c-ares

Commit Graph

Author	SHA1	Message	Date
Brad House	9dd78e2f23	URI parser/writer for ares_set_servers_csv()/ares_get_servers_csv() (#882 ) The DNS server format is insufficient for future configurations, such as supporting DNS over TLS (DoT) and DNS over HTTPS (DoH), as well as additional functionality such as domain-specific servers. Already, in the case where different UDP and TCP ports are used, it is impossible to represent in the current format. In order to try to use some standardized format, we are going to define our own URI schemes that should be parse-able by any URI parser. The new scheme will only be used when the configuration cannot otherwise be expressed using the current `ipaddr%iface:port` format, which is the format used as the nameserver configuration in `/etc/resolv.conf`. However, the parser `ares_set_servers_csv()` shall accept the new URI scheme format even when it is not necessary. This PR implements a URI parser and writer and hooks the basic usage into `ares_set_servers_csv()` and `ares_get_servers_csv()` as well as provides updated documentation in the relevant manpages. We will define these URI schemes: * `dns://` - Normal DNS server (UDP + TCP). We need to be careful not to conflict with query params defined in https://datatracker.ietf.org/doc/html/rfc4501 since we'd technically be extending this URI scheme. Port defaults to `53`. * `dns+tls://` - DNS over TLS. Port defaults to `853`. * `dns+https://` - DNS over HTTPS. Port defaults to `443`. We initially will define these query parameters (additional arguments may be required in the future to specify options such as TLS certificate validation rules): * `tcpport` - TCP port to use, only for `dns://` scheme. The `port` specified as part of the `authority` component of the URI will be used for both UDP and TCP by default, this option will override the TCP port. * `ipaddr` - Only for `dns+tls://` and `dns+https://`. If the `authority` component of the URI contains a hostname, this is used to specify the ip address of the hostname. If not specified, will need to use a non-secure server to perform a DNS lookup to retrieve this information. It is always recommended to have both the ip address and fully qualified domain name specified. * `hostname` - Only for `dns+tls://` and `dns+https://`. If the `authority` component of the URI contains an ip address, this is used to specify the fully qualified domain name of the server. If not specified, will need to use a non-secure server to perform a DNS reverse lookup to retrieve this information. It is always recommended to have both the ip address and fully qualified domain name specified. * `domain` - If specified, this server is a domain-specific server. Any queries for this domain will be routed to this server. Multiple servers may be tagged with the same domain. Examples: ``` dns://8.8.8.8 dns://[2001:4860:4860::8888] dns://[fe80::b542:84df:1719:65e3%en0] dns://192.168.1.1:55 dns://192.168.1.1?tcpport=1153 dns://10.0.1.1?domain=myvpn.com dns+tls://8.8.8.8?hostname=dns.google dns+tls://one.one.one.one?ipaddr=1.1.1.1 ``` NOTE: While we are defining the scheme for things like domain-specific servers, DNS over TLS and DNS over HTTPS, the underlying implementations for those features do not yet exist and therefore will result in errors if they are attempted to be used. ### Non-compliance in implementation All these could be easily implemented/fixed if desired, however any such changes would be of no use to the current c-ares usage of URIs: * Does not currently support relative references * Requires use of the authority section, blank is not allowed * The query string is interpreted to be in [application/x-www-form-urlencoded](https://en.wikipedia.org/wiki/Application/x-www-form-urlencoded) format only and will result in parse errors if it is not. This is the most common format used, however technically not valid to mandate this format is used. We could add flags in the future to treat the query string as opaque and leave it to the user to process. Or we could internally have a list of schemes that use this format. * [IDNA](https://en.wikipedia.org/wiki/Internationalized_domain_name) is not supported. * Does not support hex-encoded IPv4 addresses (this is compliant with RFC3986, but not WHATWG) Authored-By: Brad House (@bradh352)	2 months ago
Brad House	5410a79428	Feature Documentation (FEATURES.md) We have been missing basic documentation on some of the features in c-ares for a while. This document should be used to document any features that need explanation for behavior analysis and how to use said feature. Authored-By: Brad House (@bradh352)	3 months ago
Brad House	538a4866be	Fix RFC1035 link Fixes #861 Reported-By: @kmehltretter82	3 months ago
Brad House	6b230153b7	README.md: reference keyserver that supports identity certifications	4 months ago
Brad House	90a404574c	README.md Document TCP FastOpen is supported	4 months ago
Brad House	2f9805fb61	README.md DNS Cookies are done, no longer in progress	4 months ago
Brad House	67db56c341	whitespace	5 months ago
Brad House	46bf21a702	fix	5 months ago
Brad House	fb60be7436	document some RFCs in use	5 months ago
Brad House	b669c2f323	fix coveralls badge	5 months ago
Brad House	a42a0024a9	no quotes	6 months ago
Brad House	70dfce1269	add verification section	6 months ago
Brad House	68b37e7145	release keys	6 months ago
Brad House	8106efb0a0	kill old wording	6 months ago
Brad House	01d9c4c9c9	grammar	6 months ago
Brad House	3429263560	update base README	6 months ago
Brad House	0fbb5f6b36	branch main	6 months ago
Brad House	440b2c3458	badge should be only main branch	9 months ago
Brad House	05ae45e8e3	put logo in readme	9 months ago
Gregor Jasny	78b61327fd	Fix minor warnings and documentation typos (#666 ) Build warnings could be seen [here](https://buildd.debian.org/status/fetch.php?pkg=c-ares&arch=arm64&ver=1.24.0-1&stamp=1702826366&raw=0) [origin](https://buildd.debian.org/status/package.php?p=c-ares) Fix By: Gregor Jasny (@gjasny)	11 months ago
Brad House	0ef0f6b600	new badges	1 year ago
Brad House	77e6a39b89	fix grammar	1 year ago
Brad House	adc9ff0acd	fix README.md	1 year ago
bradh352	49f1b1a48d	fix coveralls link	3 years ago
bradh352	9bcdb6aec0	replace Travis badge with Cirrus-CI badge	3 years ago
Daniel Stenberg	04d2f06011	domain: update to use c-ares.org Closes #423	3 years ago
Daniel Stenberg	509f2a00f1	mailing list: moved to lists.haxx.se	3 years ago
Daniel Stenberg	b039ecc87d	README.md: use https:// links	3 years ago
Fionn Fitzmaurice	6d6cd5daf6	Avoid buffer overflow in RC4 loop comparison (#336 ) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)	4 years ago

29 Commits (e0409fb01f34596124a89c74d7723b5101ba571a)