From 100348f0fcce2dea8692706783d677dd0f2fd00b Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 15 Feb 2025 12:41:37 +0530 Subject: [PATCH] DnsServer: updated ProcessUpdateQueryAsync() to add last modified and comments for the added records. Updated PrepareRecursiveResolveResponse() to fix issue with CD flag case when DO flag is unset. Code refactoring changes done. --- DnsServerCore/Dns/DnsServer.cs | 152 ++++++++++++++------------------- 1 file changed, 66 insertions(+), 86 deletions(-) diff --git a/DnsServerCore/Dns/DnsServer.cs b/DnsServerCore/Dns/DnsServer.cs index 774e5302..3d80ab49 100644 --- a/DnsServerCore/Dns/DnsServer.cs +++ b/DnsServerCore/Dns/DnsServer.cs @@ -1698,6 +1698,10 @@ namespace DnsServerCore.Dns IReadOnlyList existingRRSet = _authZoneManager.GetRecords(zoneInfo.Name, uRecord.Name, uRecord.Type); AddToOriginalRRSets(uRecord.Name, uRecord.Type, existingRRSet); + GenericRecordInfo recordInfo = uRecord.GetAuthGenericRecordInfo(); + recordInfo.LastModified = DateTime.UtcNow; + recordInfo.Comments = "Via Dynamic Updates (RFC 2136)"; + _authZoneManager.SetRecord(zoneInfo.Name, uRecord); } else if (uRecord.Type == DnsResourceRecordType.DNAME) @@ -1705,6 +1709,10 @@ namespace DnsServerCore.Dns IReadOnlyList existingRRSet = _authZoneManager.GetRecords(zoneInfo.Name, uRecord.Name, uRecord.Type); AddToOriginalRRSets(uRecord.Name, uRecord.Type, existingRRSet); + GenericRecordInfo recordInfo = uRecord.GetAuthGenericRecordInfo(); + recordInfo.LastModified = DateTime.UtcNow; + recordInfo.Comments = "Via Dynamic Updates (RFC 2136)"; + _authZoneManager.SetRecord(zoneInfo.Name, uRecord); } else if (uRecord.Type == DnsResourceRecordType.SOA) @@ -1715,6 +1723,10 @@ namespace DnsServerCore.Dns IReadOnlyList existingRRSet = _authZoneManager.GetRecords(zoneInfo.Name, uRecord.Name, uRecord.Type); AddToOriginalRRSets(uRecord.Name, uRecord.Type, existingRRSet); + GenericRecordInfo recordInfo = uRecord.GetAuthGenericRecordInfo(); + recordInfo.LastModified = DateTime.UtcNow; + recordInfo.Comments = "Via Dynamic Updates (RFC 2136)"; + _authZoneManager.SetRecord(zoneInfo.Name, uRecord); } else @@ -1728,6 +1740,10 @@ namespace DnsServerCore.Dns if (uRecord.Type == DnsResourceRecordType.NS) uRecord.SyncGlueRecords(request.Additional); + GenericRecordInfo recordInfo = uRecord.GetAuthGenericRecordInfo(); + recordInfo.LastModified = DateTime.UtcNow; + recordInfo.Comments = "Via Dynamic Updates (RFC 2136)"; + _authZoneManager.AddRecord(zoneInfo.Name, uRecord); } } @@ -3707,10 +3723,14 @@ namespace DnsServerCore.Dns //get a tailored response for the request bool dnssecOk = request.DnssecOk; - if (dnssecOk && request.CheckingDisabled) + if (request.CheckingDisabled) { DnsDatagram cdResponse = resolveResponse.CheckingDisabledResponse; bool authenticData = false; + IReadOnlyList cdAnswer; + IReadOnlyList cdAuthority; + IReadOnlyList cdAdditional = RemoveOPTFromAdditional(cdResponse.Additional, dnssecOk); + EDnsHeaderFlags ednsFlags; if (dnssecOk) { @@ -3740,9 +3760,19 @@ namespace DnsServerCore.Dns } } } + + cdAnswer = cdResponse.Answer; + cdAuthority = cdResponse.Authority; + ednsFlags = EDnsHeaderFlags.DNSSEC_OK; + } + else + { + cdAnswer = FilterDnssecRecords(cdResponse.Answer); + cdAuthority = FilterDnssecRecords(cdResponse.Authority); + ednsFlags = EDnsHeaderFlags.None; } - DnsDatagram finalCdResponse = new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, true, true, authenticData, true, cdResponse.RCODE, request.Question, cdResponse.Answer, cdResponse.Authority, RemoveOPTFromAdditional(cdResponse.Additional, true), _udpPayloadSize, EDnsHeaderFlags.DNSSEC_OK, cdResponse.EDNS?.Options); + DnsDatagram