-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/dns caa #35466
Feature/dns caa #35466
Conversation
This adds support for DNS Certification Authority Authorization (RFC 6844) to nodejs. This closes nodejs#19239 and possibly affects nodejs#14713.
Review requested:
|
@rvagg @nodejs/modules please review the c-ares backport. |
@nodejs/dns |
env->type_string(), | ||
env->dns_caa_string()).Check(); | ||
|
||
ret->Set(context, i + offset, caa_record).Check(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you leave a todo comment to do proper exception handling in this method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no exception handling in cares_wrap.cc. If this was needed, it would have been added for all parsing the other record types, too. I don't see a todo here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no exception handling in cares_wrap.cc.
Right, it’s missing, so it would be nice to have a comment about that somewhere in the file
Landed in 6f34498 |
FWIW, this pulls c-ares patch that is not yet released which will break Node on systems where c-ares is linked as an external dependency. For this reason, I think this should not be backported to currently released versions. |
The don't-land-on-v15.x actually already happened. It's in 15.0.0+ in 6f34498 |
Indeed! Do you think that should be reverted on v15 or do you think it's fine as is? |
For me it's OK since we will not be shipping 15 with anything and by the time 16 rolls around we can either patch our c-ares for the extra functionality or have a new c-ares version by then. |
Unfortunately, this broke a test in
Bug in the test? Bug in this change? Something else? |
Oh, interesting, the test that is failing was added in this PR. Is the bug that it should be checking |
Yeah, looking at the surrounding code, that's gotta be it. |
Fix in #35969 |
Refs: nodejs#35466 (comment) PR-URL: nodejs#35969 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Refs: #35466 (comment) PR-URL: #35969 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
@AdamMajer , @aduh95 : c-ares 0.17.1 has been released recently. It there any change to get this into v10, v12, or v14? |
I think no problem here to backport this to older versions now. |
10.x is in maintenance so this won't land there. The last planned 12.x release before it enters maintenance at the end of the month is due on Tuesday (#35950 ) so the chance of getting this into 12.x is low. For 14.x the path forwards should be to update c-ares in |
I've created a pull request for c-ares 1.17.1 here: #36207 |
@richardlau c-ares 1.17.1 has landed in 3bd9b81, any other obstacles to backport this to 14.x? |
Our general policy is that for LTS release lines (e.g. 14.x) a change should live on the current release (i.e. 15.x) for two weeks before being backported (https://github.com/nodejs/Release#lts-staging-branches). 3bd9b81 hasn't gone out in 15.x yet (the next 15.x release is planned for this week, nodejs/Release#621). The next 14.x release is going to be a security release (https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/) so any backports of features would have to wait until after that. We haven't firmly sketched out the release plan for 14.x for next year, but have discussed planning a semver-minor for mid to late January. So timeline wise:
|
Refs: #35466 (comment) PR-URL: #35969 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
net: Added support for resolving DNS CAA records (RFC 8659)
This adds support for DNS Certification Authority Authorization (RFC 8659) to nodejs.
Fixes: #19239
Refs: #14713
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes