Conversation
Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working in a new Pull Request on this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Read docs/RFC-conformance.md carefully.
- Inspect the current authoritative query-handling path and nearby tests.
- Keep this PR tightly scoped to out-of-zone handling.
Task:
Implement the behavior documented in docs/RFC-conformance.md for queries outside all served zones.
Required behavior from the document:
- queries for names outside every served primary/alias zone must return RCODE=REFUSED
- answer section must be empty
- authority section must be empty
Important:
- Treat docs/RFC-conformance.md as the normative project reference for this PR.
- Do not re-decide the policy.
- Make the smallest coherent production-code change needed.
- Preserve current in-zone behavior unless required by this task.
- Add or update automated tests proving the documented behavior.
Minimum test coverage:
- query for a name outside any served zone
- expect REFUSED
- expect empty answer section
- expect empty authority section
Suggested acceptance example:
- query: www.unrelated-domain.test. A
- expected: REFUSED, empty answer, empty authority
Scope control:
- Do not implement SOA-in-authority changes here.
- Do not implement opcode, qclass, or qdcount validation here.
- Do not do unrelated cleanup.
At the end, provide a short PR-style summary with:
- files changed
- exact behavior changed
- tests added/updated
- any small implementation choice made
Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in commit Files changed:
Behavior changed: Queries for names outside all served zones now return Implementation choice: No structural change needed — the single |
| assert len(dns_response.authority) == 0 | ||
|
|
||
|
|
||
| def test_update_response_outside_zone_returns_refused_for_unrelated_domain( |
There was a problem hiding this comment.
Is this test necessary? As far as I can see, it is identical to the one above: test_update_response_with_absolute_name_outside_zone_origins
There was a problem hiding this comment.
Correct, it was a duplicate. Removed in f614b76.
Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Addressed in |
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working in a new Pull Request on this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Read docs/RFC-conformance.md carefully.
- Inspect the current negative-response construction path and nearby tests.
- Keep this PR tightly scoped to negative-response authority-section behavior.
Task:
Implement the negative-response behavior documented in docs/RFC-conformance.md.
Required behavior from the document:
- NXDOMAIN for in-zone nonexistent names must include the zone apex SOA in the authority section
- NOERROR empty-answer responses for existing owner / absent type must include the zone apex SOA in the authority section
Requirements:
- Treat docs/RFC-conformance.md as the normative project reference for this PR.
- Make the smallest coherent change using the live in-memory zone data.
- Ensure exactly one apex SOA RRset is included in authority for these negative responses.
- Preserve other behavior unless required by this task.
- Add or update automated tests covering both negative-response categories.
Minimum test coverage:
- in-zone nonexistent name queried as A
- expect NXDOMAIN
- expect apex SOA in authority
- existing owner queried for an absent type such as AAAA
- expect NOERROR
- expect empty answer
- expect apex SOA in authority
Scope control:
- Do not change out-of-zone handling here.
- Do not implement opcode, qclass, or qdcount validation here.
- Do not do unrelated refactors.
At the end, provide a short PR-style summary with:
- files changed
- exact behavior changed
- how the apex SOA is sourced/populated
- tests added/updated
…C 2308) Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in commit Files changed:
How the apex SOA is sourced: |
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
@copilot Address latest comments
… image step Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in A — B — Removed the C — Skipped. The two healthy-A checks serve distinct named purposes ( |
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working inside the existing Pull Request for this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Inspect all current references to:
- dns_server_zone_updater_threated.py
- DnsServerZoneUpdaterThreated
- Inspect related docs/tests to understand current naming usage:
- docs/system-patterns.md
- docs/project-rules.md
- docs/table-of-contents.md
- README.md
- tests/
- Keep this PR tightly scoped to a small, low-risk naming cleanup only.
Task:
Perform a safe naming cleanup to replace the semantically incorrect “threated” naming with the correct “threaded” naming across code, docs, and tests.
Target rename:
- file:
- from
dns_server_zone_updater_threated.py - to
dns_server_zone_updater_threaded.py
- from
- class:
- from
DnsServerZoneUpdaterThreated - to
DnsServerZoneUpdaterThreaded
- from
Primary goal:
Remove the naming ambiguity while keeping behavior unchanged.
Requirements:
- Make this a pure naming refactor.
- Do not change runtime behavior.
- Do not redesign any threading logic.
- Update imports, references, tests, and documentation consistently.
- Ensure there are no stale references to the old name left in the repository.
Scope:
- production code
- tests
- documentation
- any workflow/config/script references if they exist
Low-risk refactor rules:
- Prefer the smallest coherent rename possible.
- Do not combine this with unrelated cleanup.
- Do not move functionality between modules.
- Do not change public behavior beyond the symbol/module name itself.
- If there is any compatibility concern for in-repo imports, update all call sites in the same PR rather than leaving aliases unless clearly necessary.
Reuse analysis requirement:
Before editing, inspect where the symbol/module is used and perform the rename consistently.
If there are any references outside the obvious source/test/docs locations, update them too.
Validation requirements:
- Run the smallest relevant search/check first to confirm all references.
- After the rename, verify there are no remaining repository references to:
DnsServerZoneUpdaterThreateddns_server_zone_updater_threated
- Run the smallest relevant test command(s) for touched areas first.
- Then run the broader relevant test set if practical.
- Report what you actually ran.
Docs impact:
- Update docs only where the old name appears.
- Keep wording/style unchanged except for the symbol/module rename.
