colin/hickory-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

move all DNSSECRecordType variants into RecordType

Browse Source
This commit is contained in:
Benjamin Fry 2021-06-05 18:41:22 -07:00
parent 8eca711b9a
commit 59d6343862
22 changed files with 232 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -26,6 +26,7 @@ All notes should be prepended with the location of the change, e.g. `(proto)` or
### Removed
- (proto) removed `RecordType::DNSSEC` and moved all variants of `DNSSECRecordType` into `RecordType`
- (proto) removed `BufStreamHandle` and `StreamHandle` #1433
- (response) disabled `mdns` to work on a new solution #1433

22
bin/tests/server_harness/mod.rs
View File

@ -17,7 +17,7 @@ use tokio::runtime::Runtime;
use trust_dns_client::client::*;
use trust_dns_client::proto::xfer::DnsResponse;
use trust_dns_client::rr::dnssec::*;
use trust_dns_client::rr::rdata::{DNSSECRData, DNSSECRecordType};
use trust_dns_client::rr::rdata::DNSSECRData;
use trust_dns_client::rr::*;
use self::mut_message_client::MutMessageHandle;
@ -251,17 +251,12 @@ pub fn query_all_dnssec(
client.support_algorithms = Some(SupportedAlgorithms::from_vec(&[algorithm]));
}
let response = query_message(
io_loop,
&mut client,
name.clone(),
RecordType::DNSSEC(DNSSECRecordType::DNSKEY),
);
let response = query_message(io_loop, &mut client, name.clone(), RecordType::DNSKEY);
let dnskey = response
.answers()
.iter()
.filter(|r| r.rr_type() == RecordType::DNSSEC(DNSSECRecordType::DNSKEY))
.filter(|r| r.rr_type() == RecordType::DNSKEY)
.map(|r| {
if let RData::DNSSEC(DNSSECRData::DNSKEY(ref dnskey)) = *r.rdata() {
dnskey.clone()
@ -272,17 +267,12 @@ pub fn query_all_dnssec(
.find(|d| d.algorithm() == algorithm);
assert!(dnskey.is_some(), "DNSKEY not found");
let response = query_message(
io_loop,
&mut client,
name,
RecordType::DNSSEC(DNSSECRecordType::DNSKEY),
);
let response = query_message(io_loop, &mut client, name, RecordType::DNSKEY);
let rrsig = response
.answers()
.iter()
.filter(|r| r.rr_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG))
.filter(|r| r.rr_type() == RecordType::RRSIG)
.map(|r| {
if let RData::DNSSEC(DNSSECRData::SIG(ref rrsig)) = *r.rdata() {
rrsig.clone()
@ -291,7 +281,7 @@ pub fn query_all_dnssec(
}
})
.filter(|rrsig| rrsig.algorithm() == algorithm)
.find(|rrsig| rrsig.type_covered() == RecordType::DNSSEC(DNSSECRecordType::DNSKEY));
.find(|rrsig| rrsig.type_covered() == RecordType::DNSKEY);
assert!(rrsig.is_some(), "Associated RRSIG not found");
}

10
crates/client/src/error/parse_error.rs
View File

@ -11,9 +11,12 @@
use std::{fmt, io};
use thiserror::Error;
use trust_dns_proto::error::{ProtoError, ProtoErrorKind};
use super::LexerError;
use crate::proto::{
error::{ProtoError, ProtoErrorKind},
rr::RecordType,
};
#[cfg(feature = "backtrace")]
use crate::proto::{trace, ExtBacktrace};
use crate::serialize::txt::Token;
@ -78,6 +81,10 @@ pub enum ErrorKind {
#[error("unknown RecordType: {0}")]
UnknownRecordType(u16),
/// Unknown RecordType
#[error("unsupported RecordType: {0}")]
UnsupportedRecordType(RecordType),
/// A request timed out
#[error("request timed out")]
Timeout,
@ -100,6 +107,7 @@ impl Clone for ErrorKind {
Lexer(e) => Lexer(e.clone()),
ParseInt(e) => ParseInt(e.clone()),
Proto(e) => Proto(e.clone()),
UnsupportedRecordType(ty) => UnsupportedRecordType(*ty),
UnknownRecordType(ty) => UnknownRecordType(*ty),
Timeout => Timeout,
}

4
crates/client/src/rr/dnssec/signer.rs
View File

@ -17,7 +17,7 @@ use {
crate::error::DnsSecResult,
crate::proto::rr::dnssec::{tbs, TBS},
crate::rr::dnssec::{Algorithm, KeyPair, Private},
crate::rr::rdata::{DNSSECRData, DNSSECRecordType, DNSKEY, KEY, SIG},
crate::rr::rdata::{DNSSECRData, DNSKEY, KEY, SIG},
crate::rr::{DNSClass, Name, RData, RecordType},
crate::serialize::binary::BinEncoder,
};
@ -537,7 +537,7 @@ impl MessageFinalizer for SigSigner {
let expiration_time: u32 = current_time + (5 * 60); // +5 minutes in seconds
sig0.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::SIG));
sig0.set_rr_type(RecordType::SIG);
let pre_sig0 = SIG::new(
// type covered in SIG(0) is 0 which is what makes this SIG0 vs a standard SIG
RecordType::ZERO,

37
crates/client/src/serialize/txt/parse_rdata.rs
View File

@ -17,7 +17,6 @@
//! record data enum variants
use crate::error::*;
use crate::rr::rdata::DNSSECRecordType;
use crate::rr::{Name, RData, RecordType};
use crate::serialize::txt::rdata_parsers::*;
@ -61,44 +60,30 @@ impl RDataParser for RData {
RecordType::SVCB => svcb::parse(tokens).map(RData::SVCB)?,
RecordType::TLSA => RData::TLSA(tlsa::parse(tokens)?),
RecordType::TXT => RData::TXT(txt::parse(tokens)?),
RecordType::DNSSEC(DNSSECRecordType::SIG) => {
return Err(ParseError::from("parsing SIG doesn't make sense"))
}
RecordType::DNSSEC(DNSSECRecordType::DNSKEY) => {
RecordType::SIG => return Err(ParseError::from("parsing SIG doesn't make sense")),
RecordType::DNSKEY => {
return Err(ParseError::from("DNSKEY should be dynamically generated"))
}
RecordType::DNSSEC(DNSSECRecordType::KEY) => {
return Err(ParseError::from("KEY should be dynamically generated"))
}
RecordType::DNSSEC(DNSSECRecordType::DS) => {
return Err(ParseError::from("DS should be dynamically generated"))
}
RecordType::DNSSEC(DNSSECRecordType::NSEC) => {
RecordType::KEY => return Err(ParseError::from("KEY should be dynamically generated")),
RecordType::DS => return Err(ParseError::from("DS should be dynamically generated")),
RecordType::NSEC => {
return Err(ParseError::from("NSEC should be dynamically generated"))
}
RecordType::DNSSEC(DNSSECRecordType::NSEC3) => {
RecordType::NSEC3 => {
return Err(ParseError::from("NSEC3 should be dynamically generated"))
}
RecordType::DNSSEC(DNSSECRecordType::NSEC3PARAM) => {
RecordType::NSEC3PARAM => {
return Err(ParseError::from(
"NSEC3PARAM should be dynamically generated",
))
}
RecordType::DNSSEC(DNSSECRecordType::RRSIG) => {
RecordType::RRSIG => {
return Err(ParseError::from("RRSIG should be dynamically generated"))
}
RecordType::DNSSEC(DNSSECRecordType::Unknown(code)) => {
return Err(ParseError::from(ParseErrorKind::UnknownRecordType(code)))
}
RecordType::Unknown(code) => {
// TODO: add a way to associate generic record types to the zone
return Err(ParseError::from(ParseErrorKind::UnknownRecordType(code)));
}
RecordType::ZERO => RData::ZERO,
r @ trust_dns_proto::rr::RecordType::DNSSEC(..) | r => {
return Err(ParseError::from(ParseErrorKind::UnknownRecordType(
u16::from(r),
)))
r => {
// TODO: add a way to associate generic record types to the zone
return Err(ParseError::from(ParseErrorKind::UnsupportedRecordType(r)));
}
};

