fix: usr: Use named Service Parameter Keys (SvcParamKeys) by default

When converting SVCB records to text representation `named` now uses named `SvcParamKeys` values unless backward-compatible mode is activated, in which case the values which were not defined initially in RFC9460 and were added later (see [1]) are converted to opaque "keyNNNN" syntax, like, for example, "key7" instead of "dohpath". Also a new `+[no]svcparamkeycompat` option is implemented for `dig`, which enables the backward-compatible mode and uses the opaque syntax, if required for interoperability with other software or scripts. By default, the compatibility mode is disabled. [1] https://www.iana.org/assignments/dns-svcb/dns-svcb.xhtml Closes #5156 Merge branch '5156-svcparamkey-use-named-keys-by-default' into 'main' See merge request isc-projects/bind9!10085
2025-08-30 14:07:59 +00:00 · 2025-02-17 18:24:02 +00:00 · 2025-02-17 18:24:02 +00:00 · 3f61a87be3
commit 3f61a87be3
parent 5559539eb0 9d441c93d0
8 changed files with 49 additions and 21 deletions
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@ -303,6 +303,8 @@ help(void) {
 	       "statistics)\n"
 	       "                 +subnet=addr        (Set edns-client-subnet "
 	       "option)\n"
 	       "                 +[no]svcparamkeycompat (Display backward-"
 	       "compatible SvcParamKey names (keyN) for non-initial entries)\n"
 	       "                 +[no]tcflag         (Set TC flag in query "
 	       "(+[no]tcflag))\n"
 	       "                 +[no]tcp            (TCP mode (+[no]vc))\n"
@ -502,6 +504,9 @@ say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) {
 	if (query->lookup->expandaaaa) {
 		styleflags |= DNS_STYLEFLAG_EXPANDAAAA;
 	}
 	if (query->lookup->svcparamkeycompat) {
 		styleflags |= DNS_STYLEFLAG_SVCPARAMKEYCOMPAT;
 	}
 	result = dns_rdata_tofmttext(rdata, NULL, styleflags, 0, splitwidth,
 				     " ", buf);
 	if (result == ISC_R_NOSPACE) {
@ -695,6 +700,9 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		if (query->lookup->expandaaaa) {
 			styleflags |= DNS_STYLEFLAG_EXPANDAAAA;
 		}
 		if (query->lookup->svcparamkeycompat) {
 			styleflags |= DNS_STYLEFLAG_SVCPARAMKEYCOMPAT;
 		}
 		if (query->lookup->multiline) {
 			styleflags |= DNS_STYLEFLAG_OMIT_OWNER;
 			styleflags |= DNS_STYLEFLAG_OMIT_CLASS;
@ -2394,6 +2402,10 @@ plus_option(char *option, bool is_batchfile, bool *need_clone,
 				goto exit_or_usage;
 			}
 			break;
 		case 'v': /* svcparamkeycompat */
 			FULLCHECK("svcparamkeycompat");
 			lookup->svcparamkeycompat = state;
 			break;
 		default:
 			goto invalid_option;
 		}
--- a/bin/dig/dig.rst
+++ b/bin/dig/dig.rst
@ -642,6 +642,14 @@ abbreviation is unambiguous; for example, :option:`+cd` is equivalent to
   prefix-length of zero, which signals a resolver that the client's
   address information must *not* be used when resolving this query.
 .. option:: +svcparamkeycompat, +nosvcparamkeycompat
   This option sets [or does not set] the backward-compatible representation of
   the Service Parameter Keys (SvcParamKeys) for SVCB records, in which case
   the keys, which were not defined initially in :rfc:`9460` are represented
   in their opaque "keyN"-like format, where "N" is their numerical value. The
   default is ``+nosvcparamkeycompat``.
