New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MessageResponseBuilder::error_msg
does not support all RCODEs
#1203
Comments
This can definitely be improved. It looks like you've identified some ways that you want to improve the situation. Would you be interested in submitting a PR for this? |
Yes, I will take a look at that. The solution should presumably also be applied to |
Oh, it's too bad those are duplicating the logic. Would be nice, if it's not difficult, to combine them. |
Some ResponseCodes have high bits which require EDNS to encode them. This commit updates Message::set_response_code and MessageResponseBuiler::error_msg to silently create a EDNS section if required and sets the high bits there. This also adds a warning to Header::set_response_code that this function cannot set the high bits. Closes hickory-dns#1203 Closes hickory-dns#1207
Some ResponseCodes have high bits which require EDNS to encode them. This commit updates Message::set_response_code and MessageResponseBuiler::error_msg to silently create a EDNS section if required and sets the high bits there. This also adds a warning to Header::set_response_code that this function cannot set the high bits. Closes hickory-dns#1203 Closes hickory-dns#1207
Some ResponseCodes have high bits which require EDNS to encode them. This commit updates Message::set_response_code and MessageResponseBuiler::error_msg to silently create a EDNS section if required and sets the high bits there. This also adds a warning to Header::set_response_code that this function cannot set the high bits. Closes hickory-dns#1203 Closes hickory-dns#1207
Describe the bug
MessageResponseBuilder::error_msg
allows to construct a response message with a given response code. The implementation fails to set the EDNS options if the response code requires EDNS.To Reproduce
Steps to reproduce the behavior:
A minimal implementation of
RequestHandler
for theserver
crate:This code should produce a DNS response with the status code
BADVERS
but it does not create a EDNS record, thus it will end up asNOERROR
. The lower 4 bit ofBADVERS
are all 0 which maps to theNOERROR
value.Expected behavior
Silently changing the response code is very bad. I can see two possible solutions here:
This would be the most developer friendly solution. If a EDNS record already exists it simply sets the high bits. This could lead to a situation where the server response with a EDNS record even if the client didn't specify EDNS support. But these "extended" response codes only make sense in the presence of EDNS.
Result<_, _>
.One problem with both solutions is that
MessageResponse::set_edns
allows to overwrite the EDNS record of the response after setting the correct response code bits. This again could silently alter the intended response code.Version:
Crate: server
Version: 0.20.0-alpha.1 and main
Additional context
The same problem is also present in
trust_dns_server::authority::Catalog
(0.20.0-alpha.1 and main).https://github.com/bluejekyll/trust-dns/blob/48f625ad0de450329fcf628db779b21ae6eddfda/crates/server/src/authority/catalog.rs#L94-L124
Here the problem is not related to the use of
error_msg
, but the code implements the behavior manually and forgets to set the high response code in the EDNS record.The documentation for
Header::set_response_code
hints that it does not support all response codes. The documentation could be improved with a link toEDNS
and a small example how to properly set any response code.The text was updated successfully, but these errors were encountered: