DNS/KnotResolver/cookies/dnslib-example

DNS/KnotResolver/cookies/dnslib-exampleについて、ここに記述してください。

BIND 9.11.0-P4付属のdigからのquery

$ dig +qr -p 5053 moin.qmail.jp @127.0.0.1

; <<>> DiG 9.11.0-P3 <<>> +qr -p 5053 moin.qmail.jp @127.0.0.1
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34014
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7fb5bff48329a7cf
;; QUESTION SECTION:
;moin.qmail.jp.                 IN      A

;; QUERY SIZE: 54

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34014
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;moin.qmail.jp.                 IN      A

;; AUTHORITY SECTION:
qmail.jp.               300     IN      NS      ns1.qmail.jp.
qmail.jp.               300     IN      NS      ns2.qmail.jp.
qmail.jp.               300     IN      SOA     ns1.qmail.jp. tmaeno.qmail.jp. 201607241 3600 10800 86400 3600

;; Query time: 1 msec
;; SERVER: 127.0.0.1#5053(127.0.0.1)
;; WHEN: Fri Apr 14 10:16:37 JST 2017
;; MSG SIZE  rcvd: 110

1. server 側

@127.0.0.1 port 5053 をlisten (simpledns.py)

(; COOKIE: 7fb5bff48329a7cf はパケットの最後にある）

UDP request 2017-04-14 01:16:37.380669 (127.0.0.1 38071):
54 84de01200001000000000001046d6f696e05716d61696c026a700000010001000029100000000000000c000a00087fb5bff48329a7cf
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34014
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;moin.qmail.jp.                 IN      A
;; ADDITIONAL SECTION:
;OPT PSEUDOSECTION
;EDNS: version: 0, flags: ; udp: 4096
;EDNS: code: 10; data: 7fb5bff48329a7cf

Reply:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34014
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:
;moin.qmail.jp.                 IN      A
;; AUTHORITY SECTION:
qmail.jp.               300     IN      NS      ns1.qmail.jp.
qmail.jp.               300     IN      NS      ns2.qmail.jp.
qmail.jp.               300     IN      SOA     ns1.qmail.jp. tmaeno.qmail.jp. 201607241 3600 10800 86400 3600

https://moin.qmail.jp/DNS/RFC/1035/4#A495

https://tools.ietf.org/html/rfc6891

   The fixed part of an OPT RR is structured as follows:

       +------------+--------------+------------------------------+
       | Field Name | Field Type   | Description                  |
       +------------+--------------+------------------------------+
       | NAME       | domain name  | MUST be 0 (root domain)      |
       | TYPE       | u_int16_t    | OPT (41)                     |
       | CLASS      | u_int16_t    | requestor's UDP payload size |
       | TTL        | u_int32_t    | extended RCODE and flags     |
       | RDLEN      | u_int16_t    | length of all RDATA          |
       | RDATA      | octet stream | {attribute,value} pairs      |
       +------------+--------------+------------------------------+

                               OPT RR Format

54
84de 0120  (ID, OPCODE 0, RD, Z=2)  Z は通常は0のはずなので、cookie関連か。

0001 0000 0000 0001 (Count)

046d 6f69 6e05 716d 6169 6c02 6a70
  m  o i  n    q  m a i  l    j p
0000 0100 0100 0029 1000 0000 0000
 END   root      41 4096 (version, flags)
000c
  length
000a00087fb5bff48329a7cf   (code 10, client cookie 8 octet)

https://tools.ietf.org/html/rfc7873#page-8

   In a request sent by a client to a server when the client does not
   know the server's cookie, its length is 8, consisting of an 8-byte
   Client Cookie, as shown in Figure 1.

                         1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        OPTION-CODE = 10      |       OPTION-LENGTH = 8        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +-+-    Client Cookie (fixed size, 8 bytes)              -+-+-+-+
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

              Figure 1: COOKIE Option, Unknown Server Cookie

python print: clientからのcookie(s)の取り出しはできそう）

server側で、cookies 返答を作るには？　-- ToshinoriMaeno 2017-04-15 10:25:10

UDP request 2017-04-15 10:16:52.532021 (192.168.10.7 33428):
51 1e4101200001000000000001016405716d61696c026a700000020001000029100000000000000c000a0008b706f0820936cc37
-------
('query :', <DNS Header: id=0x1e41 type=QUERY opcode=QUERY flags=RD rcode='NOERROR' q=1 a=0 ns=0 ar=1>
<DNS Question: 'd.qmail.jp.' qtype=NS qclass=IN>
<DNS OPT: edns_ver=0 do=0 ext_rcode=0 udp_len=4096>
<EDNS Option: Code=10 Data='b706f0820936cc37'>)
-------

interactive:

>>> packet = binascii.unhexlify(b'84de01200001000000000001046d6f696e05716d61696c026a700000010001000029100000000000000c000a00087fb5bff48329a7cf')
>>> d = DNSRecord.parse(packet)
>>> d
<DNS Header: id=0x84de type=QUERY opcode=QUERY flags=RD rcode='NOERROR' q=1 a=0 ns=0 ar=1>
<DNS Question: 'moin.qmail.jp.' qtype=A qclass=IN>
<DNS OPT: edns_ver=0 do=0 ext_rcode=0 udp_len=4096>
<EDNS Option: Code=10 Data='7fb5bff48329a7cf'>
>>>

MoinQ: DNS/KnotResolver/cookies/dnslib-example

1. server 側