 .. option:: +tcflag, +notcflag
   This option sets [or does not set] the TC (TrunCation) bit in the query. The default is
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@ -758,6 +758,7 @@ clone_lookup(dig_lookup_t *lookold, bool servers) {
 	looknew->nocrypto = lookold->nocrypto;
 	looknew->ttlunits = lookold->ttlunits;
 	looknew->expandaaaa = lookold->expandaaaa;
 	looknew->svcparamkeycompat = lookold->svcparamkeycompat;
 	looknew->qr = lookold->qr;
 	looknew->idnin = lookold->idnin;
 	looknew->idnout = lookold->idnout;
--- a/bin/dig/dighost.h
+++ b/bin/dig/dighost.h
@ -104,9 +104,8 @@ struct dig_lookup {
 	isc_refcount_t references;
 	bool aaonly, adflag, badcookie, besteffort, cdflag, cleared, comments,
 		dns64prefix, dnssec, doing_xfr, done_as_is, ednsneg, expandaaaa,
-		expire, fuzzing, header_only, identify, /*%< Append an "on
+		svcparamkeycompat, expire, fuzzing, header_only,
-							   server <foo>" message
+		identify, /*%< Append an "on server <foo>" message */
 							 */
 		identify_previous_line, /*% Prepend a "Nameserver <foo>:"
 					   message, with newline and tab */
 		idnin, idnout, ignore, multiline, need_search, new_search,
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@ -2366,7 +2366,7 @@ check-svcb no
 update add _dns.ns.relaxed 0 in SVCB 1 ns.relaxed dohpath=/{?dns}
 send
 END
-$DIG $DIGOPTS +tcp @10.53.0.3 _dns.ns.relaxed SVCB >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +tcp +svcparamkeycompat @10.53.0.3 _dns.ns.relaxed SVCB >dig.out.ns3.test$n || ret=1
 grep '1 ns.relaxed. key7="/{?dns}"' dig.out.ns3.test$n >/dev/null || ret=1
 [ $ret = 0 ] || {
  echo_i "failed"
--- a/lib/dns/include/dns/rdata.h
+++ b/lib/dns/include/dns/rdata.h
@ -173,6 +173,9 @@ struct dns_rdata {
 /*% Print AAAA record fully expanded */
 #define DNS_STYLEFLAG_EXPANDAAAA 0x00000020ULL
 /*% Print non-initial Service Parameter Keys in backward-compatible format */
 #define DNS_STYLEFLAG_SVCPARAMKEYCOMPAT 0x00000040ULL
 #define DNS_RDATA_DOWNCASE	 DNS_NAME_DOWNCASE
 #define DNS_RDATA_CHECKNAMES	 DNS_NAME_CHECKNAMES
 #define DNS_RDATA_CHECKNAMESFAIL DNS_NAME_CHECKNAMESFAIL
--- a/lib/dns/rdata/in_1/svcb_64.c
+++ b/lib/dns/rdata/in_1/svcb_64.c
@ -377,12 +377,12 @@ svc_fromtext(isc_textregion_t *region, isc_buffer_t *target) {
 static const char *
 svcparamkey(unsigned short value, enum encoding *encoding, char *buf,
-	    size_t len) {
+	    size_t len, bool compat) {
 	size_t i;
 	int n;
 	for (i = 0; i < ARRAY_SIZE(sbpr); i++) {
-		if (sbpr[i].value == value && sbpr[i].initial) {
+		if (sbpr[i].value == value && (sbpr[i].initial || !compat)) {
 			*encoding = sbpr[i].encoding;
 			return sbpr[i].name;
 		}
@ -639,6 +639,7 @@ generic_totext_in_svcb(ARGS_TOTEXT) {
 	char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255")];
 	unsigned short num;
 	int n;
 	bool compat = (tctx->flags & DNS_STYLEFLAG_SVCPARAMKEYCOMPAT) != 0;
 	REQUIRE(rdata->length != 0);
@ -674,8 +675,9 @@ generic_totext_in_svcb(ARGS_TOTEXT) {
 		INSIST(region.length >= 2);
 		num = uint16_fromregion(&region);