16
crates/proto/src/op/message.rs
View File

@ -27,10 +27,6 @@ use super::{Edns, Header, MessageType, OpCode, Query, ResponseCode};
use crate::error::*;
use crate::rr::{Record, RecordType};
use crate::serialize::binary::{BinDecodable, BinDecoder, BinEncodable, BinEncoder, EncodeMode};
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
use crate::rr::dnssec::rdata::DNSSECRecordType;
use crate::xfer::DnsResponse;
/// The basic request and response datastructure, used for all DNS protocols.
@ -334,7 +330,7 @@ impl Message {
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
pub fn add_sig0(&mut self, record: Record) -> &mut Self {
assert_eq!(RecordType::DNSSEC(DNSSECRecordType::SIG), record.rr_type());
assert_eq!(RecordType::SIG, record.rr_type());
self.signature.push(record);
self
}
@ -345,7 +341,7 @@ impl Message {
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
pub fn add_tsig(&mut self, record: Record) -> &mut Self {
assert_eq!(RecordType::DNSSEC(DNSSECRecordType::TSIG), record.rr_type());
assert_eq!(RecordType::TSIG, record.rr_type());
self.signature.push(record);
self
}
@ -653,12 +649,12 @@ impl Message {
} else {
match record.rr_type() {
#[cfg(feature = "dnssec")]
RecordType::DNSSEC(DNSSECRecordType::SIG) => {
RecordType::SIG => {
saw_sig0 = true;
sigs.push(record);
}
#[cfg(feature = "dnssec")]
RecordType::DNSSEC(DNSSECRecordType::TSIG) => {
RecordType::TSIG => {
if saw_sig0 {
return Err("sig0 must be final resource record".into());
} // SIG0 must be last
@ -725,9 +721,9 @@ impl Message {
match fin.rr_type() {
// SIG0's are special, and come at the very end of the message
#[cfg(feature = "dnssec")]
RecordType::DNSSEC(DNSSECRecordType::SIG) => self.add_sig0(fin),
RecordType::SIG => self.add_sig0(fin),
#[cfg(feature = "dnssec")]
RecordType::DNSSEC(DNSSECRecordType::TSIG) => self.add_tsig(fin),
RecordType::TSIG => self.add_tsig(fin),
_ => self.add_additional(fin),
};
}

