On Tue, Nov 22, 2022 at 09:42:28PM +0100, Petr Menšík wrote:
> On 19. 11. 22 0:12, Geert Stappers via Dnsmasq-discuss wrote:
> > On Wed, Nov 16, 2022 at 11:15:08AM +0800, zhangjiangyu via Dnsmasq-discuss
> > wrote:
> > > On Mon, Nov 15, 2022 at 8:15:00PM +0800, Petr Menšík wrote:
> > > > > ...
> > > > But I admit we should add at least the most obvious checks. Would you
> > > > please make the responses in ldns-testns server format, so it would
> > > > be easier to test it? It allows also encoding the body in hex format, so
> > > > invalid responses are broken as well. It would be easier to test the bad
> > > > behaviour and prepare fixes for them. Are those links leading to DNS in
> > > > wire format? It would be simpler to read if pcap with them were used,
> > > > wireshark would visualise those responses well.
> > >
> > > ...
> > >
> > > For ldns-testns, I don't know how to construct the corresponding data
> > > format,
> > A working example, also attached
> > -----8<----8<------8<------------
> > ; ldns-testns data file
> > ;
....
> > SECTION QUESTION
> > cert00.example IN A
> > HEX_ANSWER_BEGIN
> > a5 d5 85 80 00 01 00 01 00 00 00 01
> > 06 63 65 72 74 30 30 ; cert00
> > 07 65 78 61 6d 70 6c 65 ; example
> > 00 00 01 00 01 c0 0c 00 01 00 01 00 01 51 80 00 04
> > c0 00 02 60 ; 192.0.2.96
> > 00 00 29 04 d0 00 00 00 00 00 1c 00
> > 0a 00 18 fc 1c f8 16 de 56 60 db 01 00 00 00 63
> > 71 51 9c a7 41 c7 90 7b 7a 87 c4
> > HEX_ANSWER_END
> > ENTRY_END
> >
> > ;
> > ; Visit https://www.nlnetlabs.nl/documentation/ldns/index.html
> > ; for more information about 'ldns'. It is the project that provides
> > ; the `ldns-testns` executable.
> > ;
> > ; l l
> > -----8<----8<------8<------------
> >
> > > so I can only provide complete dns request and response messages.
> > ;-)
> >
> Created ldns-testns files for all queries. Also contains their body
> responses parsed by dig tool on that.
Thanks, they are added
to https://git.sr.ht/~stappers/cert_check_by_dnsmasq
However: Not yet verified.
When I have seen them working, there will be an attempt to merge to
files into a single ldns-testns-data file. So testing a next request can
be done without the need for stopping ldns-testns and restarting it with
a next response file. It will imply that requests need to differ. The
idea is changing 'cert01.example' in request2 and response2 into
'cert02.example', for request3 and response3 into 'cert03.example'.
> Interesting cases, but I am not sure how much should dnsmasq validate those
> responses. Most of these responses is valid DNS responses. Sure, not what
> client expected or needed, but I doubt we can make reasonable filter on
> dnsmasq side.
In https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016721.html
is it being discussed.
Groeten
Geert Stappers
--
Silence is hard to parse
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
