profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/bluejekyll/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Benjamin Fry bluejekyll San Francisco, CA https://bluejekyll.github.io/blog C/C++ and Java have led me to Rust

bluejekyll/enum-as-inner 26

Macros for deriving as functions to access Enums as their inner components

bluejekyll/kp-chart 25

Kitchen Patrol job chart

bluejekyll/color-regex 5

Match std input and colorize the output

bluejekyll/etcd-rs 3

native etcd client for rust

bluejekyll/heroku-buildpack-make 1

Makefile buildpack for Heroku

bluejekyll/hyper-proxy 1

A proxy connector for Hyper-based crates

bluejekyll/advisory-db 0

Security advisory database for Rust crates published through crates.io

bluejekyll/base32 0

Base32 encoder/decoder for Rust

bluejekyll/blog 0

blog of Benjamin Fry

pull request commentbluejekyll/trust-dns

correct behavior around trust_nx_responses

Thanks for the review! Is there a plan for when the next alpha release of v0.21.0 will be tagged, or when v0.21.0 itself will come out? We'd like to be able to pull in this change whenever it's included in a release.

I can publish a new release whenever. Is there a date you'd like that?

peterthejohnston

comment created time in a day

PullRequestReviewEvent

Pull request review commentbluejekyll/trust-dns

correct behavior around trust_nx_responses

 fn test_local_mdns() { }  #[test]-fn test_trust_nx_responses_fails_servfail() {+fn test_trust_nx_responses_fails() {     use trust_dns_proto::op::ResponseCode;--    let options = ResolverOpts::default();+    use trust_dns_resolver::error::ResolveErrorKind;      let query = Query::query(Name::from_str("www.example.").unwrap(), RecordType::A); -    let mut servfail_message = message(query.clone(), vec![], vec![], vec![]);-    servfail_message.set_response_code(ResponseCode::ServFail);-    let servfail_message = Ok(servfail_message);--    let v4_record = v4_record(query.name().clone(), Ipv4Addr::new(127, 0, 0, 2));-    let success_msg = message(query.clone(), vec![v4_record], vec![], vec![]);--    let tcp_message = success_msg.clone();-    let udp_message = success_msg;+    let mut nx_message = message(query.clone(), vec![], vec![], vec![]);+    nx_message.set_response_code(ResponseCode::NXDomain); -    // fail the first udp request-    let udp_nameserver = mock_nameserver_trust_nx(-        vec![-            Ok(udp_message.into()),-            servfail_message.clone().map(Into::into),-        ],-        options,-        false,-    );-    let tcp_nameserver = mock_nameserver_trust_nx(-        vec![Err(ResolveError::from("Forced Testing Error"))],-        options,-        false,+    let success_msg = message(+        query.clone(),+        vec![v4_record(query.name().clone(), Ipv4Addr::new(127, 0, 0, 2))],+        vec![],+        vec![],     ); -    let mut pool = mock_nameserver_pool(vec![udp_nameserver], vec![tcp_nameserver], None, options);+    // Fail the first UDP request.+    let fail_nameserver =+        mock_nameserver_trust_nx(vec![Ok(nx_message.into())], ResolverOpts::default(), true);+    let succeed_nameserver =+        mock_nameserver_trust_nx(vec![Ok(success_msg.into())], ResolverOpts::default(), true); -    // lookup on UDP succeeds, any other would fail-    let request = message(query.clone(), vec![], vec![], vec![]);-    let future = pool.send(request).first_answer();--    let response = block_on(future).unwrap();-    assert!(response.response_code() == ResponseCode::ServFail);--    // fail all udp succeed tcp-    let udp_nameserver = mock_nameserver(vec![servfail_message.map(Into::into)], options);-    let tcp_nameserver = mock_nameserver(vec![Ok(tcp_message.into())], options);--    let mut pool = mock_nameserver_pool(vec![udp_nameserver], vec![tcp_nameserver], None, options);+    let mut pool = mock_nameserver_pool(+        vec![fail_nameserver, succeed_nameserver],+        vec![],+        None,+        ResolverOpts::default(),+    ); +    // Lookup on UDP should fail, since we trust nx responses.+    // (If we retried the query with the second name server, we'd see a successful response.)     let request = message(query, vec![], vec![], vec![]);     let future = pool.send(request).first_answer();--    let response = block_on(future).unwrap();-    assert!(response.response_code() == ResponseCode::ServFail);+    let response = block_on(future).expect_err("lookup request should fail with NXDOMAIN");+    match response.kind() {+        ResolveErrorKind::NoRecordsFound { response_code, .. }+            if *response_code == ResponseCode::NXDomain => {}+        kind => panic!(+            "got unexpected kind of resolve error; expected `NoRecordsFound` error with NXDOMAIN,+            got {:#?}",+            kind,+        ),+    } }  #[test] fn test_distrust_nx_responses() {

Is this test totally invalid now?

peterthejohnston

comment created time in a day

issue commentbluejekyll/trust-dns

Should resolver always use source port randomization?

Thanks for the detailed report. I'll try and find some time to read through the netgear threads on this, as they will at least be illuminating.

might it make sense for source port randomization to be configurable (i.e. disable-able) in the trust-dns resolver?

