mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
345d16cc50
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: https://github.com/nodejs/node/pull/50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: https://github.com/nodejs/node/issues/50741 Refs: https://github.com/nodejs/node/issues/50444
70 lines
1.8 KiB
JavaScript
70 lines
1.8 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
const dnstools = require('../common/dns');
|
|
const dns = require('dns');
|
|
const assert = require('assert');
|
|
const dgram = require('dgram');
|
|
const dnsPromises = dns.promises;
|
|
|
|
const answers = [
|
|
{ type: 'A', address: '1.2.3.4', ttl: 123 },
|
|
{ type: 'AAAA', address: '::42', ttl: 123 },
|
|
{ type: 'MX', priority: 42, exchange: 'foobar.com', ttl: 124 },
|
|
{ type: 'NS', value: 'foobar.org', ttl: 457 },
|
|
{ type: 'TXT', entries: [ 'v=spf1 ~all xyz\0foo' ] },
|
|
{ type: 'PTR', value: 'baz.org', ttl: 987 },
|
|
{
|
|
type: 'SOA',
|
|
nsname: 'ns1.example.com',
|
|
hostmaster: 'admin.example.com',
|
|
serial: 156696742,
|
|
refresh: 900,
|
|
retry: 900,
|
|
expire: 1800,
|
|
minttl: 60
|
|
},
|
|
{
|
|
type: 'CAA',
|
|
critical: 128,
|
|
issue: 'platynum.ch'
|
|
},
|
|
];
|
|
|
|
const server = dgram.createSocket('udp4');
|
|
|
|
server.on('message', common.mustCall((msg, { address, port }) => {
|
|
const parsed = dnstools.parseDNSPacket(msg);
|
|
const domain = parsed.questions[0].domain;
|
|
assert.strictEqual(domain, 'example.org');
|
|
|
|
server.send(dnstools.writeDNSPacket({
|
|
id: parsed.id,
|
|
questions: parsed.questions,
|
|
answers: answers.map((answer) => Object.assign({ domain }, answer)),
|
|
}), port, address);
|
|
}, 2));
|
|
|
|
server.bind(0, common.mustCall(async () => {
|
|
const address = server.address();
|
|
dns.setServers([`127.0.0.1:${address.port}`]);
|
|
|
|
validateResults(await dnsPromises.resolveAny('example.org'));
|
|
|
|
dns.resolveAny('example.org', common.mustSucceed((res) => {
|
|
validateResults(res);
|
|
server.close();
|
|
}));
|
|
}));
|
|
|
|
function validateResults(res) {
|
|
// TTL values are only provided for A and AAAA entries.
|
|
assert.deepStrictEqual(res.map(maybeRedactTTL), answers.map(maybeRedactTTL));
|
|
}
|
|
|
|
function maybeRedactTTL(r) {
|
|
const ret = { ...r };
|
|
if (!['A', 'AAAA'].includes(r.type))
|
|
delete ret.ttl;
|
|
return ret;
|
|
}
|