 		isc_region_consume(&region, 2);
-		RETERR(str_totext(svcparamkey(num, &encoding, buf, sizeof(buf)),
+		RETERR(str_totext(
-				  target));
+			svcparamkey(num, &encoding, buf, sizeof(buf), compat),
 			target));
 		INSIST(region.length >= 2);
 		num = uint16_fromregion(&region);
@ -693,6 +695,7 @@ generic_totext_in_svcb(ARGS_TOTEXT) {
 		}
 		switch (encoding) {
 		case sbpr_text:
 		case sbpr_dohpath:
 			RETERR(multitxt_totext(&r, target));
 			break;
 		case sbpr_port:
@ -747,7 +750,8 @@ generic_totext_in_svcb(ARGS_TOTEXT) {
 				num = uint16_fromregion(&r);
 				isc_region_consume(&r, 2);
 				RETERR(str_totext(svcparamkey(num, &encoding,
-							      buf, sizeof(buf)),
+							      buf, sizeof(buf),
 							      compat),
 						  target));
 				if (r.length != 0) {
 					RETERR(str_totext(",", target));
--- a/tests/dns/rdata_test.c
+++ b/tests/dns/rdata_test.c
@ -2698,31 +2698,32 @@ ISC_RUN_TEST_IMPL(https_svcb) {
 			     "key123=abc)"),
 		/* dohpath tests */
 		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{dns}",
-				   "1 example.net. key7=\"/{dns}\""),
+				   "1 example.net. dohpath=\"/{dns}\""),
 		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{+dns}",
-				   "1 example.net. key7=\"/{+dns}\""),
+				   "1 example.net. dohpath=\"/{+dns}\""),
 		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{#dns}",
-				   "1 example.net. key7=\"/{#dns}\""),
+				   "1 example.net. dohpath=\"/{#dns}\""),
 		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{.dns}",
-				   "1 example.net. key7=\"/{.dns}\""),
+				   "1 example.net. dohpath=\"/{.dns}\""),
-		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=\"/{;dns}\"",
+		TEXT_VALID_LOOP(1, "1 example.net. dohpath=\"/{;dns}\""),
 				   "1 example.net. key7=\"/{;dns}\""),
 		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{?dns}",
-				   "1 example.net. key7=\"/{?dns}\""),
+				   "1 example.net. dohpath=\"/{?dns}\""),
 		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/some/path{?dns}",
-				   "1 example.net. key7=\"/some/path{?dns}\""),
+				   "1 example.net. "
 				   "dohpath=\"/some/path{?dns}\""),
 		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{dns:9999}",
-				   "1 example.net. key7=\"/{dns:9999}\""),
+				   "1 example.net. dohpath=\"/{dns:9999}\""),
 		TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{dns*}",
-				   "1 example.net. key7=\"/{dns*}\""),
+				   "1 example.net. dohpath=\"/{dns*}\""),
 		TEXT_VALID_LOOPCHG(
 			1, "1 example.net. dohpath=/some/path?key=value{&dns}",
-			"1 example.net. key7=\"/some/path?key=value{&dns}\""),
+			"1 example.net. "
 			"dohpath=\"/some/path?key=value{&dns}\""),
 		TEXT_VALID_LOOPCHG(1,
 				   "1 example.net. "
 				   "dohpath=/some/path?key=value{&dns,x*}",
 				   "1 example.net. "
-				   "key7=\"/some/path?key=value{&dns,x*}\""),
+				   "dohpath=\"/some/path?key=value{&dns,x*}\""),
 		TEXT_INVALID("1 example.com. dohpath=not-relative"),
 		TEXT_INVALID("1 example.com. dohpath=/{?no_dns_variable}"),
 		TEXT_INVALID("1 example.com. dohpath=/novariable"),