Adding DNSSEC-related RRs into inet_res and inet_dns
#8727
Comments
|
Hi @antranigv and thank you for your interest in our DNS resolver library! The development is largely driven by user interest, such as yours, so I will try to guide you. The resolver library is also used by our internal Ericsson customers so it is crucial to not break existing code without very good reason, which places limits on how we can do changes... The Erlang records for DNS records are defined in lib/kernel/src/inet_dns.hrl. Here are also the record names and types defined. Encoding is done in lib/kernel/src/inet_dns.erl. For example the DNSSEC record would certainly be a welcome addition. We can take SSHFP at a later time - it is the first time I hear of it. |
|
Hi Raimo,
Thank you for your guidance! Somehow my eye missed the inet_dns.hrl file. Now that I look at it, it makes total sense.
I will add the DNSSEC resource records and their headers into the DNS library. If there’s interest, I’ll gladly add other records as well, such as SSHFP and whatever else is missing. There’s a cool list on Wikipedia! https://en.wikipedia.org/wiki/List_of_DNS_record_types#Resource_records
Again, thank you and the Erlang team for all your work.
Kind regards,
—
Antranig Vartanian
https://antranigv.am/
PGP Key ID: 0x2D59F21C
… On 28 Aug 2024, at 11:29 AM, Raimo Niskanen ***@***.***> wrote:
Hi @antranigv and thank you for your interest in our DNS resolver library!
The development is largely driven by user interest, such as yours, so I will try to guide you. The resolver library is also used by our internal Ericsson customers so it is crucial to not break existing code without very good reason, which places limits on how we can do changes...
The Erlang records for DNS records are defined in lib/kernel/src/inet_dns.hrl. Here are also the record names and types defined.
Encoding is done in lib/kernel/src/inet_dns.erl. For example the #dns_rr_opt{} and #dns_rr{} records are encoded to wire format by encode_res_section/4 and helper functions such as encode_type/1. Decoding is done by decode_rr_section/5 and helper functions, in particular decode_data/3, decode_type/1 and such.
DNSSEC record would certainly be a welcome addition. We can take SSHFP at a later time - it is the first time I hear of it.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
In the modern world, DNSSEC is everywhere, however, sometimes people don't implement it on their domain, which is why I was trying to create an application, where I pass it a domain and it checks for the
adflag, as well as for DNSSEC-related RR records, such as RRSIG, DS and DNSKEY.Turns out that Erlang/OTP's
inet_resdoes get the RRSIG records ifdnssec_okis set to true andednsis set to 0 inside ofres_option(), however, theadflag is not parsed and the RRSIG records are not recognized. all I see istype: 46.Additionally, There is no way to send a query for the DS and DNSKEY resource records.
In an ideal world, all I need is the
adflag to be parsed (so I can make sure the DNSSEC'd response is validated by the resolver) and that the RRSIG, DS and DNSKEYs are accepted by OTP.I'd like to implement this myself, but opening the ticket here because missed couple of things when I tried to do this :) If you can guide, I'll send a PR directly. I also wanted to confirm that I'm on the right path for adding these features.
Where are the DNS headers defined? I missed that part. There are other DNS RR types, should they be added as well? Such as SSHFP.
Thank you Erlang/OTP team!
The text was updated successfully, but these errors were encountered: