[PR #2852] [MERGED] ede-dot-com: Add spaces to regexes used on DS sets #3367

New issue

Closed

opened 2026-03-16 11:39:50 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:39:50 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2852
Author: @divergentdave
Created: 3/14/2025
Status: ✅ Merged
Merged: 3/14/2025
Merged by: @divergentdave

Base: main ← Head: david/harden-ede-dot-com-regexes

📝 Commits (1)

33c2c06 ede-dot-com: Add spaces to regexes used on DS sets

📊 Changes

1 file changed (+8 additions, -8 deletions)

View changed files

📝 conformance/packages/dns-test/src/docker/ede-dot-com/configure_child.sh (+8 -8)

📄 Description

This fixes an intermittent flake in hermetic_ds_reserved_key_algo, etc. The root cause was that the /8 2/ regex was matching both on the key algorithm and digest type fields, as expected, but also the end and start of the two chunks of the digest, with probability 1/256. Some of these substitutions resulted in adding two extra numbers to the digest, and dnssec-signzone would later fail with "bad hex encoding", upon reading a 33-byte digest for a SHA-256 DS record. I spot-checked the DS set for each of these zones and confirmed that the records are still modified as expected.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2852 **Author:** [@divergentdave](https://github.com/divergentdave) **Created:** 3/14/2025 **Status:** ✅ Merged **Merged:** 3/14/2025 **Merged by:** [@divergentdave](https://github.com/divergentdave) **Base:** `main` ← **Head:** `david/harden-ede-dot-com-regexes` --- ### 📝 Commits (1) - [`33c2c06`](https://github.com/hickory-dns/hickory-dns/commit/33c2c06ae028f7747998d2efcb743d52150fe284) ede-dot-com: Add spaces to regexes used on DS sets ### 📊 Changes **1 file changed** (+8 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `conformance/packages/dns-test/src/docker/ede-dot-com/configure_child.sh` (+8 -8) </details> ### 📄 Description This fixes an intermittent flake in `hermetic_ds_reserved_key_algo`, etc. The root cause was that the `/8 2/` regex was matching both on the key algorithm and digest type fields, as expected, but also the end and start of the two chunks of the digest, with probability 1/256. Some of these substitutions resulted in adding two extra numbers to the digest, and `dnssec-signzone` would later fail with "bad hex encoding", upon reading a 33-byte digest for a SHA-256 DS record. I spot-checked the DS set for each of these zones and confirmed that the records are still modified as expected. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>