Feature/dns caa

[lxdicted]

net: Added support for resolving DNS CAA records (RFC 8659)

This adds support for DNS Certification Authority Authorization (RFC 8659) to nodejs.

Fixes: #19239
Refs: #14713

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• documentation is changed or added
• commit message follows commit guidelines

[nodejs-github-bot]

Review requested:

• @nodejs/net

[lxdicted]

@rvagg @nodejs/modules please review the c-ares backport.

[Trott]

@nodejs/dns

[addaleax]

Can you leave a todo comment to do proper exception handling in this method?

[lxdicted]

There is no exception handling in cares_wrap.cc. If this was needed, it would have been added for all parsing the other record types, too. I don't see a todo here.

[addaleax]

There is no exception handling in cares_wrap.cc.

Right, it’s missing, so it would be nice to have a comment about that somewhere in the file

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/33376/

[aduh95]

Landed in 6f34498

[AdamMajer]

FWIW, this pulls c-ares patch that is not yet released which will break Node on systems where c-ares is linked as an external dependency. For this reason, I think this should not be backported to currently released versions.

[AdamMajer]

The don't-land-on-v15.x actually already happened. It's in 15.0.0+ in 6f34498

[aduh95]

Indeed! Do you think that should be reverted on v15 or do you think it's fine as is?

[AdamMajer]

For me it's OK since we will not be shipping 15 with anything and by the time 16 rolls around we can either patch our c-ares for the extra functionality or have a new c-ares version by then.

[Trott]

Unfortunately, this broke a test in test/internet (which only get run nightly and I only got around to bisecting today):

node:internal/process/promises:218
          triggerUncaughtException(err, true /* fromPromise */);
          ^

AssertionError [ERR_ASSERTION]: The expression evaluated to a falsy value:

  assert.ok(Array.isArray(result[0]))

    at validateResult (/Users/trott/io.js/test/internet/test-dns.js:404:12)
    at test_resolveCaa (/Users/trott/io.js/test/internet/test-dns.js:411:3) {
  generatedMessage: true,
  code: 'ERR_ASSERTION',
  actual: false,
  expected: true,
  operator: '=='
}

Bug in the test? Bug in this change? Something else?

[Trott]

Oh, interesting, the test that is failing was added in this PR.

Is the bug that it should be checking Array.isArray(result) and not Array.isArray(result[0])?

[Trott]

Oh, interesting, the test that is failing was added in this PR.

Is the bug that it should be checking Array.isArray(result) and not Array.isArray(result[0])?

Yeah, looking at the surrounding code, that's gotta be it.

[Trott]

Fix in #35969

[lxdicted]

@AdamMajer , @aduh95 : c-ares 0.17.1 has been released recently. It there any change to get this into v10, v12, or v14?

[AdamMajer]

I think no problem here to backport this to older versions now.

[richardlau]

@AdamMajer , @aduh95 : c-ares 0.17.1 has been released recently. It there any change to get this into v10, v12, or v14?

10.x is in maintenance so this won't land there. The last planned 12.x release before it enters maintenance at the end of the month is due on Tuesday (#35950 ) so the chance of getting this into 12.x is low.

For 14.x the path forwards should be to update c-ares in master to 0.17.1 and then backport that together with this PR to 14.x.

[lxdicted]

I've created a pull request for c-ares 1.17.1 here: #36207

[lxdicted]

For 14.x the path forwards should be to update c-ares in master to 0.17.1 and then backport that together with this PR to 14.x.

@richardlau c-ares 1.17.1 has landed in 3bd9b81, any other obstacles to backport this to 14.x?

[richardlau]

For 14.x the path forwards should be to update c-ares in master to 0.17.1 and then backport that together with this PR to 14.x.

@richardlau c-ares 1.17.1 has landed in 3bd9b81, any other obstacles to backport this to 14.x?

Our general policy is that for LTS release lines (e.g. 14.x) a change should live on the current release (i.e. 15.x) for two weeks before being backported (https://github.com/nodejs/Release#lts-staging-branches). 3bd9b81 hasn't gone out in 15.x yet (the next 15.x release is planned for this week, nodejs/Release#621). The next 14.x release is going to be a security release (https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/) so any backports of features would have to wait until after that. We haven't firmly sketched out the release plan for 14.x for next year, but have discussed planning a semver-minor for mid to late January.

So timeline wise:

1. 3bd9b81 goes out in a 15.x release.
2. Two weeks after the 15.x release the c-ares update lands on v14.x-staging.
3. This PR is backported, minus the c-ares floating patch (as the intention is to use the proper c-ares update) and including test: fix error in test/internet/test-dns.js #35969 (fixing up one of the testcases). I've added a backport-requested-v14.x label.