Comments (6)
japaric
commented on July 18, 2024
1
There are some cases where the RDATA is unspecified yet the record-type is. This happens in the dns update sections of the code. That’s mostly why it ended up being Option.
by "unspecified" do you mean that the RDATA contents do not match what's specified in the record-type header field or may even be completely absent? can that unspecified state be serialized / deserialized into wire format (bytes)? or is it a state that's limited to e.g. the construction / build stage of a resource record?
if the state is limited to a section of the code, we could have two Record types, a specified one and an unspecified one, that share a lot of code save for the RDATA getter / setter.
struct SpecifiedRecord<RDATA> {
header: RecordHeader,
rdata: RDATA,
}
struct UnspecifiedRecord {
header: RecordHeader,
// `.record_type` is allowed to diverge from `.rdata`
record_type: RecordType,
rdata: Option<Unknown>, // or maybe Option<RData>
}
struct RecordHeader {
name: Name,
ttl: u32,
// ..
}if you could point out where in code the unspecified state happens, that would help me better understand how it's being used
from trust-dns.
djc
commented on July 18, 2024
This sounds reasonable to me. This might be an oversight from when we migrated to the generically-typed RData setup, or it might be necessary in some contexts to take out the rdata value without having ownership of the Record? I think staging an attempt at simplifying here would be helpful. (@bluejekyll might have more context, but might also take longer to respond...)
from trust-dns.
bluejekyll
commented on July 18, 2024
There are some cases where the RDATA is unspecified yet the record-type is. This happens in the dns update sections of the code. That’s mostly why it ended up being Option.
I couldn’t figure out an elegant way to deal with that case.
from trust-dns.
japaric
commented on July 18, 2024
if you could point out where in code the unspecified state happens
I found the relevant code in crates/proto/op/update_message.rs which implements RFC2136 (DNS update). After some initial sketching I think I'm leaning towards creating a separate UpdateRecord, which accepts an Option-al .rdata field, and a separate UpdateMessage, which better aligns with the DNS message structure described in RFC2136 (section 2); and then dedicating the existing Record, tweaked to have a non-Option-al .rdata field, and Message to QUERY-like logic (RFC1035).
Furthermore, RFC4033 states that "The DNS security extensions provide data and origin authentication for DNS data. The mechanisms outlined above are not designed to protect operations such as zone transfers and dynamic update (RFC2136, RFC3007)" so I think it makes sense to not overload the Message struct, which can include DNSSEC signatures, with DNS update functionality, which is unrelated to DNSSEC.
from trust-dns.
djc
commented on July 18, 2024
Strong 👍 from me!
from trust-dns.
bluejekyll
commented on July 18, 2024
I’ve tried to go down this route in the past. I’m open to see where your investigation leads. There are a lot of areas of the code that rely on Message and Record, so it might end up being a large change.
from trust-dns.
Related Issues (20)
- 0.25 Release HOT 10
- Static build support (openssl + cross-compile) HOT 6
- `DnssecDnsHandle` does not appear to validate RRSIG's signature {inception,expiration} fields HOT 1
- malformed query can cause assertion failure at encoder.rs:234 HOT 1
- `just clippy` does not catch warnings produced by `just dnssec-openssl` HOT 5
- DNS Resolver rotate feature HOT 5
- [Featture] Expose Path Parameter for DoH Client HOT 1
- Allow passing in a custom client UDP socket to send data from HOT 5
- `just no-default-features` fails with an ICE using latest nightly HOT 1
- Default dns timeout of 5 seconds is excessive (causes 40s of time being wasted in mongodb) HOT 5
- hickory-resolver retries NXDOMAINs over TCP if using `try_tcp_on_error` HOT 4
- tag/publish a 0.25 pre-release? HOT 4
- What is the reason for NextRandomUdpSocket? HOT 7
- add DNSSEC validation to `Recursor` HOT 1
- what's the use case for `Recursor::resolve(Query::query(not_fully_qualified_name, ..), ..)`? / bug in `Recursor::resolve` with `security_aware = false`? HOT 4
- TokioAsyncResolver fails with ResolveError { kind: Proto(ProtoError { kind: Io(Kind(ConnectionRefused)) }) } HOT 3
- `DnssecDnsHandle.minimum_{algorithm,key_len}` fields appear to be unused?
- provide support for dns resolution for files located in etc/resolver on macOS HOT 3
- infinite recursion in `DnssecDnsHandle` when nameservers use an unsupported algorithm HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trust-dns.