| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
In python 3.12, "in" for enums tests values as well, so something
like "12345 in dns.rdatatype.RdataType" will now return True. This
broke some logic guarding against registering a known-but-unimplmemented
type code point with a class that didn't have the right name. We now
just give up on this test as it will never be a real problem. We change
a few related tests to be more sensible.
|
| |
|
|
|
|
|
|
|
|
| |
The NSEC3 next name field is defined as base32 with no padding, but the
code was doing base32 decoding with padding. This wouldn't have any
effect in the normal case, since the only defined NSEC3 hashing
algorithm is SHA1, and that generates a 160 bit hash that doesn't
require padding when encoded in base32.
This change removes generated padding after encode, rejects padded input
on decode, and adds necessary padding for decode.
|
| | |
|
| |
|
| |
* Add basic DDR support.
|
| |
|
|
|
|
|
|
|
|
|
| |
* Improve get_rrset/find_rrset API.
This allows most of the parameters to be specified as strings, matching
the interface for dns.message.make_query().
* Remove unneeded "the_section".
There's no need to use a separate internal variable for the section;
mypy doesn't complain about reuse.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* first cut at NSEC support
* use transactions, fix delegations
* rename to add_nsec_to_zone
* optimize NSEC generation
* split out function to get all secure names (could be useful for NSEC3 later)
* add `Bitmap.from_rdtypes()` and add missing typing
* more typing
* add missing import
* add more typing
* fix tok type
* remove _get_secure_names, optimize
* better zone testing (compare as text)
add test example with delegation below other delegation
* include NSEC itself in the bitmap
* lint
* Add names iteration to transactions via iterate_names().
Also make rdataset iteration more obvious by adding an
explicit iterate_rdatasets() API.
* use iterate_names()
* typo
* black
* use single iteration
* better type fix
* add optional transaction to add_nsec_to_zone
* idea for zone signer
* do not sign RRSIGs
* fix signer
* correctly sign DS
* simplify
* simplify by passing rrset to signer
* fix typing
* nit
* add DS
* add more test
* rewrite zone signer
* compact
* simplify
* make easier to read
* bring back rrset_signer
* move default RRset signer
* more
* more
* prettier context handling (mypy issue pending)
* make NSEC zone signer less complex
* update
* fix txn, sign as defined by SEP
* docs
* add back missing dnskey_include
* rename dnskey_include to add_dnskey
* check KSK/ZSK key tags in signed zone
---------
Co-authored-by: Bob Halley <halley@dnspython.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change:
Allows resolution hostnames in URLs using dnspython's resolver
or via a bootstrap address, without rewriting URLs.
Adds full support for source addresses and ports to
httpx, except for asyncio I/O where only the source address
can be specified.
Removes support for requests.
|
| |
|
|
| |
Also make rdataset iteration more obvious by adding an
explicit iterate_rdatasets() API.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Add dns.resolver.resolve_name().
* Add missing type annotations.
* Add async resolve_name().
* Replace List[Answer] with HostAnswers.
* Switch addresses_and_families() tuple order
* Fix comment.
|
| |
|
|
|
| |
OpenSSL 3 with the FIPS 140-3 module, as the module will not
generate keys with a "q" size that is representable in DNSSEC.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Resolver "nameserver" object support.
This turns the list of nameserver strings in the resolver into a tuple
of nameserver objects, which abstract away making queries to a
nameserver of a given type.
The resolver's legacy nameserver list is "enriched" into a tuple of
nameserver objects whenever it is set. Note that you cannot mutate
the object other than by setting,
e.g. res.nameservers.append("1.2.3.4") will not work.
Error message accumulation has been updated to refer to the
nameservers using a descriptive text form.
* doco fix
* more doco fixes
* do enrichment at Resolution time
* require a later mypy, fix type issues
* add nameserver doc
|
| |
|
|
|
|
|
|
|
|
|
| |
Add CDS and CDNSKEY utilities:
make_cdnskey()
make_cds()
make_ds_rdataset()
cds_rdataset_to_ds_rdataset()
dnskey_rdataset_to_cds_rdataset()
dnskey_rdataset_to_cdnskey_rdataset()
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* first cut at key_to_dnskey
* update docs
* typo
* use real test vectors for DNSKEY
* comment
* split
* add test for large exponent size
* rename to make_dnskey
* no default algorithm
* rename and add comment
* split out function to create rrsig signature data
* docs
* add type for public key
* more typing
* make RSA exponent key test easier to read
* work in progress for dns.dnssec.sign
* better docs
* docs
* simplify
* add test with RSASHA1
* initial support for DSA
* update docs
* clean up DSA, t still not clear
* allow inception/expiration to be specified as datetime, string, float or in
* allow rrset to be specified as a tuple
* calculate dsa_t
* reformat
* more rrset tuple fixes
* support DSA
* improve exception handling
* fix return type error
* fix typing issue to silence mypy
* make test case more verbose
* ensure UTC and use sigtime_to_posixtime to convert text to timestamp
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
When reading a zone from a zonefile, the `$GENERATE` resolution now not
only supports decimal but also octal, hexadecimal and nibbles.
When using nibbles with an even width, the generated index may end with
a dot, and alone is interpreted as a absolute name. This behaviour is
consistent with bind, but may cause these records to be dropped by the
subdomain-check in `zonefile.py:398` (see also the `h.*` labels in the
testcase that are missing from the result).
|
| |\
| |
| | |
Fix dns.rdatatype special cases.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prior to this change, there was logic in dns.rdatatype.from_text() and
to_text() to deal with types not handled by the RdataType enum;
specifically, the NSAP-PTR type (the enum value has a different name,
because of the hyphen) and user-registered types.
This was fine when internal code called these methods, but most callers
of from_text() were converted to dns.rdatatype.RdataType.make(), which
supports both integer and text input, and it doesn't handle the special
cases.
This change adds more hooks into the enum wrapper and moves the special
case handling for RdataType into them.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Wrap long lines
|
| | |/
| |
| |
| |
| |
| | |
Make flake8 and pylint happy by wrapping the long lines.
Signed-off-by: Benjamin Drung <bdrung@ubuntu.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Support skipping all test cases that access the Internet by setting the
environment variable `NO_INTERNET`. This is useful to make the test run
reproducible and robust for future runs (to avoid breaking in case some
random service on the Internet changes).
Signed-off-by: Benjamin Drung <bdrung@ubuntu.com>
|
| |/
|
|
|
|
| |
Introduce `tests.util.is_internet_reachable` to avoid duplicate code.
Signed-off-by: Benjamin Drung <bdrung@ubuntu.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
We still have to add AsyncExitStacks, and this requires making
the associated socket wrappers async context managers.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
