internetstandards / Internet.nl

Internet standards compliance test suite
https://internet.nl
179 stars 38 forks source link

Switch to simple stub resolver for DNS lookups #1378

Open mxsasha opened 8 months ago

mxsasha commented 8 months ago

We currently integrate libunbound to run unbound queries from our own code. This adds unnecessarily complexity in the app, and has caused issues like #1376 and confusion like #1340. Now that we have a properly managed validating and non-validating resolver, as part of our code repository, we should switch to using a simple stub resolver in our code.

The obvious choice is dnspython which we already use for other things. It supports EDE, as mentioned in this historical context of our unbound integration.

bwbroersma commented 8 months ago

That would also the magic value of internet.nl here: https://github.com/internetstandards/Internet.nl/blob/eaa9ea35a830f47a3bd65684e74cdc455e5a0d01/interface/views/shared.py#L58-L59

gthess commented 8 months ago

As per my comment on https://github.com/internetstandards/Internet.nl/issues/1358#issuecomment-2039322856

If all the contexts will be replaced by a stub, the stub needs to make sure to activate the CD flag (Checking Disabled) on its queries so that it gets also the bogus data back for other tests to work (like the prechecks and the mail auth test). The AD flag on the response would indicate if DNSSEC validation succeeded or failed.