Yes, we can do this. Based on your description though, I think we'd end up wanting to reuse UDP sockets, and not just throw them away after every use. Does Fuchsia reuse ports immediately? I'm assuming not. This would just require a different technique for managing the UDP socket than we do today. I think the server UDP is probably a good guide here.

is it possible that source port randomization is not the default on other systems' DNS resolvers?

Yes, this is possible, but would take a bit of research into glibc/libc implementations on other OSes to see how they do this. I haven't done this. When implementing this for Trust-DNS, my thought was that eventually we'd want to build out the resolver to be capable of full top-down recursive-resolution from the root servers. That's not been done yet, but this is definitely required for that. My quick thoughts here are that for personal devices, src port randomization is probably not as important as other for a full recursive-resolver, but I would think most systems are also not reusing UDP sockets for multiple DNS requests, so even if it's predictable, they would be getting some amount of randomization on the port as well. That is, to reduce the randomization, we would need to reuse UDP sockets, and I'd be interested in knowing if others do that.

That being said there is another option here–to only use TCP, this would (should) reuse the same TCP connection for all DNS resolution if there are a lot happening in succession. In can even be faster if there are a large number of requests going on. Reading your report, I wonder if something about the way the router looks up DNS information sends more requests in quick succession than other, similar, devices.

peterthejohnston

comment created time in 2 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 1d2f59116b6acef26b43d0f24ecc31d23ca7ecc7

cleanup use statements

view details

push time in 4 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 73d8e9b98031af48b3d514f7a2452589eeba4b31

update cangelog for server request logging

view details

Benjamin Fry

commit sha 1d13021450128ce41183000cbf09ab045c29d2f0

cleanup use statements

view details

push time in 4 days

PR opened bluejekyll/trust-dns

Simplify server logging to single logline per request

Fixes: #1525

@williamdes, This PR should help with the above issue. There was a big refactor I needed to do for this, but we should see a single logline on requests example:

1632165134.315584:INFO:trust_dns_server::server::server_future:651:request:1837 src:UDP://127.0.0.1#52175 QUERY:www.exmple.com.:A:IN qflags:RD,AD; response:No Error rr:1/0/1 rflags: RD,RA;
1632165167.438796:INFO:trust_dns_server::server::server_future:651:request:13648 src:UDP://127.0.0.1#53266 QUERY:www.google.com.:A:IN qflags:RD,AD; response:No Error rr:1/0/1 rflags: RD,RA;
1632165210.496483:INFO:trust_dns_server::server::server_future:651:request:43077 src:UDP://127.0.0.1#57542 QUERY:www.example.com.:A:IN qflags:RD,AD; response:No Error rr:1/0/1 rflags: RD,AA;
1632165243.481158:INFO:trust_dns_server::server::server_future:651:request:24552 src:UDP://127.0.0.1#55267 QUERY:xxx.example.com.:A:IN qflags:RD,AD; response:Non-Existent Domain rr:0/1/1 rflags: RD,AA;
1632165267.610928:INFO:trust_dns_server::server::server_future:651:request:47603 src:UDP://127.0.0.1#57723 QUERY:example.com.:A:IN qflags:RD,AD; response:No Error rr:1/0/3 rflags: RD,AA;

I think we can use this opportunity to cleanup some of the Display implementations for these various sections. let me know what you think. As an example, the Display for the response code is multi-word right now, that might not be desirable? Also, do we want to the code+description instead of just the description there?

+357 -95

0 comment

15 changed files

pr created time in 4 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha b8ad0d68cacd0990126142ae2ffb6fe7d17e489c

Move to async-trait for server to simplify function calls

view details

Benjamin Fry

commit sha f7465c991720bf94e3f90829c13d02e47aa667ca

require Authority to have interior mutability

view details

Benjamin Fry

commit sha 47fe25955520209ead2264780183970aff82a118

Simplify server logging to single logline per request

view details

push time in 4 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha b8ad0d68cacd0990126142ae2ffb6fe7d17e489c

Move to async-trait for server to simplify function calls

view details

Benjamin Fry

commit sha f7465c991720bf94e3f90829c13d02e47aa667ca

require Authority to have interior mutability

view details

push time in 4 days

delete branch bluejekyll/trust-dns

delete branch : use-async-trait-in-server

delete time in 4 days

PR merged bluejekyll/trust-dns

Move to async-trait for server to simplify function calls

While working on #1525 I realized that would be a lot simpler if the function calls in the server were simplified as async fns rather than the old Future state-machines.

There are a few additional changes on the way for this, but the initial change looks good (and fixes some things in some of the implementations).

+1497 -1250

2 comments

33 changed files

bluejekyll

pr closed time in 4 days

create barnchbluejekyll/trust-dns

branch : simplified-logging

created branch time in 4 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 0c0e2ae28b61485b324f265faca15f1a1f20bb96

require Authority to have interior mutability

view details

push time in 6 days

pull request commentbluejekyll/trust-dns

Move to async-trait for server to simplify function calls

@djc Thanks for looking at this before. I did see your comments about it being annoying to review the use statement refactoring. I'd ask if you don't mind, to skip those refactors. I find that the best time to refactor that during other changes. I'll make an attempt to pay more attention splitting the use clause refactorings across commits in the future, if you see that as impeding the review.

