Opened 3 years ago

Last modified 3 years ago

#6665 enhancement new

Implement dns.Record_RRSIG record class

Reported by: Richard Wall Owned by: Richard Wall
Priority: normal Milestone: DNSSEC_Client
Component: names Keywords:
Cc: Branch: branches/rrsig-record-6665-2
branch-diff, diff-cov, branch-cov, buildbot
Author: rwall

Description

Implement only the RRSIG record type and tests.

Add an example RRSIG record to

  • source:trunk/doc/names/howto/listings/names/example-domain.com

Build upon one of the implementations attached to #4610 and #5454 or combine the two.

#5454 includes a new RRSIG lookup method. That can be deferred to another ticket.

#4610 includes extra methods for validation of signatures. That can also be deferred to another ticket.

See:

wiki:EDNS0#NewDNSSECRecordsandLookupMethods #5454 #4610

https://tools.ietf.org/html/rfc4034#section-2

Change History (10)

comment:1 Changed 3 years ago by Vincent Nys

Owner: set to Vincent Nys
Status: newassigned

I'd like to take a crack at this. I'm new to Twisted and I'm hoping to familiarize myself with the framework by closing some tickets. I'd appreciate it if someone could check up on my contributions from time to time.

comment:2 in reply to:  1 Changed 3 years ago by Richard Wall

Replying to v_for_vincent:

I'd like to take a crack at this. I'm new to Twisted and I'm hoping to familiarize myself with the framework by closing some tickets. I'd appreciate it if someone could check up on my contributions from time to time.

Great. I've been working on the EDNS(0) and DNSSEC things lately and your help will be greatly appreciated.

Take a look at #6664 first which will give you an idea of what needs changing.

You'll need to take what was contributed by BobNovas in #5454 and extract just the rrsig record part. Then add more tests and documentation.

I've already separated out the Serial Number Arithmetic parts in #6672 - so take a look at that branch too because I think it will be needed to complete this RRSIG ticket.

Also see wiki:EDNS0 for the rough plan of action.

I'm rwall in #twisted and #twisted-dev if you want to discuss.

comment:3 Changed 3 years ago by Richard Wall

Author: rwall
Branch: branches/rrsig-record-6665

(In [40138]) Branching to 'rrsig-record-6665'

comment:4 Changed 3 years ago by Richard Wall

Milestone: DNSSEC: Security Aware, Validating Client

comment:5 Changed 3 years ago by Richard Wall

Owner: changed from Vincent Nys to Richard Wall
Status: assignednew

comment:6 Changed 3 years ago by Richard Wall

Status: newassigned

comment:7 Changed 3 years ago by Richard Wall

Branch: branches/rrsig-record-6665branches/rrsig-record-6665-2

(In [40814]) Branching to 'rrsig-record-6665-2'

comment:8 Changed 3 years ago by Richard Wall

Keywords: review added
Owner: Richard Wall deleted
Status: assignednew

Ready for review in log:branches/rrsig-record-6665

  • Duplicated most of the stuff I've done for #6664
  • I've only implemented the fields and encoding / decoding parts
  • Whatever changes come up when #6664 gets reviewed and merged, I'll apply here too.

Build Results:

comment:9 Changed 3 years ago by Glyph

Keywords: review removed
Owner: set to Richard Wall

Hi rwall, very sorry to bounce this back to you, especially after 3 months, but do you think you could merge forward and clean up the conflicts so the buildbot can deal with this properly?

In the meanwhile here are some other comments:

  1. twisted.names.client.lookupRRSIG needs a docstring.
  2. The links are good, but a little bit of background on what an RRSIG record is wouldn't hurt.
  3. Just a minor nitpick, I think the test names that are test_isomethingInterface should just be test_somethingInterface; the I prefix just means Interface after all.

Otherwise, given my somewhat limited understanding of what RRSIG is and does, this looks pretty good. What exactly is the "duplication" with #6664?

comment:10 Changed 3 years ago by Richard Wall

(In [41756]) Merge serial-number-arithmetic-6672

Author: BobNovas, rwall Reviewers: exarkun, glyph Fixes: #6672 Refs: #5454, #6665

A private Serial Number Arithmetic module for manipulating Serial Numbers defined in RFC1982. This will be used for comparison of DNS zone serial numbers and RRSIG inception dates.

Note: See TracTickets for help on using tickets.