finalCdResponse = new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, true, true, authenticData, true, cdResponse.RCODE, request.Question, cdAnswer, cdAuthority, cdAdditional, _udpPayloadSize, ednsFlags, cdResponse.EDNS?.Options); DnsDatagramMetadata metadata = cdResponse.Metadata; if (metadata is not null) finalCdResponse.SetMetadata(metadata.NameServer, metadata.RoundTripTime); @@ -3971,6 +4001,39 @@ namespace DnsServerCore.Dns } } + private static IReadOnlyList FilterDnssecRecords(IReadOnlyList records) + { + foreach (DnsResourceRecord record1 in records) + { + switch (record1.Type) + { + case DnsResourceRecordType.RRSIG: + case DnsResourceRecordType.NSEC: + case DnsResourceRecordType.NSEC3: + List noDnssecRecords = new List(); + + foreach (DnsResourceRecord record2 in records) + { + switch (record2.Type) + { + case DnsResourceRecordType.RRSIG: + case DnsResourceRecordType.NSEC: + case DnsResourceRecordType.NSEC3: + break; + + default: + noDnssecRecords.Add(record2); + break; + } + } + + return noDnssecRecords; + } + } + + return records; + } + private static IReadOnlyList RemoveOPTFromAdditional(IReadOnlyList additional, bool dnssecOk) { if (additional.Count == 0) @@ -4521,7 +4584,7 @@ namespace DnsServerCore.Dns private async Task StartDoHAsync() { - IReadOnlyList localAddresses = GetValidKestralLocalAddresses(_localEndPoints.Convert(delegate (IPEndPoint ep) { return ep.Address; })); + IReadOnlyList localAddresses = WebUtilities.GetValidKestralLocalAddresses(_localEndPoints.Convert(delegate (IPEndPoint ep) { return ep.Address; })); try { @@ -4668,89 +4731,6 @@ namespace DnsServerCore.Dns } } - internal static IReadOnlyList GetValidKestralLocalAddresses(IReadOnlyList localAddresses) - { - List supportedLocalAddresses = new List(localAddresses.Count); - - foreach (IPAddress localAddress in localAddresses) - { - switch (localAddress.AddressFamily) - { - case AddressFamily.InterNetwork: - if (Socket.OSSupportsIPv4) - { - if (!supportedLocalAddresses.Contains(localAddress)) - supportedLocalAddresses.Add(localAddress); - } - - break; - - case AddressFamily.InterNetworkV6: - if (Socket.OSSupportsIPv6) - { - if (!supportedLocalAddresses.Contains(localAddress)) - supportedLocalAddresses.Add(localAddress); - } - - break; - } - } - - bool containsUnicastAddress = false; - - foreach (IPAddress localAddress in supportedLocalAddresses) - { - if (!localAddress.Equals(IPAddress.Any) && !localAddress.Equals(IPAddress.IPv6Any)) - { - containsUnicastAddress = true; - break; - } - } - - List newLocalAddresses = new List(supportedLocalAddresses.Count); - - if (containsUnicastAddress) - { - //replace any with loopback address - foreach (IPAddress localAddress in supportedLocalAddresses) - { - if (localAddress.Equals(IPAddress.Any)) - { - if (!newLocalAddresses.Contains(IPAddress.Loopback)) - newLocalAddresses.Add(IPAddress.Loopback); - } - else if (localAddress.Equals(IPAddress.IPv6Any)) - { - if (!newLocalAddresses.Contains(IPAddress.IPv6Loopback)) - newLocalAddresses.Add(IPAddress.IPv6Loopback); - } - else - { - if (!newLocalAddresses.Contains(localAddress)) - newLocalAddresses.Add(localAddress); - } - } - } - else - { - //remove "0.0.0.0" if [::] exists - foreach (IPAddress localAddress in supportedLocalAddresses) - { - if (localAddress.Equals(IPAddress.Any)) - { - if (!supportedLocalAddresses.Contains(IPAddress.IPv6Any)) - newLocalAddresses.Add(localAddress); - } - else - { - newLocalAddresses.Add(localAddress); - } - } - } - - return newLocalAddresses; - } - #endregion #region public