159
crates/proto/src/rr/dnssec/rdata/mod.rs
View File

@ -30,12 +30,8 @@ pub mod nsec3param;
pub mod sig;
pub mod tsig;
use std::str::FromStr;
use enum_as_inner::EnumAsInner;
use log::trace;
#[cfg(feature = "serde-config")]
use serde::{Deserialize, Serialize};
use crate::error::*;
use crate::rr::rdata::null;
@ -53,108 +49,8 @@ pub use self::sig::SIG;
pub use self::tsig::TSIG;
/// The type of the resource record, for DNSSEC-specific records.
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(Debug, PartialEq, Eq, Hash, Copy, Clone)]
#[non_exhaustive]
pub enum DNSSECRecordType {
// CDS, // 59 RFC 7344 Child DS
// CDNSKEY, // 60 RFC 7344 Child DNSKEY
// DLV, // 32769 RFC 4431 DNSSEC Lookaside Validation record
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) DNS Key record: RSASHA256 and RSASHA512, RFC5702
DNSKEY,
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) Delegation signer: RSASHA256 and RSASHA512, RFC5702
DS,
/// [RFC 2535](https://tools.ietf.org/html/rfc2535) and [RFC 2930](https://tools.ietf.org/html/rfc2930) Key record
KEY,
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) Next-Secure record
NSEC,
/// [RFC 5155](https://tools.ietf.org/html/rfc5155) NSEC record version 3
NSEC3,
/// [RFC 5155](https://tools.ietf.org/html/rfc5155) NSEC3 parameters
NSEC3PARAM,
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) DNSSEC signature: RSASHA256 and RSASHA512, RFC5702
RRSIG,
/// [RFC 2535](https://tools.ietf.org/html/rfc2535) (and [RFC 2931](https://tools.ietf.org/html/rfc2931)) Signature, to support [RFC 2137](https://tools.ietf.org/html/rfc2137) Update.
///
/// This isn't really a DNSSEC record type, but it is here because, at least
/// for now, we enable/disable SIG(0) in exactly the same circumstances that
/// we enable/disable DNSSEC. This may change in the future.
SIG,
/// [RFC 8945](https://tools.ietf.org/html/rfc8945) Transaction Signature
TSIG,
/// Unknown or not yet supported DNSSec record type
Unknown(u16),
}
impl FromStr for DNSSECRecordType {
type Err = ProtoError;
fn from_str(str: &str) -> ProtoResult<Self> {
match str {
"DNSKEY" => Ok(DNSSECRecordType::DNSKEY),
"DS" => Ok(DNSSECRecordType::DS),
"KEY" => Ok(DNSSECRecordType::KEY),
"NSEC" => Ok(DNSSECRecordType::NSEC),
"NSEC3" => Ok(DNSSECRecordType::NSEC3),
"NSEC3PARAM" => Ok(DNSSECRecordType::NSEC3PARAM),
"RRSIG" => Ok(DNSSECRecordType::RRSIG),
"SIG" => Ok(DNSSECRecordType::SIG),
"TSIG" => Ok(DNSSECRecordType::TSIG),
_ => Err(ProtoErrorKind::UnknownRecordTypeStr(str.to_string()).into()),
}
}
}
impl From<u16> for DNSSECRecordType {
fn from(value: u16) -> Self {
match value {
48 => DNSSECRecordType::DNSKEY,
43 => DNSSECRecordType::DS,
25 => DNSSECRecordType::KEY,
47 => DNSSECRecordType::NSEC,
50 => DNSSECRecordType::NSEC3,
51 => DNSSECRecordType::NSEC3PARAM,
46 => DNSSECRecordType::RRSIG,
24 => DNSSECRecordType::SIG,
250 => DNSSECRecordType::TSIG,
_ => DNSSECRecordType::Unknown(value),
}
}
}
impl From<DNSSECRecordType> for &'static str {
fn from(rt: DNSSECRecordType) -> &'static str {
match rt {
DNSSECRecordType::DNSKEY => "DNSKEY",
DNSSECRecordType::DS => "DS",
DNSSECRecordType::KEY => "KEY",
DNSSECRecordType::NSEC => "NSEC",
DNSSECRecordType::NSEC3 => "NSEC3",
DNSSECRecordType::NSEC3PARAM => "NSEC3PARAM",
DNSSECRecordType::RRSIG => "RRSIG",
DNSSECRecordType::SIG => "SIG",
DNSSECRecordType::TSIG => "TSIG",
DNSSECRecordType::Unknown(..) => "DnsSecUnknown",
}
}
}
impl From<DNSSECRecordType> for u16 {
fn from(rt: DNSSECRecordType) -> Self {
match rt {
DNSSECRecordType::KEY => 25,
DNSSECRecordType::DNSKEY => 48,
DNSSECRecordType::DS => 43,
DNSSECRecordType::NSEC => 47,
DNSSECRecordType::NSEC3 => 50,
DNSSECRecordType::NSEC3PARAM => 51,
DNSSECRecordType::RRSIG => 46,
DNSSECRecordType::SIG => 24,
DNSSECRecordType::TSIG => 250,
DNSSECRecordType::Unknown(value) => value,
}
}
}
#[deprecated(note = "All RecordType definitions have been moved into RecordType")]
pub type DNSSECRecordType = RecordType;
/// Record data enum variants for DNSSEC-specific records.
#[derive(Debug, EnumAsInner, PartialEq, Clone, Eq)]
@ -611,49 +507,48 @@ pub enum DNSSECRData {
impl DNSSECRData {
pub(crate) fn read(
decoder: &mut BinDecoder<'_>,
record_type: DNSSECRecordType,
record_type: RecordType,
rdata_length: Restrict<u16>,
) -> ProtoResult<Self> {
match record_type {
DNSSECRecordType::DNSKEY => {
RecordType::DNSKEY => {
trace!("reading DNSKEY");
dnskey::read(decoder, rdata_length).map(DNSSECRData::DNSKEY)
}
DNSSECRecordType::DS => {
RecordType::DS => {
trace!("reading DS");
ds::read(decoder, rdata_length).map(DNSSECRData::DS)
}
DNSSECRecordType::KEY => {
RecordType::KEY => {
trace!("reading KEY");
key::read(decoder, rdata_length).map(DNSSECRData::KEY)
}
DNSSECRecordType::NSEC => {
RecordType::NSEC => {
trace!("reading NSEC");
nsec::read(decoder, rdata_length).map(DNSSECRData::NSEC)
}
DNSSECRecordType::NSEC3 => {
RecordType::NSEC3 => {
trace!("reading NSEC3");
nsec3::read(decoder, rdata_length).map(DNSSECRData::NSEC3)
}
DNSSECRecordType::NSEC3PARAM => {
RecordType::NSEC3PARAM => {
trace!("reading NSEC3PARAM");
nsec3param::read(decoder).map(DNSSECRData::NSEC3PARAM)
}
DNSSECRecordType::RRSIG => {
RecordType::RRSIG => {
trace!("reading RRSIG");
sig::read(decoder, rdata_length).map(DNSSECRData::SIG)
}
DNSSECRecordType::SIG => {
RecordType::SIG => {
trace!("reading SIG");
sig::read(decoder, rdata_length).map(DNSSECRData::SIG)
}
DNSSECRecordType::TSIG => {
RecordType::TSIG => {
trace!("reading TSIG");
tsig::read(decoder, rdata_length).map(DNSSECRData::TSIG)
}
DNSSECRecordType::Unknown(code) => {
trace!("reading unknown dnssec: {}", code);
null::read(decoder, rdata_length).map(|rdata| DNSSECRData::Unknown { code, rdata })
r => {
panic!("not a dnssec RecordType: {}", r);
}
}
}
@ -688,17 +583,17 @@ impl DNSSECRData {
}
}
pub(crate) fn to_record_type(&self) -> DNSSECRecordType {
pub(crate) fn to_record_type(&self) -> RecordType {
match *self {
DNSSECRData::DS(..) => DNSSECRecordType::DS,
DNSSECRData::KEY(..) => DNSSECRecordType::KEY,
DNSSECRData::DNSKEY(..) => DNSSECRecordType::DNSKEY,
DNSSECRData::NSEC(..) => DNSSECRecordType::NSEC,
DNSSECRData::NSEC3(..) => DNSSECRecordType::NSEC3,
DNSSECRData::NSEC3PARAM(..) => DNSSECRecordType::NSEC3PARAM,
DNSSECRData::SIG(..) => DNSSECRecordType::SIG,
DNSSECRData::TSIG(..) => DNSSECRecordType::TSIG,
DNSSECRData::Unknown { code, .. } => DNSSECRecordType::Unknown(code),
DNSSECRData::DS(..) => RecordType::DS,
DNSSECRData::KEY(..) => RecordType::KEY,
DNSSECRData::DNSKEY(..) => RecordType::DNSKEY,
DNSSECRData::NSEC(..) => RecordType::NSEC,
DNSSECRData::NSEC3(..) => RecordType::NSEC3,
DNSSECRData::NSEC3PARAM(..) => RecordType::NSEC3PARAM,
DNSSECRData::SIG(..) => RecordType::SIG,
DNSSECRData::TSIG(..) => RecordType::TSIG,
DNSSECRData::Unknown { code, .. } => RecordType::Unknown(code),
}
}
}
@ -723,12 +618,6 @@ impl fmt::Display for DNSSECRData {
}
}
impl From<DNSSECRecordType> for RecordType {
fn from(record_type: DNSSECRecordType) -> RecordType {
RecordType::DNSSEC(record_type)
}
}
impl From<DNSSECRData> for RData {
fn from(rdata: DNSSECRData) -> RData {
RData::DNSSEC(rdata)

7
crates/proto/src/rr/dnssec/rdata/nsec.rs
View File

@ -19,7 +19,6 @@ use std::fmt;
use super::nsec3;
use crate::error::*;
use crate::rr::dnssec::rdata::DNSSECRecordType;
use crate::rr::{Name, RecordType};
use crate::serialize::binary::*;
@ -84,7 +83,7 @@ impl NSEC {
///
/// An NSEC RData for use in a Resource Record
pub fn new_cover_self(next_domain_name: Name, mut type_bit_maps: Vec<RecordType>) -> NSEC {
type_bit_maps.push(RecordType::DNSSEC(DNSSECRecordType::NSEC));
type_bit_maps.push(RecordType::NSEC);
Self::new(next_domain_name, type_bit_maps)
}
@ -224,8 +223,8 @@ mod tests {
vec![
RecordType::A,
RecordType::AAAA,
RecordType::DNSSEC(DNSSECRecordType::DS),
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
RecordType::DS,
RecordType::RRSIG,
],
);

16
crates/proto/src/rr/dnssec/rdata/nsec3.rs
View File

@ -563,7 +563,7 @@ mod tests {
#[test]
fn test() {
use crate::rr::dnssec::rdata::DNSSECRecordType;
use crate::rr::dnssec::rdata::RecordType;
let rdata = NSEC3::new(
Nsec3HashAlgorithm::SHA1,
@ -574,8 +574,8 @@ mod tests {
vec![
RecordType::A,
RecordType::AAAA,
RecordType::DNSSEC(DNSSECRecordType::DS),
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
RecordType::DS,
RecordType::RRSIG,
],
);
@ -594,7 +594,7 @@ mod tests {
#[test]
fn test_dups() {
use crate::rr::dnssec::rdata::DNSSECRecordType;
use crate::rr::dnssec::rdata::RecordType;
let rdata_with_dups = NSEC3::new(
Nsec3HashAlgorithm::SHA1,
@ -605,9 +605,9 @@ mod tests {
vec![
RecordType::A,
RecordType::AAAA,
RecordType::DNSSEC(DNSSECRecordType::DS),
RecordType::DS,
RecordType::AAAA,
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
RecordType::RRSIG,
],
);
@ -620,8 +620,8 @@ mod tests {
vec![
RecordType::A,
RecordType::AAAA,
RecordType::DNSSEC(DNSSECRecordType::DS),
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
RecordType::DS,
RecordType::RRSIG,
],
);

