ncruces / go-dns

net.Resolvers with caching, opportunistic encryption, and DoT/DoH
https://pkg.go.dev/github.com/ncruces/go-dns
MIT License
41 stars 8 forks source link

Fix message truncation #2

Closed ncruces closed 4 years ago

ncruces commented 4 years ago

DNS over HTTPS messages can exceed the 512 limit from RFC 1035.

Instead of simply truncating incoming data, maybe return io.ErrShortBuffer (as is done here).

ncruces commented 4 years ago

Alternatively, emulate a TCP connection (for both cache.go and doh.go?), which allows larger messages.

This involves not implementing net.PacketConn, and a few protocol changes.

ncruces commented 4 years ago

Also, ensure server truncated messages (TC bit set) are not cached in cache.go, respecting RFC 1035.

Done.

ncruces commented 4 years ago

Now returning io.ErrShortBuffer, so it doesn't go unnoticed.

But the real fix is to emulate a TCP connection.