Add EDNS0 and DNSSEC behavior

[BobNovas]

This patch, applied to twisted 11.1.0 in addition to but AFTER the patch in #5453, will add EDNS0 and DNSSEC behavior. EDNS0 behavior includes the ability to specify EDNS0 version (currently only version 0 is defined), the ability to set the DNSSEC OK flag which requests a security aware resolver to respond with DNSSEC records, and the ability to specify a maximum UDP Packet length that the path between this stub resolver and the recursive resolver can handle. This value can be as large as 65535, though smaller values, such as 1492 for WAN or 4096 for LAN or 8192 for local (e.g., 127.0.0.1) are more relevant. DNSSEC behavior includes the ability to receive and decode all the DNSSEC record types, and the ability to decode the AD (Authentic Data) flag. This means that with this patch, twisted.names client resolver can function as a security-aware non-validating stub resolver. In conjunction with a validating recursive resolver such as provided locally (e.g., 127.0.0.1) by dnssec-trigger ( http://nlnetlabs.nl/projects/dnssec-trigger/) or by any comcast resolver, this allows a python client to determine if a name is secure.

[BobNovas]

adds EDNS0 and DNSSEC behavior to twisted (requires 5453)

[thijs]

Thanks for the patch BobNovas. Unfortunately it seems something went wrong during the upload of the patch, possibly due to the filename (space between add and edns0). Could you upload a new version of the patch (with a better filename)?

[BobNovas]

patch for ticket 5454

[BobNovas]

Here's a new version of the patch. I reviewed the patch, combined 5453 into this patch and added some tests and in general cleaned it up. This patch should sufficient to add EDNS0 behavior and DNSSEC classes and records for DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM and RRSIG DNS records and EDNS0 behavior.

[thijs]

Thanks for the patch. Could you also update the  howto with the new features you introduced (in 12.1)? Also check out the  coding standard document. This also needs a NEWS file.

[BobNovas]

patch for ticket 5454

[BobNovas]

Added News, howto, example and tweaked for standards.

[habnabit]

This patch still does not conform to the coding standards. There's  http://twistedmatrix.com/documents/current/core/development/policy/coding-standard.html as well as  http://www.python.org/dev/peps/pep-0008/; please note that the twisted standard takes precedence over PEP 8. You can ask (on trac or on IRC) if you have questions.

An incomplete list of specific complaints from the standard (please read the docs linked above):

1. This wasn't explained thoroughly, but NEWS is automatically generated. http://twistedmatrix.com/trac/wiki/ReviewProcess#Newsfiles explains about these files. Patches modifying NEWS directly won't be accepted.
2. All trailing whitespace must be removed.
3. All spaces immediately proceding ( and preceding ) must be removed. i.e. ( foo ) becomes (foo).
4. Operators must have exactly one space immediately preceding and proceding them. i.e. foo |bar becomes foo | bar.
5. Methods must be separated with two blank lines; top-level things (i.e. classes and functions) must be separated with three blank lines.
6. #ivar dnssecConfig should be @ivar dnssecConfig:.

Some other issues with the code unrelated to the coding standards:

1. What is the point of t.names.ser_num_arith.SNA having both le and __le__ methods for all the comparators?
2. assert is not for validating user input or isinstance checks; it is for invariants. Most places you have assert, it's either not necessary or should be replaced with an if ...: raise TypeError(...) or raise ValueError.
3. Every usage of staticmethod is incorrect.
   1. OPTHeader.factory (which is a bad name for the method anyway) should be a classmethod.
   2. SNA.max should be a function in the module.
   3. DateSNA.from{Int,SNA} should be classmethods.
4. You still have some lines over 79 characters long. Strings can be wrapped using parentheses like so:

   foo = ("some long string which gets"
          "wrapped over multiple lines")
   

Thanks for your contribution, though!

[BobNovas]

replaces V02 file of similar name

[BobNovas]

addressed habnabit's comments.

[thijs]

Thanks for the update.

• There should be space before a comment:

  # if dnssecOk is enabled,
  

• all new public methods and classes should have an @since: 12.1 marker
• twisted.names.common.DnssecConfig
  • use @ivar and @type instead of declaring it with indentation
  • references to code in docstrings should be wrapped in L{ednsEnabled}
• RFCs should be linked in the docstring, like:

   - U{RFC 4033: DNS Security Introduction and Requirements<http://www.ietf.org/rfc/rfc4033.txt>}
  

• Use """ instead of ''' in docstrings, also put them on 3 lines:

  """
  Define the less than operator.
  """
  

• twisted/names/topfiles/5454.feature should be a file that only includes the description of the changes, not the version/date header etc. See ReviewProcess#Newsfiles for details.
• One of the docstrings contains your emailaddress, but we try to avoid this because it gets outdated/spammed etc, so use @author: Bob Novas instead.

[itamar]

While matching the coding standard is necessary, there's no point spending too much time on that if e.g. it's on a class that will need some major refactoring. So getting the design right first is more important.

[BobNovas]

addresses tjijs' comments

[exarkun]

This patch is too large. I'm going to try to learn a bit more about EDNS0 and DNSSEC and then find a way to split this into smaller pieces.

[exarkun]

I created EDNS0 with some of the results of my exploration. I haven't gotten into DNSSEC yet, but I think I might have a sufficient understanding of EDNS to reason about this code. I also filed several new tickets with narrow, EDNS-related scopes. They're linked from the wiki page, and represent the units in which I think it makes sense to tackle this work. Next on my todo list is to look at the patch on this ticket and find the parts of it that might resolve those narrower tickets (unless anyone else wants to help out and gets to it before me).