Conversation
Notices
-
Embed this notice
your new favourite fungus (duponin@udongein.xyz)'s status on Thursday, 10-Aug-2023 16:27:44 JST your new favourite fungus I know how to have fun during my morning #dns -
Embed this notice
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Thursday, 10-Aug-2023 16:27:37 JST Stéphane Bortzmeyer @duponin @pmevzek I tend to have a different assessment of DNS complexity: parsing is the easy part (and so the fact that it is in binary does not really matter).Complexity is in the dance between servers.
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
your new favourite fungus (duponin@udongein.xyz)'s status on Thursday, 10-Aug-2023 16:27:38 JST your new favourite fungus @pmevzek @bortzmeyer
> But then how can you compare/validate your results
that's the fun part, I don't! :cat_grin:
it's a bit sad that HTTP is easier to test (HTTP/1.1 is text) than DNS :( -
Embed this notice
Patrick Mevzek (pmevzek@framapiaf.org)'s status on Thursday, 10-Aug-2023 16:27:40 JST Patrick Mevzek @duponin @bortzmeyer But then how can you compare/validate your results (from need X to bytes ABCDE...)? With just the RFC? tough luck, there are 1) too many of them for DNS 2) contradictory between themselves or ambiguous at times and 3) just impossible to draw a concise exhaustive view of what is "the DNS". Hence my suggestions to use external existing libraries (at least Python and Go ones are very good DNS wise) to help building you own case. But YMMV.
-
Embed this notice
your new favourite fungus (duponin@udongein.xyz)'s status on Thursday, 10-Aug-2023 16:27:41 JST your new favourite fungus @pmevzek @bortzmeyer my goal wasn't to rely on a library but only an RFC and myself -
Embed this notice
Patrick Mevzek (pmevzek@framapiaf.org)'s status on Thursday, 10-Aug-2023 16:27:42 JST Patrick Mevzek @duponin @bortzmeyer "I can't work out how to make sure the query is well-formed, neither find a validation tool anywhere" That part should be easy. Any good DNS library should have the equivalent of `to_wire/from_wire` methods (they are called like that in DNSPython), which allows to either pass a buffer of bytes as captured in theory from network and see how they are parsed, or the opposite.
-
Embed this notice
your new favourite fungus (duponin@udongein.xyz)'s status on Thursday, 10-Aug-2023 16:27:43 JST your new favourite fungus I can't work out how to make sure the query is well-formed, neither find a validation tool anywhere
that will be for another day, sorry @bortzmeyer -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 10-Aug-2023 16:30:37 JST Haelwenn /элвэн/ :triskell: @duponin @pmevzek @bortzmeyer Tried to hunt for a testsuite in existing dns software?
Otherwise well wireshark is a thing to inspect traffic (which you'd also need for text-based protocols). -
Embed this notice
Patrick Mevzek (pmevzek@framapiaf.org)'s status on Friday, 11-Aug-2023 09:22:19 JST Patrick Mevzek @lanodan @bortzmeyer @duponin All nameservers have test suites . There is https://github.com/dns-violations/dns-violations/ that can give list of edge cases/common problems. There are tools to parse and replay DNS packets and more at https://www.dns-oarc.net/oarc/software (see dnscap, dnsjit, drool, bad-packets projects)
Haelwenn /элвэн/ :triskell: likes this.
-
Embed this notice