[PR #2753] [MERGED] Fix RFC 6975 behavior #3292

Closed
opened 2026-03-16 11:35:46 +03:00 by kerem · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2753
Author: @divergentdave
Created: 2/7/2025
Status: Merged
Merged: 2/8/2025
Merged by: @divergentdave

Base: mainHead: david/remove-algorithm-filtering


📝 Commits (5)

  • 45d4ee6 Stop filtering RRSIGs based on DAU option
  • 4e10b97 Don't use signature algorithm values in DHU option
  • 6d1f31e Use is_supported when constructing DAU option
  • fa94974 Add RSASHA512 to DAU
  • 83ec1b9 Remove support for DHU and N3U options

📊 Changes

14 files changed (+80 additions, -316 deletions)

View changed files

📝 bin/tests/integration/authority_battery/dnssec.rs (+19 -80)
📝 bin/tests/integration/authority_battery/dynamic_update.rs (+1 -1)
📝 bin/tests/integration/named_test_rsa_dnssec.rs (+2 -8)
📝 bin/tests/integration/server_harness/mod.rs (+2 -24)
📝 bin/tests/integration/server_harness/mut_message_client.rs (+2 -4)
📝 crates/proto/src/dnssec/supported_algorithm.rs (+1 -1)
📝 crates/proto/src/op/edns.rs (+11 -9)
📝 crates/proto/src/rr/rdata/opt.rs (+4 -28)
📝 crates/proto/src/rr/rr_set.rs (+18 -86)
📝 crates/server/src/authority/auth_lookup.rs (+4 -6)
📝 crates/server/src/authority/authority.rs (+7 -37)
📝 crates/server/src/authority/catalog.rs (+2 -17)
📝 crates/server/src/store/in_memory/authority.rs (+3 -3)
📝 tests/integration-tests/tests/integration/sqlite_authority_tests.rs (+4 -12)

📄 Description

This fixes #2638 and makes some related improvements. RRSIG filtering behavior is removed. The DHU option is no longer emitted, because we were previously sending signature algorithm numbers in this option. The EdnsOption::DHU and EdnsOption::N3U are removed, because they currently use a bit field that is specialized for signature algorithm numbers. RSASHA512 is added to outgoing DAU options.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2753 **Author:** [@divergentdave](https://github.com/divergentdave) **Created:** 2/7/2025 **Status:** ✅ Merged **Merged:** 2/8/2025 **Merged by:** [@divergentdave](https://github.com/divergentdave) **Base:** `main` ← **Head:** `david/remove-algorithm-filtering` --- ### 📝 Commits (5) - [`45d4ee6`](https://github.com/hickory-dns/hickory-dns/commit/45d4ee65b0a7fb7927e9161b3e9fe92e17ba7d7a) Stop filtering RRSIGs based on DAU option - [`4e10b97`](https://github.com/hickory-dns/hickory-dns/commit/4e10b97a2c699e06887081a81f343814162f0960) Don't use signature algorithm values in DHU option - [`6d1f31e`](https://github.com/hickory-dns/hickory-dns/commit/6d1f31eaff63db10694ab831a66c105ee230505a) Use is_supported when constructing DAU option - [`fa94974`](https://github.com/hickory-dns/hickory-dns/commit/fa949740e79ae3d53319f2f802fc61cd50e8e771) Add RSASHA512 to DAU - [`83ec1b9`](https://github.com/hickory-dns/hickory-dns/commit/83ec1b99d176cce8ed61a455aa94120b20dfc04b) Remove support for DHU and N3U options ### 📊 Changes **14 files changed** (+80 additions, -316 deletions) <details> <summary>View changed files</summary> 📝 `bin/tests/integration/authority_battery/dnssec.rs` (+19 -80) 📝 `bin/tests/integration/authority_battery/dynamic_update.rs` (+1 -1) 📝 `bin/tests/integration/named_test_rsa_dnssec.rs` (+2 -8) 📝 `bin/tests/integration/server_harness/mod.rs` (+2 -24) 📝 `bin/tests/integration/server_harness/mut_message_client.rs` (+2 -4) 📝 `crates/proto/src/dnssec/supported_algorithm.rs` (+1 -1) 📝 `crates/proto/src/op/edns.rs` (+11 -9) 📝 `crates/proto/src/rr/rdata/opt.rs` (+4 -28) 📝 `crates/proto/src/rr/rr_set.rs` (+18 -86) 📝 `crates/server/src/authority/auth_lookup.rs` (+4 -6) 📝 `crates/server/src/authority/authority.rs` (+7 -37) 📝 `crates/server/src/authority/catalog.rs` (+2 -17) 📝 `crates/server/src/store/in_memory/authority.rs` (+3 -3) 📝 `tests/integration-tests/tests/integration/sqlite_authority_tests.rs` (+4 -12) </details> ### 📄 Description This fixes #2638 and makes some related improvements. RRSIG filtering behavior is removed. The DHU option is no longer emitted, because we were previously sending signature algorithm numbers in this option. The `EdnsOption::DHU` and `EdnsOption::N3U` are removed, because they currently use a bit field that is specialized for signature algorithm numbers. RSASHA512 is added to outgoing DAU options. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-16 11:35:46 +03:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#3292
No description provided.