10
crates/proto/src/rr/dnssec/rdata/tsig.rs
View File

@ -14,7 +14,7 @@ use crate::rr::rdata::sshfp;
use crate::error::*;
use crate::op::{Header, Message, Query};
use crate::rr::dns_class::DNSClass;
use crate::rr::dnssec::rdata::{DNSSECRData, DNSSECRecordType};
use crate::rr::dnssec::rdata::DNSSECRData;
use crate::rr::record_data::RData;
use crate::rr::record_type::RecordType;
use crate::rr::{Name, Record};
@ -720,10 +720,8 @@ pub fn signed_bitmessage_to_buf(
// parse a tsig record
let sig = Record::read(&mut decoder)?;
let tsig = if let (
RecordType::DNSSEC(DNSSECRecordType::TSIG),
RData::DNSSEC(DNSSECRData::TSIG(tsig_data)),
) = (sig.rr_type(), sig.rdata())
let tsig = if let (RecordType::TSIG, RData::DNSSEC(DNSSECRData::TSIG(tsig_data))) =
(sig.rr_type(), sig.rdata())
{
tsig_data
} else {
@ -766,7 +764,7 @@ pub fn make_tsig_record(name: Name, rdata: TSIG) -> Record {
// NAME: The name of the key used, in domain name syntax
tsig.set_name(name)
// TYPE: This MUST be TSIG (250: Transaction SIGnature).
.set_record_type(DNSSECRecordType::TSIG.into())
.set_record_type(RecordType::TSIG.into())
// CLASS: This MUST be ANY.
.set_dns_class(DNSClass::ANY)
// TTL: This MUST be 0.

15
crates/proto/src/rr/record_data.rs
View File

@ -776,12 +776,15 @@ impl RData {
rdata::txt::read(decoder, rdata_length).map(RData::TXT)
}
#[cfg(feature = "dnssec")]
RecordType::DNSSEC(record_type) => {
r if r.is_dnssec() => {
DNSSECRData::read(decoder, record_type, rdata_length).map(RData::DNSSEC)
}
RecordType::Unknown(code) => {
trace!("reading Unknown");
rdata::null::read(decoder, rdata_length).map(|rdata| RData::Unknown { code, rdata })
record_type => {
trace!("reading Unknown record: {}", record_type);
rdata::null::read(decoder, rdata_length).map(|rdata| RData::Unknown {
code: record_type.into(),
rdata,
})
}
};
@ -938,7 +941,7 @@ impl RData {
RData::TLSA(..) => RecordType::TLSA,
RData::TXT(..) => RecordType::TXT,
#[cfg(feature = "dnssec")]
RData::DNSSEC(ref rdata) => RecordType::DNSSEC(DNSSECRData::to_record_type(rdata)),
RData::DNSSEC(ref rdata) => DNSSECRData::to_record_type(rdata),
RData::Unknown { code, .. } => RecordType::Unknown(code),
RData::ZERO => RecordType::ZERO,
}
@ -1230,7 +1233,7 @@ mod tests {
RData::TLSA(..) => RecordType::TLSA,
RData::TXT(..) => RecordType::TXT,
#[cfg(feature = "dnssec")]
RData::DNSSEC(ref rdata) => RecordType::DNSSEC(rdata.to_record_type()),
RData::DNSSEC(ref rdata) => rdata.to_record_type(),
RData::Unknown { code, .. } => RecordType::Unknown(code),
RData::ZERO => RecordType::ZERO,
}

