Skip to content

Update name server blacklisting mechanism#1423

Merged
tgreenx merged 4 commits intozonemaster:release-v2024.2.1from
tgreenx:update-blacklisting
Feb 6, 2025
Merged

Update name server blacklisting mechanism#1423
tgreenx merged 4 commits intozonemaster:release-v2024.2.1from
tgreenx:update-blacklisting

Conversation

@tgreenx
Copy link
Contributor

@tgreenx tgreenx commented Jan 28, 2025
edited
Loading

Purpose

This PR proposes to rework the name server blacklisting mechanism to only happen on no response for non-EDNS SOA queries. This comes after discussions and deliberation from the work group.

Context

Fixes #1411

Changes

  • Rework name server blacklisting mechanism
  • Remove blacklisting of specific queries in Test Cases
  • Add or update documentation

How to test this PR

Tests should pass.
Manual testing from #1411:

$ zonemaster-cli --show-testcase 120.89.185.in-addr.arpa --level debug --show-testcase --test nameserver10 --test zone11 --no-ipv6 | grep -Ev "EXTERNAL_QUERY|DEPENDENCY_VERSION|Unspecified"

Seconds Level    Testcase       Message
======= ======== ============== =======
   0.00 DEBUG    Nameserver10   TEST_CASE_START Nameserver10.
   2.69 DEBUG    Nameserver10   IPv6 is disabled, not sending "NS" query to ns3.afrinic.net/2001:500:14:6100:ad::1.
   3.18 WARNING  Nameserver10   Expected RCODE but received erroneous response to an EDNS version 1 query. Fetched from the nameservers with IP addresses 80.77.240.44
   3.18 DEBUG    Nameserver10   TEST_CASE_END Nameserver10.
   0.00 DEBUG    Zone11         TEST_CASE_START Zone11.
   0.06 DEBUG    Zone11         IPv6 is disabled, not sending "NS" query to ns3.afrinic.net/2001:500:14:6100:ad::1.
   0.18 NOTICE   Zone11         No SPF policy was found for 120.89.185.in-addr.arpa.
   0.18 DEBUG    Zone11         System:Zone11:TEST_CASE_END testcase=Zone11

@tgreenx
Rework name server blacklisting mechanism to only happen for non-EDNS…
0eca57a 
… SOA queries
@tgreenx
Update or add documentation regarding name server blacklisting
4ad4261
@tgreenx
Remove blacklisting of specific queries in Test Cases
cccb95c 
Now that only non-EDNS SOA queries trigger the name server blacklisting mechanism, those special treatments are no longer needed.
@tgreenx tgreenx added the V-Minor Versioning: The change gives an update of minor in version. label Jan 28, 2025
@tgreenx tgreenx added this to the v2024.2.1 milestone Jan 28, 2025
@tgreenx tgreenx linked an issue Jan 29, 2025 that may be closed by this pull request
Issues in Nameserver10 creates problem in Zone11 #1411
Closed
marc-vanderwal
marc-vanderwal reviewed Jan 29, 2025
View reviewed changes
Copy link
Contributor

@marc-vanderwal marc-vanderwal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty good. Just some minor comments.

@tgreenx @marc-vanderwal
Apply suggestions from code review
3749eb1 
Co-authored-by: Marc van der Wal <103426270+marc-vanderwal@users.noreply.github.com>
@tgreenx tgreenx merged commit 1c5ba40 into zonemaster:release-v2024.2.1 Feb 6, 2025
@tgreenx tgreenx deleted the update-blacklisting branch February 6, 2025 09:14
@tgreenx tgreenx mentioned this pull request Feb 6, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattias-p mattias-p mattias-p approved these changes

@matsduf matsduf matsduf approved these changes

@marc-vanderwal marc-vanderwal marc-vanderwal approved these changes

@tolvmannen tolvmannen Awaiting requested review from tolvmannen

@MichaelTimbert MichaelTimbert Awaiting requested review from MichaelTimbert

Assignees

No one assigned

Labels

V-Minor Versioning: The change gives an update of minor in version.

Projects

None yet

Milestone

v2024.2.1

Development

Successfully merging this pull request may close these issues.

Issues in Nameserver10 creates problem in Zone11

4 participants

@tgreenx @mattias-p @matsduf @marc-vanderwal