Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add blacklisting log message #1434

Open
wants to merge 30 commits into
base: develop
Choose a base branch
from
Open

Add blacklisting log message #1434

wants to merge 30 commits into from

Conversation

tgreenx
Copy link
Contributor

@tgreenx tgreenx commented Feb 26, 2025

Purpose

This PR proposes to add a new message tag when blacklisting a name server. It is currently not translated.

Note that this PR is based on top of current release-v2024.2 branch which is not yet merged in develop, so the only relevant commit is the last one: c7c9d52. Discard others when reviewing.

Context

N/A

Changes

  • Add message tag BLACKLISTING at the DEBUG level (untranslated)

How to test this PR

Test on a domain with a non-responsive name server, e.g:

$ zonemaster-cli --show-testcase --raw --no-ipv6 --test basic02 --level DEBUG decotyl.fr | grep BLACKLISTING
  11.53 DEBUG    Basic02        BLACKLISTING  ns=ns1.decotyl.fr/104.223.43.167; proto=UDP
  21.55 DEBUG    Basic02        BLACKLISTING  ns=ns1.decotyl.fr/104.223.43.168; proto=UDP
  31.57 DEBUG    Basic02        BLACKLISTING  ns=ns1.decotyl.fr/104.223.43.169; proto=UDP
[ ... ]

bzwitt and others added 30 commits September 25, 2024 08:39
@bzwitt
Adding slovenian translation
594d682
@bzwitt
update sl.po
4fa5796
@huguei
Updating spanish translation for new zonemaster release
aa8c580
@bzwitt
Adding slovenian translation
2c6838c
@bzwitt
update sl.po
81d6aef
@bzwitt
Updated translations
902afdf
@bzwitt
Merge branch 'translation-update' of github.com:bzwitt/zonemaster-eng…
3f35e9e 
…ine into translation-update
@bzwitt
Slovenian translation
c523cd5
@marc-vanderwal
Retain context when chasing aliases
f766418 
When resolving A and AAAA records for a name server name found in an NS
resource record, if that name happens to be an alias, then there is a
chance that we recurse indefinitely.

This happens because when Zonemaster does a follow-up query to try
resolving the alias target, it forgets that it was actually in the
process of resolving the name server name. It will try resolving the
name server name again, hit the alias again, then follow it again until
the heat death of the universe.

This commit ensures that the appropriate context is retained when
chasing an alias. It also modifies the loop detection slightly in order
to act on that previous context. Testing shows that there is no need, in
this particular case, to look at the CNAME chain itself because the
$state->{in_progress} hash contains the same data.
@tgreenx
Fix conditional for DS10_EXPECTED_NSEC_NSEC3_MISSING in DNSSEC10
4a35c55 
- Use a list of queried name servers instead of all name servers, in case any IP protocol is unavailable (or if the IP address has already been processed).
- Add test scenario BAD-SERVERS-BUT-GOOD-NSEC-1
- Update unit test data
@tgreenx
Rework name server blacklisting mechanism to only happen for non-EDNS…
0eca57a 
… SOA queries
@tgreenx
Update or add documentation regarding name server blacklisting
4ad4261
@tgreenx
Remove blacklisting of specific queries in Test Cases
cccb95c 
Now that only non-EDNS SOA queries trigger the name server blacklisting mechanism, those special treatments are no longer needed.
@tgreenx @marc-vanderwal
Apply suggestions from code review
3749eb1 
Co-authored-by: Marc van der Wal <[email protected]>
@marc-vanderwal
Add unit tests for scenario
b737b05 
To ensure that this problem will not happen ever again, I’ve added a
test scenario (currently under review in zonemaster/zonemaster) and
implemented it here.
@marc-vanderwal
Merge pull request zonemaster#1422 from marc-vanderwal/bugfix/zonemas…
e617a27 
…ter#1421

Fix infinite recursion bug when NS record points to CNAME
@tgreenx
Merge pull request zonemaster#1423 from tgreenx/update-blacklisting
1c5ba40 
Update name server blacklisting mechanism
@tgreenx
Merge pull request zonemaster#1415 from tgreenx/fix-dnssec10
fc83715 
Fix in DNSSEC10
@tgreenx
Check for object type in returned values from some TestMethodsV2 methods
1ffc0c3 
Methods 'Zonemaster::Engine::TestMethodsV2::get_{zone,del}_ns_names_and_ips()' can return a mix of Zonemaster::Engine::Nameserver or Zonemaster::Engine::DNSName objects, depending on whether the name could be resolved into an IP address.
Due to a previous oversight, this can cause issues in Test Cases that use them. We can filter Zonemaster::Engine::DNSName objects out since they can't be queried.
@tgreenx
Fix buggy ternary expression with a working alternative
bbc63a5 
Courtesy of @marc-vanderwal - zonemaster#1427 (comment)
@tgreenx
Merge pull request zonemaster#1427 from tgreenx/fix-testcases
1d968fa 
Check for object type in returned values from some TestMethodsV2 methods used in Test Cases
@tgreenx
Correctly set EDNS buffer size through edns_details
f0cac26 
It seems that setting the 'edns_size' parameter to the underlying Zonemaster::LDNS resolver object isn't sufficient when Zonemaster::LDNS::query_with_pkt() is used.
We have to explicitly set it in the given Zonemaster::LDNS::Packet object.
@tgreenx
Update French translation
3a32421
@tgreenx @marc-vanderwal
Apply suggestions from code review
dcee055 
Co-authored-by: Marc van der Wal <[email protected]>
@tgreenx
Other updates to the French translation
64847f6
@tgreenx
Merge pull request zonemaster#1430 from tgreenx/translation-fr
8158bfc 
Update French translation
@tgreenx
Merge pull request zonemaster#1429 from tgreenx/fix-edns
6f5564f 
Correctly set EDNS buffer size through 'edns_details'
@matsduf
Merge pull request zonemaster#1417 from huguei/es-translate
9abec74 
Updating spanish translation for new zonemaster release
@matsduf
Merge pull request zonemaster#1385 from bzwitt/translation-update
1f1f6cf 
Adds translation to Slovenian
@tgreenx
Add message tag log when blacklisting a name server
c7c9d52
@tgreenx tgreenx added the V-Patch Versioning: The change gives an update of patch in version. label Feb 26, 2025
@tgreenx tgreenx added this to the v2025.1 milestone Feb 26, 2025
marc-vanderwal
marc-vanderwal reviewed Feb 26, 2025
View reviewed changes
Copy link
Contributor

@marc-vanderwal marc-vanderwal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea, and the code in the single relevant commit looks OK. But couldn’t you base the commit on develop instead of release-v2024.2.1 for a cleaner diff?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marc-vanderwal marc-vanderwal marc-vanderwal left review comments

@mattias-p mattias-p Awaiting requested review from mattias-p

@matsduf matsduf Awaiting requested review from matsduf

@tolvmannen tolvmannen Awaiting requested review from tolvmannen

@MichaelTimbert MichaelTimbert Awaiting requested review from MichaelTimbert

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
V-Patch Versioning: The change gives an update of patch in version.
Projects
None yet
Milestone
v2025.1
Development

Successfully merging this pull request may close these issues.
5 participants
@tgreenx @marc-vanderwal @bzwitt @huguei @matsduf