7.4.4

fix(dnsserver): Fix SOA record timeout issue by correcting RRSIG field formatting - Fixed RRSIG generation by using correct field name 'signersName' (not 'signerName') - Fixed label count calculation in RRSIG by filtering empty strings - Added SOA records to DNSSEC signing map for proper RRSIG generation - Added error logging and fallback values for RRSIG generation robustness - Updated test expectations to match corrected DNSSEC RRset signing behavior - Added comprehensive SOA test coverage including timeout, debug, and simple test scenarios
2025-05-30 19:27:37 +00:00
parent d67fbc87e2
commit f6175d1f2b
8 changed files with 998 additions and 7 deletions
--- a/ts_server/classes.dnsserver.ts
+++ b/ts_server/classes.dnsserver.ts
@ -637,6 +637,12 @@ export class DnsServer {
          },
        };
        response.answers.push(soaAnswer as plugins.dnsPacket.Answer);
+        
+        // Add SOA record to DNSSEC signing map if DNSSEC is requested
+        if (dnssecRequested) {
+          const soaKey = `${question.name}:SOA`;
+          rrsetMap.set(soaKey, [soaAnswer]);
+        }
      }
    }

@ -684,6 +690,17 @@ export class DnsServer {

    // Sign the RRset
    const signature = this.dnsSec.signData(rrsetBuffer);
+    
+    // Ensure all fields are defined
+    if (!signerName || !signature) {
+      console.error('RRSIG generation error - missing fields:', {
+        signerName,
+        signature: signature ? 'present' : 'missing',
+        algorithm,
+        keyTag,
+        type
+      });
+    }

    // Construct the RRSIG record
    const rrsig: DnsAnswer = {
@ -692,15 +709,15 @@ export class DnsServer {
      class: 'IN',
      ttl,
      data: {
-        typeCovered: type, // Changed to type string
+        typeCovered: type, // dns-packet expects the string type
        algorithm,
-        labels: name.split('.').length - 1,
+        labels: name.split('.').filter(l => l.length > 0).length, // Fix label count
        originalTTL: ttl,
        expiration,
        inception,
        keyTag,
-        signerName,
-        signature: signature,
+        signersName: signerName || this.options.dnssecZone, // Note: signersName with 's'
+        signature: signature || Buffer.alloc(0), // Fallback to empty buffer
      },
    };