111
crates/proto/src/rr/record_type.rs
View File

@ -19,9 +19,6 @@ use serde::{Deserialize, Serialize};
use crate::error::*;
use crate::serialize::binary::*;
#[cfg(feature = "dnssec")]
use crate::rr::dnssec::rdata::DNSSECRecordType;
// TODO: adopt proper restrictions on usage: https://tools.ietf.org/html/rfc6895 section 3.1
// add the data TYPEs, QTYPEs, and Meta-TYPEs
//
@ -48,11 +45,18 @@ pub enum RecordType {
AXFR,
/// [RFC 6844](https://tools.ietf.org/html/rfc6844) Certification Authority Authorization
CAA,
// CDS, // 59 RFC 7344 Child DS
// CDNSKEY, // 60 RFC 7344 Child DNSKEY
// CERT, // 37 RFC 4398 Certificate record
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Canonical name record
CNAME,
// DHCID, // 49 RFC 4701 DHCP identifier
// DLV, // 32769 RFC 4431 DNSSEC Lookaside Validation record
// DNAME, // 39 RFC 2672 Delegation Name
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) DNS Key record: RSASHA256 and RSASHA512, RFC5702
DNSKEY,
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) Delegation signer: RSASHA256 and RSASHA512, RFC5702
DS,
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) host information
HINFO,
// HIP, // 55 RFC 5205 Host Identity Protocol
@ -62,6 +66,8 @@ pub enum RecordType {
/// [RFC 1996](https://tools.ietf.org/html/rfc1996) Incremental Zone Transfer
IXFR,
// KX, // 36 RFC 2230 Key eXchanger record
/// [RFC 2535](https://tools.ietf.org/html/rfc2535) and [RFC 2930](https://tools.ietf.org/html/rfc2930) Key record
KEY,
// LOC, // 29 RFC 1876 Location record
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Mail exchange record
MX,
@ -69,6 +75,12 @@ pub enum RecordType {
NAPTR,
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Name server record
NS,
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) Next-Secure record
NSEC,
/// [RFC 5155](https://tools.ietf.org/html/rfc5155) NSEC record version 3
NSEC3,
/// [RFC 5155](https://tools.ietf.org/html/rfc5155) NSEC3 parameters
NSEC3PARAM,
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Null server record, for testing
NULL,
/// [RFC 7929](https://tools.ietf.org/html/rfc7929) OpenPGP public key
@ -78,6 +90,10 @@ pub enum RecordType {
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Pointer record
PTR,
// RP, // 17 RFC 1183 Responsible person
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) DNSSEC signature: RSASHA256 and RSASHA512, RFC5702
RRSIG,
/// [RFC 2535](https://tools.ietf.org/html/rfc2535) (and [RFC 2931](https://tools.ietf.org/html/rfc2931)) Signature, to support [RFC 2137](https://tools.ietf.org/html/rfc2137) Update.
SIG,
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) and [RFC 2308](https://tools.ietf.org/html/rfc2308) Start of [a zone of] authority record
SOA,
/// [RFC 2782](https://tools.ietf.org/html/rfc2782) Service locator
@ -90,17 +106,10 @@ pub enum RecordType {
// TKEY, // 249 RFC 2930 Secret key record
/// [RFC 6698](https://tools.ietf.org/html/rfc6698) TLSA certificate association
TLSA,
/// [RFC 8945](https://tools.ietf.org/html/rfc8945) Transaction Signature
TSIG,
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Text record
TXT,
/// A DNSSEC- or SIG(0)- specific record type.
///
/// These types are in [DNSSECRecordType] to make them easy to disable when
/// crypto functionality isn't needed.
#[cfg(feature = "dnssec")]
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
DNSSEC(DNSSECRecordType),
/// Unknown Record type, or unsupported
Unknown(u16),
@ -144,6 +153,23 @@ impl RecordType {
pub fn is_ip_addr(self) -> bool {
matches!(self, RecordType::A | RecordType::AAAA)
}
/// Returns true if this is a DNSSEC RecordType
#[inline]
pub fn is_dnssec(self) -> bool {
matches!(
self,
RecordType::DNSKEY
| RecordType::DS
| RecordType::KEY
| RecordType::NSEC
| RecordType::NSEC3
| RecordType::NSEC3PARAM
| RecordType::RRSIG
| RecordType::SIG
| RecordType::TSIG
)
}
}
impl FromStr for RecordType {
@ -165,27 +191,33 @@ impl FromStr for RecordType {
"A" => Ok(RecordType::A),
"AAAA" => Ok(RecordType::AAAA),
"ANAME" => Ok(RecordType::ANAME),
"AXFR" => Ok(RecordType::AXFR),
"CAA" => Ok(RecordType::CAA),
"CNAME" => Ok(RecordType::CNAME),
"DNSKEY" => Ok(RecordType::DNSKEY),
"DS" => Ok(RecordType::DS),
"HINFO" => Ok(RecordType::HINFO),
"HTTPS" => Ok(RecordType::HTTPS),
"NULL" => Ok(RecordType::NULL),
"KEY" => Ok(RecordType::KEY),
"MX" => Ok(RecordType::MX),
"NAPTR" => Ok(RecordType::NAPTR),
"NSEC" => Ok(RecordType::NSEC),
"NSEC3" => Ok(RecordType::NSEC3),
"NSEC3PARAM" => Ok(RecordType::NSEC3PARAM),
"NS" => Ok(RecordType::NS),
"NULL" => Ok(RecordType::NULL),
"OPENPGPKEY" => Ok(RecordType::OPENPGPKEY),
"PTR" => Ok(RecordType::PTR),
"RRSIG" => Ok(RecordType::RRSIG),
"SIG" => Ok(RecordType::SIG),
"SOA" => Ok(RecordType::SOA),
"SRV" => Ok(RecordType::SRV),
"SSHFP" => Ok(RecordType::SSHFP),
"SVCB" => Ok(RecordType::SVCB),
"TLSA" => Ok(RecordType::TLSA),
"TXT" => Ok(RecordType::TXT),
"TSIG" => Ok(RecordType::TSIG),
"ANY" | "*" => Ok(RecordType::ANY),
"AXFR" => Ok(RecordType::AXFR),
#[cfg(feature = "dnssec")]
"DNSKEY" | "DS" | "KEY" | "NSEC" | "NSEC3" | "NSEC3PARAM" | "RRSIG" | "SIG"
| "TSIG" => Ok(RecordType::DNSSEC(str.parse()?)),
_ => Err(ProtoErrorKind::UnknownRecordTypeStr(str.to_string()).into()),
}
}
@ -211,32 +243,31 @@ impl From<u16> for RecordType {
252 => RecordType::AXFR,
257 => RecordType::CAA,
5 => RecordType::CNAME,
48 => RecordType::DNSKEY,
43 => RecordType::DS,
13 => RecordType::HINFO,
65 => RecordType::HTTPS,
25 => RecordType::KEY,
15 => RecordType::MX,
35 => RecordType::NAPTR,
2 => RecordType::NS,
47 => RecordType::NSEC,
50 => RecordType::NSEC3,
51 => RecordType::NSEC3PARAM,
10 => RecordType::NULL,
61 => RecordType::OPENPGPKEY,
41 => RecordType::OPT,
12 => RecordType::PTR,
46 => RecordType::RRSIG,
24 => RecordType::SIG,
6 => RecordType::SOA,
33 => RecordType::SRV,
44 => RecordType::SSHFP,
64 => RecordType::SVCB,
52 => RecordType::TLSA,
250 => RecordType::TSIG,
16 => RecordType::TXT,
0 => RecordType::ZERO,
#[cfg(feature = "dnssec")]
48/*DNSKEY*/ |
43/*DS*/ |
25/*KEY*/ |
47/*NSEC*/|
50/*NSEC3*/|
51/*NSEC3PARAM*/|
46/*RRSIG*/|
24/*SIG*/|
250/*TSIG*/ => RecordType::DNSSEC(DNSSECRecordType::from(value)),
// all unknown record types
_ => RecordType::Unknown(value),
}
@ -284,25 +315,32 @@ impl From<RecordType> for &'static str {
RecordType::AXFR => "AXFR",
RecordType::CAA => "CAA",
RecordType::CNAME => "CNAME",
RecordType::DNSKEY => "DNSKEY",
RecordType::DS => "DS",
RecordType::HINFO => "HINFO",
RecordType::HTTPS => "HTTPS",
RecordType::ZERO => "ZERO",
RecordType::KEY => "KEY",
RecordType::IXFR => "IXFR",
RecordType::MX => "MX",
RecordType::NAPTR => "NAPTR",
RecordType::NS => "NS",
RecordType::NSEC => "NSEC",
RecordType::NSEC3 => "NSEC3",
RecordType::NSEC3PARAM => "NSEC3PARAM",
RecordType::NULL => "NULL",
RecordType::OPENPGPKEY => "OPENPGPKEY",
RecordType::OPT => "OPT",
RecordType::PTR => "PTR",
RecordType::RRSIG => "RRSIG",
RecordType::SIG => "SIG",
RecordType::SOA => "SOA",
RecordType::SRV => "SRV",
RecordType::SSHFP => "SSHFP",
RecordType::SVCB => "SVCB",
RecordType::TLSA => "TLSA",
RecordType::TSIG => "TSIG",
RecordType::TXT => "TXT",
#[cfg(feature = "dnssec")]
RecordType::DNSSEC(rt) => rt.into(),
RecordType::ZERO => "ZERO",
RecordType::Unknown(_) => "Unknown",
}
}
@ -328,25 +366,32 @@ impl From<RecordType> for u16 {
RecordType::AXFR => 252,
RecordType::CAA => 257,
RecordType::CNAME => 5,
RecordType::DNSKEY => 48,
RecordType::DS => 43,
RecordType::HINFO => 13,
RecordType::HTTPS => 65,
RecordType::ZERO => 0,
RecordType::KEY => 25,
RecordType::IXFR => 251,
RecordType::MX => 15,
RecordType::NAPTR => 35,
RecordType::NS => 2,
RecordType::NSEC => 47,
RecordType::NSEC3 => 50,
RecordType::NSEC3PARAM => 51,
RecordType::NULL => 10,
RecordType::OPENPGPKEY => 61,
RecordType::OPT => 41,
RecordType::PTR => 12,
RecordType::RRSIG => 46,
RecordType::SIG => 24,
RecordType::SOA => 6,
RecordType::SRV => 33,
RecordType::SSHFP => 44,
RecordType::SVCB => 64,
RecordType::TLSA => 52,
RecordType::TSIG => 250,
RecordType::TXT => 16,
#[cfg(feature = "dnssec")]
RecordType::DNSSEC(rt) => rt.into(),
RecordType::ZERO => 0,
RecordType::Unknown(code) => code,
}
}

10
crates/proto/src/rr/rr_set.rs
View File

@ -860,7 +860,7 @@ mod test {
#[allow(clippy::blocks_in_if_conditions)]
fn test_get_filter() {
use crate::rr::dnssec::rdata::SIG;
use crate::rr::dnssec::rdata::{DNSSECRData, DNSSECRecordType};
use crate::rr::dnssec::rdata::{DNSSECRData, RecordType};
use crate::rr::dnssec::{Algorithm, SupportedAlgorithms};
let name = Name::root();
@ -912,28 +912,28 @@ mod test {
let rrsig_rsa = Record::new()
.set_name(name.clone())
.set_ttl(3600)
.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::RRSIG))
.set_rr_type(RecordType::RRSIG)
.set_dns_class(DNSClass::IN)
.set_rdata(RData::DNSSEC(DNSSECRData::SIG(rsasha256)))
.clone();
let rrsig_ecp256 = Record::new()
.set_name(name.clone())
.set_ttl(3600)
.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::RRSIG))
.set_rr_type(RecordType::RRSIG)
.set_dns_class(DNSClass::IN)
.set_rdata(RData::DNSSEC(DNSSECRData::SIG(ecp256)))
.clone();
let rrsig_ecp384 = Record::new()
.set_name(name.clone())
.set_ttl(3600)
.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::RRSIG))
.set_rr_type(RecordType::RRSIG)
.set_dns_class(DNSClass::IN)
.set_rdata(RData::DNSSEC(DNSSECRData::SIG(ecp384)))
.clone();
let rrsig_ed25519 = Record::new()
.set_name(name.clone())
.set_ttl(3600)
.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::RRSIG))
.set_rr_type(RecordType::RRSIG)
.set_dns_class(DNSClass::IN)
.set_rdata(RData::DNSSEC(DNSSECRData::SIG(ed25519)))
.clone();

