Merge develop branch into master (Engine) #1412
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit makes Engine able to follow CNAMEs when doing recursive lookups. Currently CNAMEs will be followed when all of the following are true: - the response has RCODE "NoError" - the answer section of the response does not contain records of the queried type, but does contain at least one CNAME record for the query name - the answer section of the response does not contain multiple CNAME records with the same owner name - the final target of the CNAME record(s) chain has not been followed before - there are no records of the queried type with owner name as the final target of the CNAME record(s) Three system, debug level messages are created: 'CNAME_LOOP_INNER', 'CNAME_LOOP_OUTER' and 'CNAME_MULTIPLE_FOR_NAME'. Some test cases have been modified to account for this new behavior. Unitary tests have also been updated.
- Move CNAME resolution to a dedicated internal method 'Zonemaster::Engine::Recursor::_resolve_cname()' - Various refactoring (renaming of variables, removal of unneeded code, etc) - Update Test Cases code that relates to CNAME - Add documentation for 'Zonemaster::Engine::Recursor::_resolve_cname()' and 'Zonemaster::Engine::Recursor::_recurse()' - Update unit tests and unit tests data
- Add constants CNAME_MAX_RECORDS and CNAME_MAX_CHAIN_LENGTH - Add message tags CNAME_START, CNAME_RECORDS_TOO_MANY, CNAME_RECORDS_CHAIN_BROKEN, CNAME_CHAIN_TOO_LONG, CNAME_FOLLOWED_IB, CNAME_FOLLOWED_OOB, CNAME_NO_MATCH - Rename message tag CNAME_MULTIPLE_FOR_NAME to CNAME_RECORDS_MULTIPLE_FOR_NAME - Add stopping conditions based on CNAME_MAX_RECORDS and CNAME_MAX_CHAIN_LENGTH - Check that CNAME target is out of zone before making a new recursive lookup for that name - Document further Zonemaster::Engine::Recursor::_recurse() - Update unit tests
- Lower value of constant CNAME_MAX_RECORDS from 10 to 9 - Remove duplicates CNAME RRs - Add message tag CNAME_RECORDS_DUPLICATES - Adjust logging level of some message tags - Refactoring - Update documentation - Update unit tests
- Rename CNAME_FOLLOWED_IB to CNAME_FOLLOWED_IN_ZONE and CNAME_FOLLOWED_OOB to CNAME_FOLLOWED_OUT_OF_ZONE - Update documentation
This profile parameter was deprecated in 2020.1. - Remove code - Remove documentation - Replace unitary tests from "asnroots" to "asn_db.style" and "asn_db.sources"
- Add documentation for "asn_db" - Update documentation for "asn_db.style" and "asn_db.sources"
This commits fixes a functionality that might have never worked before. That is because a NXDOMAIN response is received either when querying a non-existent ASN lookup source or when querying a non-existent name to an existing ASN lookup source. To distinguish between the two cases, the owner name of the SOA resource record in the authority section of the response is inspected. - Update Zonemaster::Engine:ASNLookup->_cymru_asn_lookup() code - Refactoring - Update unit tests for Cymru ASN lookup - Add unit test for RIPE ASN lookup
- Omit TTL and names case in resource record duplicate comparison - Fix condition
The profile module specifies a contract that each profile property must respect. This change makes all properties respect the contract with regard to definedness, default values and hierarchy. To ease upholding certain aspects of the contract the new utility method all_properties() was added. Validation error messages for resolver.source4 and resolver.source6 are clarified regarding the empty string.
Merge develop into master (Engine)
Profile fixes
Signed-off-by: Josh Soref <[email protected]>
Signed-off-by: Josh Soref <[email protected]>
New unit tests for Delegation01, -02 and -03, and legacy tests are removed
Update DNSSEC10 implementation
Due to an oversight in a previous refactoring, all non-DNSSEC DNS queries sent by Zonemaster became
EDNS queries. This commit makes it so that those queries are now non-EDNS queries. Default EDNS0 packet
size values will now be properly used when appropriate, and a new, missing one has been created for DNSSEC.
The caching logic of queries was also impacted.
Simply put, a DNSSEC query using the default EDNS0 packet size of 1232 is made by setting parameter "dnssec"
and/or "edns_details{do}" (the latter has precedence).
For a non-DNSSEC EDNS query, setting parameter "edns_size" and/or "edns_details{size}" (the latter has precedence)
will do the trick, but then it will use the provided value for the EDNS0 packet size. To use the default value of 512,
just set parameter "edns_details" with an empty hash (or non-empty with any of its subkey(s) other than edns_details{do,size})
instead.
- Fix logic related to flags dnssec and edns_size for when to use default values, and also when combined with edns_details
- Fix caching logic when using dnssec and edns_size parameters
- Make combined usage of dnssec with edns_details but without edns_details{do} to correctly set the dnssec (DO) flag
- Removed uneeded code related to resetting flags between queries (- it was already done earlier in the same method)
- Add constant UDP_DNSSEC_QUERY_DEFAULT (set to 1232)
- Rename constant UDP_COMMON_EDNS_LIMIT to UDP_EDNS_COMMON_LIMIT
- Add and update documentation
- Add unit tests
…::Nameserver->query() The maximum value for this parameter, set either by "edns_size" or "edns_details->size", is a 16-bit value, thus it should not exceed 65535. Documentation and unit tests are updated too.
…::Nameserver->query() This parameter, set either by "edns_size" or "edns_details->size", is an unsigned 16-bit value, thus the minimum value should be 0. Documentation and unit tests are updated too.
Use a different query name for each query as to make sure that we do not get a cached response from previous, equivalent queries. This is needed because the tested object is actually the underlying object in the "dns" attribute of the Zonemaster::Engine::Nameserver class, which is only updated by the "_query()" method, and not the "query()" method.
Renamed some constants: - UDP_DNSSEC_QUERY_DEFAULT to EDNS_UDP_PAYLOAD_DNSSEC_DEFAULT - UDP_EDNS_QUERY_DEFAULT to EDNS_UDP_PAYLOAD_DEFAULT - UDP_EDNS_COMMON_LIMIT to EDNS_UDP_PAYLOAD_COMMON_LIMIT
Fix default settings of queries
Running “docker build” on Zonemaster-Engine caused a warning to appear on my test system: 1 warning found (use docker --debug to expand): - FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 1)
Try::Tiny was missing from the run-time container.
…g-deps Add Try::Tiny in zonemaster-cli runtime Docker container
Co-authored-by: tgreenx <[email protected]>
Fix abort condition for undelegated tests in the Basic module
Fixes unit tests so that they do not leak queries
Co-authored-by: Mattias Päivärinta <[email protected]>
Co-authored-by: tgreenx <[email protected]>
Preparation for v2024.2 release (Engine)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
https://github.com/zonemaster/zonemaster/blob/develop/docs/internal/maintenance/ReleaseProcess-release.md#15-merge-develop-branch-into-master
How to test this PR
This PR needs no review.