cbf7e4a2cbc6f Mon Sep 17 00:00:00 2001 From: zjj Date: Thu, 11 Dec 2025 23:10:47 +0800 Subject: [PATCH 14/17] optimized EDNS0_SUBNET pack, reducing make() calls (#1692) --- edns.go | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/edns.go b/edns.go index c80c01cc5..0ff26d983 100644 --- a/edns.go +++ b/edns.go @@ -318,10 +318,6 @@ type EDNS0_SUBNET struct { func (e *EDNS0_SUBNET) Option() uint16 { return EDNS0SUBNET } func (e *EDNS0_SUBNET) pack() ([]byte, error) { - b := make([]byte, 4) - binary.BigEndian.PutUint16(b[0:], e.Family) - b[2] = e.SourceNetmask - b[3] = e.SourceScope switch e.Family { case 0: // "dig" sets AddressFamily to 0 if SourceNetmask is also 0 @@ -329,16 +325,27 @@ func (e *EDNS0_SUBNET) pack() ([]byte, error) { if e.SourceNetmask != 0 { return nil, errors.New("bad address family") } + b := make([]byte, 4) + b[3] = e.SourceScope + return b, nil case 1: if e.SourceNetmask > net.IPv4len*8 { return nil, errors.New("bad netmask") } - if len(e.Address.To4()) != net.IPv4len { + ip4 := e.Address.To4() + if len(ip4) != net.IPv4len { return nil, errors.New("bad address") } - ip := e.Address.To4().Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv4len*8)) needLength := (e.SourceNetmask + 8 - 1) / 8 // division rounding up - b = append(b, ip[:needLength]...) + b := make([]byte, 4+needLength) + binary.BigEndian.PutUint16(b[0:], e.Family) + b[2] = e.SourceNetmask + b[3] = e.SourceScope + if needLength > 0 { + ip := ip4.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv4len*8)) + copy(b[4:], ip[:needLength]) + } + return b, nil case 2: if e.SourceNetmask > net.IPv6len*8 { return nil, errors.New("bad netmask") @@ -346,13 +353,19 @@ func (e *EDNS0_SUBNET) pack() ([]byte, error) { if len(e.Address) != net.IPv6len { return nil, errors.New("bad address") } - ip := e.Address.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv6len*8)) needLength := (e.SourceNetmask + 8 - 1) / 8 // division rounding up - b = append(b, ip[:needLength]...) + b := make([]byte, 4+needLength) + binary.BigEndian.PutUint16(b[0:], e.Family) + b[2] = e.SourceNetmask + b[3] = e.SourceScope + if needLength > 0 { + ip := e.Address.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv6len*8)) + copy(b[4:], ip[:needLength]) + } + return b, nil default: return nil, errors.New("bad address family") } - return b, nil } func (e *EDNS0_SUBNET) unpack(b []byte) error { From 66f2f27360cc10704559317380cd40d55237936f Mon Sep 17 00:00:00 2001 From: Brian Shea <165865819+brianshea2@users.noreply.github.com> Date: Thu, 11 Dec 2025 11:10:18 -0500 Subject: [PATCH 15/17] fix EDNS0 flags and MBZ in String() output (#1693) --- edns.go | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/edns.go b/edns.go index 0ff26d983..89318b750 100644 --- a/edns.go +++ b/edns.go @@ -81,17 +81,16 @@ type OPT struct { func (rr *OPT) String() string { s := "\n;; OPT PSEUDOSECTION:\n; EDNS: version " + strconv.Itoa(int(rr.Version())) + "; " + s += "flags:" if rr.Do() { - if rr.Co() { - s += "flags: do, co; " - } else { - s += "flags: do; " - } - } else { - s += "flags:; " + s += " do" + } + if rr.Co() { + s += " co" } - if rr.Hdr.Ttl&0x7FFF != 0 { - s += fmt.Sprintf("MBZ: 0x%04x, ", rr.Hdr.Ttl&0x7FFF) + s += "; " + if z := rr.Z(); z != 0 { + s += fmt.Sprintf("MBZ: 0x%04x, ", z) } s += "udp: " + strconv.Itoa(int(rr.UDPSize())) From 49a9cee9c07326338c622657fde8f0cc8128bf0a Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Thu, 11 Dec 2025 17:10:38 +0100 Subject: [PATCH 16/17] Release 1.1.69 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index 4af7d286c..c53a63d7c 100644 --- a/version.go +++ b/version.go @@ -3,7 +3,7 @@ package dns import "fmt" // Version is current version of this library. -var Version = v{1, 1, 68} +var Version = v{1, 1, 69} // v holds the version of this library. type v struct { From af427bb629ab98c077bbce16dba67a8b7f16fa34 Mon Sep 17 00:00:00 2001 From: Dan Boros Date: Wed, 7 Jan 2026 11:17:53 -0700 Subject: [PATCH 17/17] Update README --- README.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/README.md b/README.md index 2a7d8c265..7b2fcf092 100644 --- a/README.md +++ b/README.md @@ -212,3 +212,58 @@ _all of them_ - NSD - - Net::DNS - - GRONG - + +# Upstream Synchronization + +Assumes that multiple remotes are present: + +``` +> git remote -v +origin git@github.com:banyansecurity/dns.git (fetch) +origin git@github.com:banyansecurity/dns.git (push) +upstream git@github.com:miekg/dns.git (fetch) +upstream git@github.com:miekg/dns.git (push) +``` + +As an example, for syncing `v1.1.69`, fetch the latest tags: + +``` +> git fetch --all +Fetching origin +Fetching upstream +remote: Enumerating objects: 44, done. +remote: Counting objects: 100% (23/23), done. +remote: Compressing objects: 100% (13/13), done. +remote: Total 44 (delta 13), reused 10 (delta 10), pack-reused 21 (from 3) +Unpacking objects: 100% (44/44), 69.33 KiB | 559.00 KiB/s, done. +From github.com:miekg/dns + * [new branch] dependabot/go_modules/all-e97dd7be45 -> upstream/dependabot/go_modules/all-e97dd7be45 + 4145b390..3126b782 master -> upstream/master + * [new tag] v1.1.69 -> v1.1.69 +``` + +Create a new branch based on that tag and make sure it looks good: + +``` +> git checkout -b sync-v1.1.69 v1.1.69 +Switched to a new branch 'sync-v1.1.69' + +> git log -n 1 +commit 49a9cee9c07326338c622657fde8f0cc8128bf0a (HEAD -> sync-v1.1.69, tag: v1.1.69) +Author: Miek Gieben +Date: Thu Dec 11 17:10:38 2025 +0100 + + Release 1.1.69 +``` + +Merge in our changes (`master`), handle any merge conflicts, push / handle the pull request as usual with `master` as the target: + +``` +> git merge master +Auto-merging server.go +Auto-merging version.go +CONFLICT (content): Merge conflict in version.go +Automatic merge failed; fix conflicts and then commit the result. + +> git add . && git commit && git push origin sync-v1.1.69 +``` \ No newline at end of file