41
crates/proto/src/xfer/dnssec_dns_handle.rs
View File

@ -21,7 +21,7 @@ use log::{debug, trace};
use crate::error::*;
use crate::op::{OpCode, Query};
use crate::rr::dnssec::rdata::{DNSSECRData, DNSSECRecordType, DNSKEY, SIG};
use crate::rr::dnssec::rdata::{DNSSECRData, DNSKEY, SIG};
#[cfg(feature = "dnssec")]
use crate::rr::dnssec::Verifier;
use crate::rr::dnssec::{Algorithm, SupportedAlgorithms, TrustAnchor};
@ -201,7 +201,7 @@ where
let nsecs = verified_message
.name_servers()
.iter()
.filter(|rr| is_dnssec(rr, DNSSECRecordType::NSEC))
.filter(|rr| is_dnssec(rr, RecordType::NSEC))
.collect::<Vec<_>>();
if !verify_nsec(&query, soa_name, nsecs.as_slice()) {
@ -239,14 +239,14 @@ where
.iter()
.chain(message_result.name_servers())
.filter(|rr| {
!is_dnssec(rr, DNSSECRecordType::RRSIG) &&
!is_dnssec(rr, RecordType::RRSIG) &&
// if we are at a depth greater than 1, we are only interested in proving evaluation chains
// this means that only DNSKEY and DS are interesting at that point.
// this protects against looping over things like NS records and DNSKEYs in responses.
// TODO: is there a cleaner way to prevent cycles in the evaluations?
(handle.request_depth <= 1 ||
is_dnssec(rr, DNSSECRecordType::DNSKEY) ||
is_dnssec(rr, DNSSECRecordType::DS))
is_dnssec(rr, RecordType::DNSKEY) ||
is_dnssec(rr, RecordType::DS))
})
.map(|rr| (rr.name().clone(), rr.rr_type()))
{
@ -286,7 +286,7 @@ where
.iter()
.chain(message_result.name_servers())
.chain(message_result.additionals())
.filter(|rr| is_dnssec(rr, DNSSECRecordType::RRSIG))
.filter(|rr| is_dnssec(rr, RecordType::RRSIG))
.filter(|rr| {
if let RData::DNSSEC(DNSSECRData::SIG(ref rrsig)) = *rr.rdata() {
rrsig.type_covered() == record_type
@ -320,8 +320,8 @@ where
verify_all_rrsets(message_result, rrsets_to_verify).await
}
fn is_dnssec(rr: &Record, dnssec_type: DNSSECRecordType) -> bool {
rr.rr_type() == RecordType::DNSSEC(dnssec_type)
fn is_dnssec(rr: &Record, dnssec_type: RecordType) -> bool {
rr.rr_type().is_dnssec() && dnssec_type.is_dnssec() && rr.record_type() == dnssec_type
}
async fn verify_all_rrsets<F, E>(
@ -435,7 +435,7 @@ where
// Special case for unsigned DNSKEYs, it's valid for a DNSKEY to be bare in the zone if
// it's a trust_anchor, though some DNS servers choose to self-sign in this case,
// for self-signed KEYS they will drop through to the standard validation logic.
if let RecordType::DNSSEC(DNSSECRecordType::DNSKEY) = rrset.record_type {
if let RecordType::DNSKEY = rrset.record_type {
if rrsigs.is_empty() {
debug!("unsigned key: {}, {:?}", rrset.name, rrset.record_type);
// TODO: validate that this DNSKEY is stronger than the one lower in the chain,
@ -449,7 +449,7 @@ where
// validation of DNSKEY records
match rrset.record_type {
RecordType::DNSSEC(DNSSECRecordType::DNSKEY) => verify_dnskey_rrset(handle, rrset).await,
RecordType::DNSKEY => verify_dnskey_rrset(handle, rrset).await,
_ => Ok(rrset),
}
}
@ -476,7 +476,7 @@ where
.records
.iter()
.enumerate()
.filter(|&(_, rr)| is_dnssec(rr, DNSSECRecordType::DNSKEY))
.filter(|&(_, rr)| is_dnssec(rr, RecordType::DNSKEY))
.filter_map(|(i, rr)| {
if let RData::DNSSEC(DNSSECRData::DNSKEY(ref rdata)) = *rr.rdata() {
Some((i, rdata))
@ -511,7 +511,7 @@ where
// need to get DS records for each DNSKEY
let ds_message = handle
.lookup(
Query::query(rrset.name.clone(), RecordType::DNSSEC(DNSSECRecordType::DS)),
Query::query(rrset.name.clone(), RecordType::DS),
DnsRequestOptions::default(),
)
.first_answer()
@ -520,7 +520,7 @@ where
.records
.iter()
.enumerate()
.filter(|&(_, rr)| is_dnssec(rr, DNSSECRecordType::DNSKEY))
.filter(|&(_, rr)| is_dnssec(rr, RecordType::DNSKEY))
.filter_map(|(i, rr)| {
if let RData::DNSSEC(DNSSECRData::DNSKEY(ref rdata)) = *rr.rdata() {
Some((i, rdata))
@ -532,7 +532,7 @@ where
ds_message
.answers()
.iter()
.filter(|ds| is_dnssec(ds, DNSSECRecordType::DS))
.filter(|ds| is_dnssec(ds, RecordType::DS))
.filter_map(|ds| {
if let RData::DNSSEC(DNSSECRData::DS(ref ds_rdata)) = *ds.rdata() {
Some((ds.name(), ds_rdata))
@ -656,11 +656,10 @@ where
// Special case for self-signed DNSKEYS, validate with itself...
if rrsigs
.iter()
.filter(|rrsig| is_dnssec(rrsig, DNSSECRecordType::RRSIG))
.filter(|rrsig| is_dnssec(rrsig, RecordType::RRSIG))
.any(|rrsig| {
if let RData::DNSSEC(DNSSECRData::SIG(ref sig)) = *rrsig.rdata() {
RecordType::DNSSEC(DNSSECRecordType::DNSKEY) == rrset.record_type
&& sig.signer_name() == &rrset.name
RecordType::DNSKEY == rrset.record_type && sig.signer_name() == &rrset.name
} else {
panic!("expected a SIG here");
}
@ -674,7 +673,7 @@ where
rrsigs
.into_iter()
// this filter is technically unnecessary, can probably remove it...
.filter(|rrsig| is_dnssec(rrsig, DNSSECRecordType::RRSIG))
.filter(|rrsig| is_dnssec(rrsig, RecordType::RRSIG))
.map(|rrsig| {
if let RData::DNSSEC(DNSSECRData::SIG(sig)) = rrsig.into_data() {
// setting up the context explicitly.
@ -721,7 +720,7 @@ where
// TODO: strip RRSIGS to accepted algorithms and make algorithms configurable.
let verifications = rrsigs.into_iter()
// this filter is technically unnecessary, can probably remove it...
.filter(|rrsig| is_dnssec(rrsig, DNSSECRecordType::RRSIG))
.filter(|rrsig| is_dnssec(rrsig, RecordType::RRSIG))
.map(|rrsig|
if let RData::DNSSEC(DNSSECRData::SIG(sig)) = rrsig.into_data() {
// setting up the context explicitly.
@ -736,7 +735,7 @@ where
handle
.lookup(
Query::query(sig.signer_name().clone(), RecordType::DNSSEC(DNSSECRecordType::DNSKEY)),
Query::query(sig.signer_name().clone(), RecordType::DNSKEY),
DnsRequestOptions::default()
)
.first_answer()
@ -745,7 +744,7 @@ where
future::ready(message
.answers()
.iter()
.filter(|r| is_dnssec(r, DNSSECRecordType::DNSKEY))
.filter(|r| is_dnssec(r, RecordType::DNSKEY))
.find(|r|
if let RData::DNSSEC(DNSSECRData::DNSKEY(ref dnskey)) = *r.rdata() {
let dnskey_name = r.name();

