Sync v1.1.69

dnssec_test.go

@@ -129,7 +129,10 @@ func TestSignVerify(t *testing.T) {
 	key.Flags = 256
 	key.Protocol = 3
 	key.Algorithm = RSASHA256
-	privkey, _ := key.Generate(512)
+	privkey, err := key.Generate(1024)
+	if err != nil {
+		t.Fatal("failure to generate private key:", err)
+	}
 
 	// Fill in the values of the Sig, before signing
 	sig := new(RRSIG)
@@ -185,7 +188,10 @@ func TestShouldNotVerifyInvalidSig(t *testing.T) {
 	key.Flags = 256
 	key.Protocol = 3
 	key.Algorithm = RSASHA256
-	privkey, _ := key.Generate(512)
+	privkey, err := key.Generate(1024)
+	if err != nil {
+		t.Fatal("failure to generate private key:", err)
+	}
 
 	normalSoa := getSoa()
 
@@ -278,7 +284,10 @@ func Test65534(t *testing.T) {
 	key.Flags = 256
 	key.Protocol = 3
 	key.Algorithm = RSASHA256
-	privkey, _ := key.Generate(512)
+	privkey, err := key.Generate(1024)
+	if err != nil {
+		t.Fatal("failure to generate private key:", err)
+	}
 
 	sig := new(RRSIG)
 	sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0}
@@ -361,7 +370,10 @@ func TestKeyRSA(t *testing.T) {
 	key.Flags = 256
 	key.Protocol = 3
 	key.Algorithm = RSASHA256
-	priv, _ := key.Generate(512)
+	priv, err := key.Generate(1024)
+	if err != nil {
+		t.Fatal("failure to generate private key:", err)
+	}
 
 	soa := new(SOA)
 	soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0}

edns.go

@@ -24,6 +24,8 @@ const (
 	EDNS0TCPKEEPALIVE = 0xb     // EDNS0 tcp keep alive (See RFC 7828)
 	EDNS0PADDING      = 0xc     // EDNS0 padding (See RFC 7830)
 	EDNS0EDE          = 0xf     // EDNS0 extended DNS errors (See RFC 8914)
+	EDNS0REPORTING    = 0x12    // EDNS0 reporting (See RFC 9567)
+	EDNS0ZONEVERSION  = 0x13    // EDNS0 Zone Version (See RFC 9660)
 	EDNS0LOCALSTART   = 0xFDE9  // Beginning of range reserved for local/experimental use (See RFC 6891)
 	EDNS0LOCALEND     = 0xFFFE  // End of range reserved for local/experimental use (See RFC 6891)
 	_DO               = 1 << 15 // DNSSEC OK
@@ -60,6 +62,10 @@ func makeDataOpt(code uint16) EDNS0 {
 		return new(EDNS0_EDE)
 	case EDNS0ESU:
 		return new(EDNS0_ESU)
+	case EDNS0REPORTING:
+		return new(EDNS0_REPORTING)
+	case EDNS0ZONEVERSION:
+		return new(EDNS0_ZONEVERSION)
 	default:
 		e := new(EDNS0_LOCAL)
 		e.Code = code
@@ -75,17 +81,16 @@ type OPT struct {
 
 func (rr *OPT) String() string {
 	s := "\n;; OPT PSEUDOSECTION:\n; EDNS: version " + strconv.Itoa(int(rr.Version())) + "; "
+	s += "flags:"
 	if rr.Do() {
-		if rr.Co() {
-			s += "flags: do, co; "
-		} else {
-			s += "flags: do; "
-		}
-	} else {
-		s += "flags:; "
+		s += " do"
 	}
-	if rr.Hdr.Ttl&0x7FFF != 0 {
-		s += fmt.Sprintf("MBZ: 0x%04x, ", rr.Hdr.Ttl&0x7FFF)
+	if rr.Co() {
+		s += " co"
+	}
+	s += "; "
+	if z := rr.Z(); z != 0 {
+		s += fmt.Sprintf("MBZ: 0x%04x, ", z)
 	}
 	s += "udp: " + strconv.Itoa(int(rr.UDPSize()))
 
