Closed robinlandstrom closed 1 year ago
Robin - thanks for pointing this out - I hadn't spotted rfc3597. I didn't have a lot of time today but I have pushed initial support for this. Need to tidy this up a bit and add some tests but just wanted to check whether this works for you (I have tested against the 'oilpro.ch TYPE65534' query which now works but haven't tested any further)
# python3 -mdnslib.client oilpro.ch TYPE65534
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64272
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;oilpro.ch. IN TYPE65534
;; ANSWER SECTION:
oilpro.ch. 0 IN TYPE65534 \# 5 0DD5C60001
oilpro.ch. 0 IN TYPE65534 \# 5 0D2A680001
Thanks Paul, absolutely works for me. The changes look good.
Last version on master (a99a458453d52f416300492b551a086f2027a61b) passes the tests I have. When I run a bunch of random traffic through it I no longer see any parse errors related to unsupported RR types 😃
I parsed a bunch of DNS traffic with dnslib and noticed that some NSEC response records contains a TYPE65534 record that causes dnslib to fail.
Example:
TYPE65534 is an internal type used by BIND to keep track of signing, not sure why it shows up in the NSEC data, but it does. https://www.dns.cam.ac.uk/news/2020-04-27-nsdiff.html https://ftp.iij.ad.jp/pub/network/isc/bind9/9.14.6/doc/arm/Bv9ARM.ch04.html
Also possible to query for the TYPE65534 record on the domain
Quick and dirty fix for my needs for decoding the NSEC part
This only helps for unknown types in the type bitmap thou, and only for decoding. Dnslib still fails to parse unknown RR types in general
A better solution would probably be to implement support for RFC3597: Handling of Unknown DNS Resource Record (RR) Types
Most of the parts needed seems to already be available in the RR and RD base classes.
@paulc Would a PR with necessary updates to RR, RD and the Bimap be interesting if I decide to take a look at it?