35
crates/server/src/store/in_memory/authority.rs
View File

@ -21,7 +21,6 @@ use crate::client::rr::dnssec::{DnsSecResult, SigSigner, SupportedAlgorithms};
use crate::client::rr::rdata::key::KEY;
#[cfg(feature = "dnssec")]
use crate::client::rr::rdata::DNSSECRData;
use crate::client::rr::rdata::DNSSECRecordType;
use crate::client::rr::rdata::SOA;
use crate::client::rr::{DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey};
@ -242,7 +241,7 @@ impl InMemoryAuthority {
let (records, _rrsigs): (Vec<&Record>, Vec<&Record>) = rrset
.records(and_rrsigs, supported_algorithms)
.partition(|r| r.record_type() != RecordType::DNSSEC(DNSSECRecordType::RRSIG));
.partition(|r| r.record_type() != RecordType::RRSIG);
for record in records {
new_answer.add_rdata(record.rdata().clone());
@ -359,10 +358,10 @@ impl InMemoryAuthority {
#[cfg(feature = "dnssec")]
fn is_nsec(upsert_type: RecordType, occupied_type: RecordType) -> bool {
// NSEC is always allowed
upsert_type == RecordType::DNSSEC(DNSSECRecordType::NSEC)
|| upsert_type == RecordType::DNSSEC(DNSSECRecordType::NSEC3)
|| occupied_type == RecordType::DNSSEC(DNSSECRecordType::NSEC)
|| occupied_type == RecordType::DNSSEC(DNSSECRecordType::NSEC3)
upsert_type == RecordType::NSEC
|| upsert_type == RecordType::NSEC3
|| occupied_type == RecordType::NSEC
|| occupied_type == RecordType::NSEC3
}
#[cfg(not(feature = "dnssec"))]
@ -460,7 +459,7 @@ impl InMemoryAuthority {
let delete_keys: Vec<RrKey> = self
.records
.keys()
.filter(|k| k.record_type == RecordType::DNSSEC(DNSSECRecordType::NSEC))
.filter(|k| k.record_type == RecordType::NSEC)
.cloned()
.collect();
@ -483,11 +482,7 @@ impl InMemoryAuthority {
}
Some((name, vec)) => {
// names aren't equal, create the NSEC record
let mut record = Record::with(
name.clone(),
RecordType::DNSSEC(DNSSECRecordType::NSEC),
ttl,
);
let mut record = Record::with(name.clone(), RecordType::NSEC, ttl);
let rdata = NSEC::new_cover_self(key.name.clone().into(), vec);
record.set_rdata(RData::DNSSEC(DNSSECRData::NSEC(rdata)));
records.push(record);
@ -501,11 +496,7 @@ impl InMemoryAuthority {
// the last record
if let Some((name, vec)) = nsec_info {
// names aren't equal, create the NSEC record
let mut record = Record::with(
name.clone(),
RecordType::DNSSEC(DNSSECRecordType::NSEC),
ttl,
);
let mut record = Record::with(name.clone(), RecordType::NSEC, ttl);
let rdata = NSEC::new_cover_self(Authority::origin(self).clone().into(), vec);
record.set_rdata(RData::DNSSEC(DNSSECRData::NSEC(rdata)));
records.push(record);
@ -544,11 +535,7 @@ impl InMemoryAuthority {
rr_set.clear_rrsigs();
let rrsig_temp = Record::with(
rr_set.name().clone(),
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
zone_ttl,
);
let rrsig_temp = Record::with(rr_set.name().clone(), RecordType::RRSIG, zone_ttl);
for signer in secure_keys {
debug!(
@ -1031,11 +1018,11 @@ impl Authority for InMemoryAuthority {
supported_algorithms: SupportedAlgorithms,
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
fn is_nsec_rrset(rr_set: &RecordSet) -> bool {
rr_set.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC)
rr_set.record_type() == RecordType::NSEC
}
// TODO: need a BorrowdRrKey
let rr_key = RrKey::new(name.clone(), RecordType::DNSSEC(DNSSECRecordType::NSEC));
let rr_key = RrKey::new(name.clone(), RecordType::NSEC);
let no_data = self
.records
.get(&rr_key)

4
crates/server/src/store/sqlite/authority.rs
View File

@ -445,7 +445,7 @@ impl SqliteAuthority {
use futures_executor::block_on;
use log::debug;
use crate::client::rr::rdata::{DNSSECRData, DNSSECRecordType};
use crate::client::rr::rdata::{DNSSECRData, RecordType};
use crate::proto::rr::dnssec::Verifier;
// 3.3.3 - Pseudocode for Permission Checking
@ -484,7 +484,7 @@ impl SqliteAuthority {
// TODO: updates should be async as well.
let keys = block_on(self.lookup(
&name,
RecordType::DNSSEC(DNSSECRecordType::KEY),
RecordType::KEY,
false,
SupportedAlgorithms::new(),
));

22
crates/server/tests/authority_battery/dnssec.rs
View File

@ -8,7 +8,7 @@ use futures_executor::block_on;
use trust_dns_client::op::Query;
use trust_dns_client::rr::dnssec::{Algorithm, SupportedAlgorithms, Verifier};
use trust_dns_client::rr::{DNSClass, Name, Record, RecordType};
use trust_dns_proto::rr::dnssec::rdata::{DNSSECRecordType, DNSKEY};
use trust_dns_proto::rr::dnssec::rdata::{RecordType, DNSKEY};
use trust_dns_proto::xfer;
use trust_dns_server::authority::{AuthLookup, Authority};
@ -25,7 +25,7 @@ pub fn test_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DN
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
.into_iter()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
.partition(|r| r.record_type() == RecordType::RRSIG);
assert!(!rrsig_records.is_empty());
verify(&a_records, &rrsig_records, keys);
@ -54,7 +54,7 @@ pub fn test_soa<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
.into_iter()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
.partition(|r| r.record_type() == RecordType::RRSIG);
assert!(!rrsig_records.is_empty());
verify(&soa_records, &rrsig_records, keys);
@ -75,7 +75,7 @@ pub fn test_ns<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY])
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
.into_iter()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
.partition(|r| r.record_type() == RecordType::RRSIG);
assert!(!rrsig_records.is_empty());
verify(&ns_records, &rrsig_records, keys);
@ -97,7 +97,7 @@ pub fn test_aname_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys:
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
.into_iter()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
.partition(|r| r.record_type() == RecordType::RRSIG);
assert!(!rrsig_records.is_empty());
verify(&a_records, &rrsig_records, keys);
@ -123,7 +123,7 @@ pub fn test_wildcard<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DN
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
.into_iter()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
.partition(|r| r.record_type() == RecordType::RRSIG);
assert!(!rrsig_records.is_empty());
verify(&cname_records, &rrsig_records, keys);
@ -142,7 +142,7 @@ pub fn test_nsec_nodata<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &
let (nsec_records, _other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
.cloned()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC));
.partition(|r| r.record_type() == RecordType::NSEC);
println!("nsec_records: {:?}", nsec_records);
@ -173,7 +173,7 @@ pub fn test_nsec_nxdomain_start<A: Authority<Lookup = AuthLookup>>(authority: A,
let (nsec_records, _other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
.cloned()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC));
.partition(|r| r.record_type() == RecordType::NSEC);
println!("nsec_records: {:?}", nsec_records);
@ -206,7 +206,7 @@ pub fn test_nsec_nxdomain_middle<A: Authority<Lookup = AuthLookup>>(authority: A
let (nsec_records, _other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
.cloned()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC));
.partition(|r| r.record_type() == RecordType::NSEC);
println!("nsec_records: {:?}", nsec_records);
@ -241,7 +241,7 @@ pub fn test_nsec_nxdomain_wraps_end<A: Authority<Lookup = AuthLookup>>(
let (nsec_records, _other_records): (Vec<_>, Vec<_>) = lookup
.into_iter()
.cloned()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC));
.partition(|r| r.record_type() == RecordType::NSEC);
println!("nsec_records: {:?}", nsec_records);
@ -284,7 +284,7 @@ pub fn test_rfc_6975_supported_algorithms<A: Authority<Lookup = AuthLookup>>(
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
.into_iter()
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
.partition(|r| r.record_type() == RecordType::RRSIG);
assert!(!rrsig_records.is_empty());
verify(&a_records, &rrsig_records, &[key.clone()]);

