hs-client icon indicating copy to clipboard operation
hs-client copied to clipboard

Published 20 hours ago verified publisher icon handshake-org

Feature Request: add sanity checks to `hsw-cli` when adding/modifying `records`

Open mrose17 opened this issue 4 years ago • 3 comments

Some of the data in the HNS root zone are "wrong", e.g., IP addresses being used as the name of NS RRs (instead of as the value of the RR).

i suggest that hsw-cli be extended to include a module that does a syntax/sanity check when records are created/modified, e.g., as in:

    hsw-cli rpc sendupdate easyhandshake '{"records": [ ... ]}'

If you go to any DNS service that let's you edit RRs, they all perform such checks (or at least they should). I suggest taht hsw-cli do the same!

mrose17 avatar Jan 09 '21 12:01 mrose17

There is an RPC on the node that can be used for this, validateresource See https://github.com/handshake-org/hsd/pull/429

tynes avatar Jan 10 '21 08:01 tynes

@mrose17 thanks for bringing this up. hs-client is just an empty wrapper client to make calls to an hsd node, so features like this would likely go in hsd itself. Like @tynes said we have a validateresource rpc already that checks for basic syntax errors in the resource JSON object before the user calls sendupdate -- but perhaps it could be expanded.

For example, reminiscent of Bitcoin Core's testmempoolaccept, validateresource could return a complex JSON object listing arrays of "errors" and "warnings", where errors are the current syntax tests and warnings are violations of traditional DNS configuration.

Possible example result

{
  errors: [
    "Invalid DS record. KeyTag must be a uint16.",
    "Invalid GLUE6 record. ns must be a valid name."
  ],
  warnings: [
    "Unknown DS algorithm identifier",
    "DS Digest length does not match digestType",
    "Glue record is not a subdomain of the zone"
  ]
}

Marshall I'd appreciate your suggestions for things to test

pinheadmz avatar Jan 10 '21 14:01 pinheadmz

@pinheadmz - when in doubt, see what the isc did with bind. in this case, we have https://kb.isc.org/docs/aa-01127 ... so my short answer is to get the source for that and integrate that into validateresource. hopefully, you can just copy-paste without having to do any transcoding by hand.

the other thing I would check is to see how the invalid RRs got into the HNS zone. if sendupdate wasn't used, i suppose there isn't much that can be done; otherwise, it is almost certainly the case that when updating records that a syntax check is mandated. (although I suppose you could add a "i know what i'm doing and please do not sanity-check this parameter" option on sendupdate).

does that make sense?

mrose17 avatar Jan 10 '21 15:01 mrose17