I've split the commits into two major changes. First refactoring to async-trait usage and away from named Futures for Authority. The next moves the responsibility for Send + Sync and mutability to be interior to the Authorities. This should make things a little more efficient and remove some locking. I'm considering creating an addition PR after this to clean things up more, but this is a good first step.

bluejekyll

comment created time in 7 days

push eventbluejekyll/trust-dns

Evan Cameron

commit sha 6dde9938d9f7541379b4307cb58a312607d230b5

remove unused arg line & bytesmut

view details

Benjamin Fry

commit sha e69b903227378f2e4e3cfb65760f32e07b2ee65a

Move to async-trait for server to simplify function calls

view details

Benjamin Fry

commit sha d06d0e332758d4045e177051c12588a21676f731

require Authority to have interior mutability

view details

push time in 7 days

push eventbluejekyll/trust-dns

Evan Cameron

commit sha 6dde9938d9f7541379b4307cb58a312607d230b5

remove unused arg line & bytesmut

view details

push time in 10 days

PR merged bluejekyll/trust-dns

remove unused doc arg line & bytesmut

Found a line in the docs I don't think is in use anymore. Also noticed BytesMut::from(&[u8]) that can be removed, which I think causes one extra allocation per send_message, this required changing the method signature on an internal method though, so let me know if you'd prefer this was rolled back.

+5 -11

4 comments

1 changed file

leshow

pr closed time in 10 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 909d5b7a6c4537becb8fdd5275da327155e83986

update certs for tests 08-2021

view details

Benjamin Fry

commit sha f791bbe0eb428e0946764e7a92f1cad8e0c7aa31

ignore Query::query clippy suggestion

view details

Benjamin Fry

commit sha bd5e56f823a89a27e597ab75b507d9b82926bbb8

Move to async-trait for server to simplify function calls

view details

Benjamin Fry

commit sha 0e2325ff62671b67128adc6928191c191e99ca34

require Authority to have interior mutability

view details

Benjamin Fry

commit sha 2223f8ed8bf4b7f9638256a949169d9af509e253

remove unused fns and unnecessary asyncs

view details

push time in 10 days

issue openedrust-lang/futures-rs

Move to parking_lot::Mutex for mutex and away from std::sync::Mutex?

parking_lot has a lot of advantages over std::sync::Mutex.

Should we migrate to parking_lot for all futures_util::lock primitives?

If we're open to this, I'd be happy to contribute the work for this.

created time in 10 days

push eventleshow/trust-dns

Benjamin Fry

commit sha 909d5b7a6c4537becb8fdd5275da327155e83986

update certs for tests 08-2021

view details

Benjamin Fry

commit sha f791bbe0eb428e0946764e7a92f1cad8e0c7aa31

ignore Query::query clippy suggestion

view details

Benjamin Fry

commit sha 8e91b6cc746a636b1bccb97b2c51323f66e6feb7

Merge branch 'main' into minor_doh

view details

push time in 11 days

pull request commentbluejekyll/trust-dns

remove unused doc arg line & bytesmut

This is all happening inside the https library, so I think it's fine to just pass the bytes directly. Thanks for the PR!

leshow

comment created time in 11 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 909d5b7a6c4537becb8fdd5275da327155e83986

update certs for tests 08-2021

view details

Benjamin Fry

commit sha f791bbe0eb428e0946764e7a92f1cad8e0c7aa31

ignore Query::query clippy suggestion

view details

push time in 11 days

delete branch bluejekyll/trust-dns

delete branch : update-certs-08-2021

delete time in 11 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha aa6da59775cbbe5eb3c81352d8c1f7e50f11d948

remove unused fns and unnecessary asyncs

view details

push time in 11 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 8e3047183d83e2476b149a14fd9c06325c30bc8e

remove async from AuthorityObject where unnecessary

view details

push time in 11 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 0f548259a8c2390684ea53e428f29f0c09b8fb94

ignore Query::query clippy suggestion

view details

Benjamin Fry

commit sha 5d78f1247fa8586371f474342167815c14367c1b

Move to async-trait for server to simplify function calls

view details

Benjamin Fry

commit sha 819b5f32384c91b29ca13c74e58070dc95a38db1

require Authority to have interior mutability

view details

push time in 11 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 0f548259a8c2390684ea53e428f29f0c09b8fb94

ignore Query::query clippy suggestion

view details

push time in 11 days

push eventbluejekyll/trust-dns

Benjamin Fry

commit sha 3217747c83497a017277d5d5828f6306f18cd118

update certs for tests 08-2021

view details

Benjamin Fry

commit sha 0e87d027948dc86e3bbc60dbadc3e264ae27bd14

Move to async-trait for server to simplify function calls

view details

Benjamin Fry

commit sha 67d8fe5dd94003030577ce82accb29b95a63e67a

require Authority to have interior mutability

view details

push time in 11 days

PullRequestReviewEvent