https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3783
Summary: Support for DLV RR (RFC 4431) and SHA-256 Digest for DS
RR (RFC 4509)
Product: Wireshark
Version: 1.2.1
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: ivan_jr@xxxxxxxxx
Ivan Sy <ivan_jr@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3423| |review_for_checkin?
Flag| |
Created an attachment (id=3423)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3423)
Support for DLV RR (RFC 4431) and SHA-256 Digest for DS RR (RFC 4509)
Build Information:
wireshark 1.2.1
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.7, without
c-ares, with ADNS, without Lua, with GnuTLS 2.6.4, with Gcrypt 1.4.4, without
Kerberos, with GeoIP, with PortAudio <= V18, without AirPcap.
Running on FreeBSD 7.2-RELEASE-p1, with libpcap version 1.0.0, GnuTLS 2.6.4,
Gcrypt 1.4.4.
Built using gcc 4.2.1 20070719 [FreeBSD].
--
Support for DLV RR (RFC 4431) and SHA-256 Digest for DS RR (RFC 4509)
===========
Support for DLV RR will exactly be the same with DS RR, from RFC 4431 section 2
The DLV resource record has exactly the same wire and presentation
formats as the DS resource record, defined in RFC 4034, Section 5.
It uses the same IANA-assigned values in the algorithm and digest
type fields as the DS record. (Those IANA registries are known as
the "DNS Security Algorithm Numbers" and "DS RR Type Algorithm
Numbers" registries.)
The DLV record is a normal DNS record type without any special
processing requirements. In particular, the DLV record does not
inherit any of the special processing or handling requirements of the
DS record type (described in Section 3.1.4.1 of RFC 4035). Unlike
the DS record, the DLV record may not appear on the parent's side of
a zone cut. A DLV record may, however, appear at the apex of a zone.
Support for "Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records
(RRs)", RFC 4509
2.2. DS Record with SHA-256 Wire Format
The resulting on-the-wire format for the resulting DS record will be
as follows:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key Tag | Algorithm | DigestType=2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ /
/ Digest (length for SHA-256 is 32 bytes) /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
Please see attached packet capture of a DNS query for a DLV and DNS response of
a DLV with SHA-256 digest. This also applies for DS RR.
Please see attached patch
done with fuzz.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.