Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make root hints configurable, take 2 #1134

Merged
merged 23 commits into from
Oct 28, 2022
Merged

Make root hints configurable, take 2 #1134

merged 23 commits into from
Oct 28, 2022

Conversation

mattias-p
Copy link
Member

@mattias-p mattias-p commented Oct 3, 2022
edited
Loading

Purpose

In current code the root hints are hard coded. This PR opens for use cases where private root must be used, see #850. The driving use case for this PR is the possibility to use it for unit tests.

Context

Fixes #850.

This PR is based on and replaces #1132. The main difference is in the approach to APIs.

This PR leverages the existing fake addresses API for programmatic configurability, parses IANA root hints files and leaves application user interface design up to the application.

This PR only extends Engine's programmatic interface. Applications need to be adapted to make use of this new feature. E.g. zonemaster-cli and zonemaster-backend. Those interface changes are made separately.

Changes

  • The fake addresses API in Zonemaster::Engine::Recursor is extended in two ways:
    1. A new remove_fake_addresses() method is added, and
    2. instead of ignoring fake addresses for the root zone, they are used as the root name server addresses.
  • A parser for the IANA root hints file format is added. It was designed for convenient use with add_fake_addresses().
  • The way we store root name server addresses is changed. Instead of keeping them in a custom JSON blob inlined into a Perl module file, they are now stored in a separate named.root file taken directly from IANA.

How to test this PR

  1. Set up a name server with a custom root zone.
  2. Use a version of zonemaster-cli that overrides the root hints like the examples in the documentation of Zonemaster::Engine::Recursor->root_servers.
  3. Start tcpdump and watch for any traffic to the IANA root name servers. (There shouldn't be any.)
  4. Run zonemaster-cli on a zone under your custom root.

It would be super nice to automate this test but that is out of scope for this PR.

matsduf and others added 13 commits September 28, 2022 14:50
@matsduf
Adds a new root hints file
a0dd42a
@matsduf
Updates Recursor.pm to make it possible to adapt the root hints to ot…
f94276d 
…her use cases.

* Removes the hardcoded list of root hints
* Adds a subroutine to read an externa file
@matsduf
Updated Recursor.pm
da380f1 
* Corrected the algorithm to be able to handle file name "0"
* Removed duplcated dot.
@matsduf
Editorial updates after review comments
ff6886c
@mattias-p
Croak at load-time instead of at first call of root_servers()
4bd33bf
@mattias-p
Revert exposure of JSON root hints file in public API
345436c
@mattias-p
Make git ignore vim swap files
dea0816
@mattias-p
Refactor: Clean up orphaned documentation
8e89b08
@mattias-p
Refactor: Sort some imports
974616c
@mattias-p
Refactor: Rename some variables
5aa4222
@mattias-p
Refactor: Be more explicit about class methods
e037501
@mattias-p
Refactor: Store root hints together with fake addresses
b90eff2 
This is a step towards making the root hints overridable using the fake
data interface.
@mattias-p
Feature: Allow overriding root hints
272b548
@mattias-p mattias-p marked this pull request as draft October 3, 2022 12:41
@mattias-p mattias-p added this to the v2022.2 milestone Oct 5, 2022
@mattias-p mattias-p added the T-Feature Type: New feature in software or test case description label Oct 5, 2022
matsduf
matsduf reviewed Oct 7, 2022
View reviewed changes
Copy link
Contributor

@matsduf matsduf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a good suggestion. It is better to use normal hint file format. To utilize this CLI and Backend need to be updated.

@matsduf matsduf mentioned this pull request Oct 7, 2022
Closed
@mattias-p mattias-p marked this pull request as ready for review October 12, 2022 11:10
@mattias-p mattias-p requested review from marc-vanderwal, a user and tgreenx October 12, 2022 11:10
marc-vanderwal
marc-vanderwal reviewed Oct 12, 2022
View reviewed changes
t/util.t Outdated
{
name => 'Forbidden $INCLUDE',
hints => "\n\$INCLUDE /etc/motd",
error => qr//,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could check for the error message in the unit test if the presence of forbidden directives is checked before parsing the file.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. That's better.

lib/Zonemaster/Engine/Util.pm Show resolved Hide resolved
matsduf
matsduf reviewed Oct 14, 2022
View reviewed changes
t/util.t Outdated Show resolved Hide resolved
@mattias-p mattias-p marked this pull request as draft October 14, 2022 13:11
@mattias-p
Copy link
Member Author

I converted this PR back to draft status because I plan to update the test instruction.

@mattias-p mattias-p mentioned this pull request Oct 18, 2022
Merged
@matsduf matsduf mentioned this pull request Oct 19, 2022
Closed
@mattias-p mattias-p marked this pull request as ready for review October 19, 2022 14:48
matsduf
matsduf previously approved these changes Oct 24, 2022
View reviewed changes
@mattias-p
Copy link
Member Author

@mvw-afnic I've made updates for your comments. Do you want to review again?

@marc-vanderwal
Copy link
Contributor

Hi @mattias-p , I saw you replied to my comments but I don’t see any changes since my first review. Did you push to your branch?

marc-vanderwal
marc-vanderwal approved these changes Oct 27, 2022
View reviewed changes
Copy link
Contributor

@marc-vanderwal marc-vanderwal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@mattias-p mattias-p merged commit 4ca9539 into zonemaster:develop Oct 28, 2022
@matsduf matsduf added the V-Minor Versioning: The change gives an update of minor in version. label Oct 28, 2022
@hannaeko hannaeko mentioned this pull request Nov 24, 2022
Merged
@ghost
Copy link

ghost commented Dec 8, 2022

v2022.2 release testing

This works as expected.

However when it comes to deal with wrong files, I encountered several behaviors:

  1. die with only the error message, for instance: Error loading hints file: Forbidden directive $TTL 
    % cat custom.root
$TTL 40
  2. die with context: unable to parse RR string at /usr/local/share/perl5/Net/DNS/ZoneFile.pm line 534.[...] 
    % cat custom.root
nonsensedata
  3. don't die at all: 
    % cat custom.root
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A
A.ROOT-SERVERS.NET.      3600000      AAAA  192.11
A.ROOT-SERVERS.NET.      3600000      AAAA  hello

@matsduf
Copy link
Contributor

matsduf commented Dec 8, 2022

There are sever limitations in the error handling of Net::DNS. It is known. Another alternative would be to write our own verification script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matsduf matsduf matsduf approved these changes

@marc-vanderwal marc-vanderwal marc-vanderwal approved these changes

@hannaeko hannaeko Awaiting requested review from hannaeko

@tgreenx tgreenx Awaiting requested review from tgreenx

Assignees
No one assigned
Labels
T-Feature Type: New feature in software or test case description V-Minor Versioning: The change gives an update of minor in version.
Projects
None yet
Milestone
v2022.2
Development

Successfully merging this pull request may close these issues.
3 participants
@mattias-p @marc-vanderwal @matsduf