4
tests/integration-tests/tests/client_future_tests.rs
View File

@ -288,7 +288,7 @@ async fn create_sig0_ready_client() -> (
) {
use openssl::rsa::Rsa;
use trust_dns_client::rr::dnssec::{Algorithm, KeyPair};
use trust_dns_client::rr::rdata::{DNSSECRData, DNSSECRecordType};
use trust_dns_client::rr::rdata::{DNSSECRData, RecordType};
use trust_dns_server::store::sqlite::SqliteAuthority;
let authority = create_example();
@ -306,7 +306,7 @@ async fn create_sig0_ready_client() -> (
// insert the KEY for the trusted.example.com
let mut auth_key = Record::with(
trusted_name,
RecordType::DNSSEC(DNSSECRecordType::KEY),
RecordType::KEY,
Duration::minutes(5).num_seconds() as u32,
);
auth_key.set_rdata(RData::DNSSEC(DNSSECRData::KEY(sig0_key)));

10
tests/integration-tests/tests/client_tests.rs
View File

@ -310,7 +310,7 @@ fn test_timeout_query_tcp() {
// c.secure_query(
// &Name::parse("rollernet.us.", None).unwrap(),
// DNSClass::IN,
// RecordType::DNSSEC(DNSSECRecordType::DS),
// RecordType::DS),
// ).unwrap();
// }
@ -324,7 +324,7 @@ fn test_timeout_query_tcp() {
// c.secure_query(
// &Name::parse("rollernet.us.", None).unwrap(),
// DNSClass::IN,
// RecordType::DNSSEC(DNSSECRecordType::DS),
// RecordType::DS),
// ).unwrap();
// }
@ -338,7 +338,7 @@ fn test_timeout_query_tcp() {
// c.secure_query(
// &Name::parse("RollErnet.Us.", None).unwrap(),
// DNSClass::IN,
// RecordType::DNSSEC(DNSSECRecordType::DS),
// RecordType::DS),
// ).unwrap();
// }
@ -437,7 +437,7 @@ fn test_nsec_query_type() {
fn create_sig0_ready_client(mut catalog: Catalog) -> (SyncClient<TestClientConnection>, Name) {
use openssl::rsa::Rsa;
use trust_dns_client::rr::dnssec::{Algorithm, KeyPair, Signer as SigSigner};
use trust_dns_proto::rr::dnssec::rdata::{DNSSECRData, DNSSECRecordType, KEY};
use trust_dns_proto::rr::dnssec::rdata::{DNSSECRData, RecordType, KEY};
use trust_dns_server::store::sqlite::SqliteAuthority;
let authority = create_example();
@ -460,7 +460,7 @@ fn create_sig0_ready_client(mut catalog: Catalog) -> (SyncClient<TestClientConne
// insert the KEY for the trusted.example.com
let mut auth_key = Record::with(
Name::from_str("trusted.example.com").unwrap(),
RecordType::DNSSEC(DNSSECRecordType::KEY),
RecordType::KEY,
Duration::minutes(5).num_seconds() as u32,
);
auth_key.set_rdata(RData::DNSSEC(DNSSECRData::KEY(KEY::new(

4
tests/integration-tests/tests/dnssec_client_handle_tests.rs
View File

@ -156,7 +156,7 @@ where
// .block_on(client.query(
// name.clone(),
// DNSClass::IN,
// RecordType::DNSSEC(DNSSECRecordType::DS),
// RecordType::DS),
// ))
// .expect("query failed");
@ -176,7 +176,7 @@ where
// .block_on(client.query(
// name.clone(),
// DNSClass::IN,
// RecordType::DNSSEC(DNSSECRecordType::DS),
// RecordType::DS),
// ))
// .expect("query failed");

25
tests/integration-tests/tests/sqlite_authority_tests.rs
View File

@ -821,9 +821,7 @@ fn test_zone_signing() {
.unwrap();
assert!(
results
.iter()
.any(|r| r.rr_type() == RecordType::DNSSEC(DNSSECRecordType::DNSKEY)),
results.iter().any(|r| r.rr_type() == RecordType::DNSKEY),
"must contain a DNSKEY"
);
@ -836,10 +834,10 @@ fn test_zone_signing() {
.unwrap();
for record in &results {
if record.rr_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG) {
if record.rr_type() == RecordType::RRSIG {
continue;
}
if record.rr_type() == RecordType::DNSSEC(DNSSECRecordType::DNSKEY) {
if record.rr_type() == RecordType::DNSKEY {
continue;
}
@ -853,14 +851,15 @@ fn test_zone_signing() {
// validate all records have associated RRSIGs after signing
assert!(
inner_results.iter().any(|r| r.rr_type()
== RecordType::DNSSEC(DNSSECRecordType::RRSIG)
&& r.name() == record.name()
&& if let RData::DNSSEC(DNSSECRData::SIG(ref rrsig)) = *r.rdata() {
rrsig.type_covered() == record.rr_type()
} else {
false
}),
inner_results
.iter()
.any(|r| r.rr_type() == RecordType::RRSIG
&& r.name() == record.name()
&& if let RData::DNSSEC(DNSSECRData::SIG(ref rrsig)) = *r.rdata() {
rrsig.type_covered() == record.rr_type()
} else {
false
}),
"record type not covered: {:?}",
record
);

3
util/src/get_root_ksks.rs
View File

@ -30,7 +30,6 @@ use clap::{
use trust_dns_client::rr::dnssec::Algorithm;
use trust_dns_proto::rr::dnssec::rdata::DNSSECRData;
use trust_dns_proto::rr::dnssec::rdata::DNSSECRecordType;
use trust_dns_proto::rr::record_data::RData;
use trust_dns_proto::rr::record_type::RecordType;
use trust_dns_resolver::Resolver;
@ -47,7 +46,7 @@ pub fn main() {
println!("querying for root key-signing-keys, ie dnskeys");
let resolver = Resolver::default().expect("could not create resolver");
let lookup = resolver
.lookup(".", RecordType::DNSSEC(DNSSECRecordType::DNSKEY))
.lookup(".", RecordType::DNSKEY)
.expect("query failed");
for r in lookup.iter() {