Conversation

Notices

1. Embed this notice
   your new favourite fungus (duponin@udongein.xyz)'s status on Thursday, 10-Aug-2023 16:27:44 JST your new favourite fungus
   I know how to have fun during my morning #dns
   • Embed this notice
     Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Thursday, 10-Aug-2023 16:27:37 JST Stéphane Bortzmeyer

     in reply to

     • Patrick Mevzek

     @duponin @pmevzek I tend to have a different assessment of DNS complexity: parsing is the easy part (and so the fact that it is in binary does not really matter).Complexity is in the dance between servers.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     your new favourite fungus (duponin@udongein.xyz)'s status on Thursday, 10-Aug-2023 16:27:38 JST your new favourite fungus

     in reply to

     • Stéphane Bortzmeyer
     • Patrick Mevzek
     @pmevzek @bortzmeyer
     > But then how can you compare/validate your results
     that's the fun part, I don't! :cat_grin:
     
     it's a bit sad that HTTP is easier to test (HTTP/1.1 is text) than DNS :(
   • Embed this notice
     Patrick Mevzek (pmevzek@framapiaf.org)'s status on Thursday, 10-Aug-2023 16:27:40 JST Patrick Mevzek

     in reply to

     • Stéphane Bortzmeyer

     @duponin @bortzmeyer But then how can you compare/validate your results (from need X to bytes ABCDE...)? With just the RFC? tough luck, there are 1) too many of them for DNS 2) contradictory between themselves or ambiguous at times and 3) just impossible to draw a concise exhaustive view of what is "the DNS". Hence my suggestions to use external existing libraries (at least Python and Go ones are very good DNS wise) to help building you own case. But YMMV.

   • Embed this notice
     your new favourite fungus (duponin@udongein.xyz)'s status on Thursday, 10-Aug-2023 16:27:41 JST your new favourite fungus

     in reply to

     • Stéphane Bortzmeyer
     • Patrick Mevzek
     @pmevzek @bortzmeyer my goal wasn't to rely on a library but only an RFC and myself
   • Embed this notice
     Patrick Mevzek (pmevzek@framapiaf.org)'s status on Thursday, 10-Aug-2023 16:27:42 JST Patrick Mevzek

     in reply to

     • Stéphane Bortzmeyer

     @duponin @bortzmeyer "I can't work out how to make sure the query is well-formed, neither find a validation tool anywhere" That part should be easy. Any good DNS library should have the equivalent of `to_wire/from_wire` methods (they are called like that in DNSPython), which allows to either pass a buffer of bytes as captured in theory from network and see how they are parsed, or the opposite.

   • Embed this notice
     your new favourite fungus (duponin@udongein.xyz)'s status on Thursday, 10-Aug-2023 16:27:43 JST your new favourite fungus

     in reply to

     • Stéphane Bortzmeyer
     I can't work out how to make sure the query is well-formed, neither find a validation tool anywhere
     that will be for another day, sorry @bortzmeyer
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 10-Aug-2023 16:30:37 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Stéphane Bortzmeyer
     • Patrick Mevzek
     @duponin @pmevzek @bortzmeyer Tried to hunt for a testsuite in existing dns software?
     Otherwise well wireshark is a thing to inspect traffic (which you'd also need for text-based protocols).
   • Embed this notice
     Patrick Mevzek (pmevzek@framapiaf.org)'s status on Friday, 11-Aug-2023 09:22:19 JST Patrick Mevzek

     in reply to

     • Haelwenn /элвэн/ :triskell:
     • Stéphane Bortzmeyer

     @lanodan @bortzmeyer @duponin All nameservers have test suites . There is https://github.com/dns-violations/dns-violations/ that can give list of edge cases/common problems. There are tools to parse and replay DNS packets and more at https://www.dns-oarc.net/oarc/software (see dnscap, dnsjit, drool, bad-packets projects)

     Haelwenn /элвэн/ :triskell: likes this.