@@ -127,6 +132,10 @@ func (rr *OPT) String() string {
 			s += "\n; EDE: " + o.String()
 		case *EDNS0_ESU:
 			s += "\n; ESU: " + o.String()
+		case *EDNS0_REPORTING:
+			s += "\n; REPORT-CHANNEL: " + o.String()
+		case *EDNS0_ZONEVERSION:
+			s += "\n; ZONEVERSION: " + o.String()
 		}
 	}
 	return s
@@ -308,41 +317,54 @@ type EDNS0_SUBNET struct {
 func (e *EDNS0_SUBNET) Option() uint16 { return EDNS0SUBNET }
 
 func (e *EDNS0_SUBNET) pack() ([]byte, error) {
-	b := make([]byte, 4)
-	binary.BigEndian.PutUint16(b[0:], e.Family)
-	b[2] = e.SourceNetmask
-	b[3] = e.SourceScope
 	switch e.Family {
 	case 0:
 		// "dig" sets AddressFamily to 0 if SourceNetmask is also 0
 		// We might don't need to complain either
 		if e.SourceNetmask != 0 {
 			return nil, errors.New("bad address family")
 		}
+		b := make([]byte, 4)
+		b[3] = e.SourceScope
+		return b, nil
 	case 1:
 		if e.SourceNetmask > net.IPv4len*8 {
 			return nil, errors.New("bad netmask")
 		}
-		if len(e.Address.To4()) != net.IPv4len {
+		ip4 := e.Address.To4()
+		if len(ip4) != net.IPv4len {
 			return nil, errors.New("bad address")
 		}
-		ip := e.Address.To4().Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv4len*8))
 		needLength := (e.SourceNetmask + 8 - 1) / 8 // division rounding up
-		b = append(b, ip[:needLength]...)
+		b := make([]byte, 4+needLength)
+		binary.BigEndian.PutUint16(b[0:], e.Family)
+		b[2] = e.SourceNetmask
+		b[3] = e.SourceScope
+		if needLength > 0 {
+			ip := ip4.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv4len*8))
+			copy(b[4:], ip[:needLength])
+		}
+		return b, nil
 	case 2:
 		if e.SourceNetmask > net.IPv6len*8 {
 			return nil, errors.New("bad netmask")
 		}
 		if len(e.Address) != net.IPv6len {
 			return nil, errors.New("bad address")
 		}
-		ip := e.Address.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv6len*8))
 		needLength := (e.SourceNetmask + 8 - 1) / 8 // division rounding up
-		b = append(b, ip[:needLength]...)
+		b := make([]byte, 4+needLength)
+		binary.BigEndian.PutUint16(b[0:], e.Family)
+		b[2] = e.SourceNetmask
+		b[3] = e.SourceScope
+		if needLength > 0 {
+			ip := e.Address.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv6len*8))
+			copy(b[4:], ip[:needLength])
+		}
+		return b, nil
 	default:
 		return nil, errors.New("bad address family")
 	}
-	return b, nil
 }
 
 func (e *EDNS0_SUBNET) unpack(b []byte) error {
@@ -875,3 +897,74 @@ func (e *EDNS0_ESU) unpack(b []byte) error {
 	e.Uri = string(b)
 	return nil
 }
+
+// EDNS0_REPORTING implements the EDNS0 Reporting Channel option (RFC 9567).
+type EDNS0_REPORTING struct {
+	Code        uint16 // always EDNS0REPORTING
+	AgentDomain string
+}
+
+func (e *EDNS0_REPORTING) Option() uint16 { return EDNS0REPORTING }
+func (e *EDNS0_REPORTING) String() string { return e.AgentDomain }
+func (e *EDNS0_REPORTING) copy() EDNS0    { return &EDNS0_REPORTING{e.Code, e.AgentDomain} }
+func (e *EDNS0_REPORTING) pack() ([]byte, error) {
+	b := make([]byte, 255)
+	off1, err := PackDomainName(Fqdn(e.AgentDomain), b, 0, nil, false)
+	if err != nil {
+		return nil, fmt.Errorf("bad agent domain: %w", err)
+	}
+	return b[:off1], nil
+}
+func (e *EDNS0_REPORTING) unpack(b []byte) error {
+	domain, _, err := UnpackDomainName(b, 0)
+	if err != nil {
+		return fmt.Errorf("bad agent domain: %w", err)
+	}
+	e.AgentDomain = domain
+	return nil
+}
+
+// EDNS0_ZONEVERSION implements the EDNS0 Zone Version option (RFC 9660).
+type EDNS0_ZONEVERSION struct {
+	// always EDNS0ZONEVERSION (19)
+	Code uint16
+	// An unsigned 1-octet Label Count indicating
+	// the number of labels for the name of the zone that VERSION value refers to.
+	LabelCount uint8
+	// An unsigned 1-octet type number distinguishing the format and meaning of version.
+	// 0 SOA-SERIAL, 1-245 Unassigned, 246-255 Reserved for private use, see RFC 9660.
+	Type uint8
+	// An opaque octet string conveying the zone version data (VERSION).
+	Version string
+}
+
+func (e *EDNS0_ZONEVERSION) Option() uint16 { return EDNS0ZONEVERSION }
+func (e *EDNS0_ZONEVERSION) String() string { return e.Version }
+func (e *EDNS0_ZONEVERSION) copy() EDNS0 {
+	return &EDNS0_ZONEVERSION{e.Code, e.LabelCount, e.Type, e.Version}
+}
+func (e *EDNS0_ZONEVERSION) pack() ([]byte, error) {
+	b := []byte{
+		// first octet label count
+		e.LabelCount,
+		// second octet is type
+		e.Type,
+	}
+	if len(e.Version) > 0 {
+		b = append(b, []byte(e.Version)...)
+	}
+	return b, nil
+}
+func (e *EDNS0_ZONEVERSION) unpack(b []byte) error {
+	if len(b) < 2 {
+		return ErrBuf
+	}
+	e.LabelCount = b[0]
+	e.Type = b[1]
+	if len(b) > 2 {
+		e.Version = string(b[2:])
+	} else {
+		e.Version = ""
+	}
+	return nil
+}

go.mod

@@ -1,14 +1,14 @@
 module github.com/miekg/dns
 
-go 1.23.0
+go 1.24.0
 
 toolchain go1.24.2
 
 require (
-	golang.org/x/net v0.40.0
-	golang.org/x/sync v0.14.0
-	golang.org/x/sys v0.33.0
-	golang.org/x/tools v0.33.0
+	golang.org/x/net v0.47.0
+	golang.org/x/sync v0.18.0
+	golang.org/x/sys v0.38.0
+	golang.org/x/tools v0.39.0
 )
 
-require golang.org/x/mod v0.24.0 // indirect
+require golang.org/x/mod v0.30.0 // indirect

go.sum

@@ -1,12 +1,22 @@
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
-golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
-golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
+golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
+golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
+golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
+golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=

parse_test.go

@@ -1250,8 +1250,8 @@ func TestNewPrivateKey(t *testing.T) {
 	algorithms := []algorithm{
 		{ECDSAP256SHA256, 256},
 		{ECDSAP384SHA384, 384},
-		{RSASHA1, 512},
-		{RSASHA256, 512},
+		{RSASHA1, 1024},
+		{RSASHA256, 1024},
 		{ED25519, 256},
 	}
 

server.go

@@ -194,7 +194,9 @@ type DecorateWriter func(Writer) Writer
 // rejected (or ignored) by the MsgAcceptFunc, or passed to this function.
 type MsgInvalidFunc func(m []byte, err error)
 
-func DefaultMsgInvalidFunc(m []byte, err error) {}
+var DefaultMsgInvalidFunc MsgInvalidFunc = defaultMsgInvalidFunc
+
+func defaultMsgInvalidFunc(m []byte, err error) {}
 
 // A Server defines parameters for running an DNS server.
 type Server struct {

sig0_test.go

@@ -25,7 +25,7 @@ func TestSIG0(t *testing.T) {
 			keysize = 256
 		case ECDSAP384SHA384:
 			keysize = 384
-		case RSASHA512:
+		case RSASHA1, RSASHA256, RSASHA512:
 			keysize = 1024
 		}
 		pk, err := keyrr.Generate(keysize)

version.go

@@ -3,7 +3,7 @@ package dns
 import "fmt"
 
 // Version is current version of this library.
-var Version = v{1, 1, 68}
+var Version = v{1, 1, 69}
 
 // v holds the version of this library.
 type v struct {