At the end, provide a short PR-style summary with:
- files changed
- rename performed
- reference search/reuse analysis
- tests/checks run
- confirmation that no stale references remain
…Threaded Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in
Updated consistently across: production file, |
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working inside the existing Pull Request for this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Inspect the current CI-related documentation and workflow files:
- docs/project-rules.md
- README.md (only if it references CI behavior)
- .github/workflows/validate-tests.yml
- .github/workflows/test-py-code.yml
- .github/workflows/test-integration.yml
- .github/workflows/test-version.yml
- Keep this PR tightly scoped to documentation clarification only.
Task:
Clarify the documentation for the current validate tests CI model so it accurately reflects how the workflow behaves in GitHub Actions, without changing the workflow implementation.
Context:
The repository currently uses a workflow_run-based validation workflow that is triggered when any one of the required upstream workflows completes. Because of GitHub Actions limitations, this does not mean the validator runs only once after all required workflows complete. The documentation should explain the real behavior more precisely while preserving the simple high-level intent.
Required outcome:
Update the docs so they clearly communicate all of the following:
validate testsis part of the CI gate for releases / merge confidence.- It depends logically on the outcomes of:
test python codetest integrationtest version
- Its GitHub Actions trigger model is:
- it may run after any one of those workflows completes
- it may therefore run before the others have finished
- early runs are expected and are not by themselves the final picture
- The meaningful result is the run that occurs after all required workflows for the same commit/SHA have completed.
- This behavior is an implementation detail of the current GitHub Actions model, not a change in the intended CI policy.
Documentation guidance:
- Preserve the current simple mental model where possible.
- Add just enough precision to avoid misleading readers.
- Do not turn this into a long GitHub Actions tutorial.
- Prefer wording that is clear to contributors and reviewers.
Likely edit target:
- docs/project-rules.md
Optional:
- Update README.md only if it currently describes this CI behavior and would otherwise remain misleading.
- Do not edit docs that do not discuss CI workflow semantics.
Do not:
- change workflow YAML
- redesign CI
- broaden this into unrelated documentation cleanup
Suggested wording direction:
- keep the statement that
validate testschecks the combined CI gate - clarify that, due to GitHub Actions
workflow_runbehavior, it may execute multiple times for the same commit as upstream workflows finish - clarify that only the final run after all prerequisite workflows complete represents the full gate result
Reuse analysis requirement:
Before editing, inspect the existing wording style in docs/project-rules.md and keep the documentation consistent with that style.
QA:
- Verify that the updated wording matches the current workflow files.
- Report exactly which docs were changed.
At the end, provide a short PR-style summary with:
- files changed
- what wording was clarified
- confirmation that workflow implementation was not changed
- QA performed
Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in In
|
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working inside the existing Pull Request for this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Inspect the current references to:
- docs/manual-validation.md
- scripts/validate-level1.sh
- Inspect the surrounding docs/index/navigation files, especially:
- README.md
- docs/table-of-contents.md
- docs/project-rules.md
- docs/RFC-conformance.md
- Keep this PR tightly scoped to removing the manual-validation artifacts cleanly.
Task:
Remove the manual validation artifacts because the repository now has sufficient automated validation through unit tests, Python integration tests, Docker end-to-end integration tests, and CI workflows.
Artifacts to remove:
- docs/manual-validation.md
- scripts/validate-level1.sh
Requirements:
- Remove those files cleanly.
- Remove or update every repository reference to them.
- Keep documentation internally consistent after their removal.
- Do not replace them with a new manual-validation mechanism in this PR.
- Do not touch production code.
- Do not broaden this into unrelated docs cleanup.
Documentation updates:
- Update any docs indexes/tables/navigation that reference docs/manual-validation.md.
- Update any docs that describe the validation approach so they no longer mention the removed manual-validation artifacts.
- Preserve the current overall validation/testing story:
- unit tests
- Python integration/component tests
- Docker end-to-end integration tests
- CI workflows
Guidance:
- If a document currently mentions manual validation as optional/supporting material, remove that mention unless it is still needed in a more general form.
- Prefer the smallest coherent cleanup that leaves the repo with one clear validation story: automated tests and CI.
Reuse analysis requirement:
Before editing, search the repo for all references to:
- manual-validation
- validate-level1.sh
- docs/manual-validation.md
Update or remove all matches as appropriate.
QA:
- Verify there are no remaining references to the removed files.
- Report what you actually checked.
At the end, provide a short PR-style summary with:
- files removed
- files updated
- references cleaned up
- confirmation that the repo now relies on automated validation only
- QA performed
…nd scripts/validate-level1.sh) Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in
No references to either artifact remain in the repository. The validation story in the docs is now entirely automated: unit tests, Python component integration tests, Docker end-to-end integration tests, and CI workflows. |
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working inside the existing Pull Request for this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Read these documents as the primary references for this task:
- docs/RFC-conformance.md
- docs/project-rules.md
- docs/table-of-contents.md
- README.md
- Inspect the current implementation and automated validation artifacts as needed to verify present project status:
- source files under indisoluble/a_healthy_dns/
- tests/indisoluble/a_healthy_dns/
- tests/integration/
- .github/workflows/test-py-code.yml
- .github/workflows/test-integration.yml
- .github/workflows/validate-tests.yml
- Keep this PR tightly scoped to refreshing docs/RFC-conformance.md so it reflects the current implemented state of the project.
Task:
Review and rewrite docs/RFC-conformance.md so it reflects the project’s current status as implemented today, rather than a transition-state document describing what still had to be done.
Primary goal:
Turn docs/RFC-conformance.md into a current-state conformance/reference document for the project’s minimum RFC-aligned Level 1 authoritative UDP subset.
Important constraints:
- Do not expand project scope.
- Do not claim full DNS conformance.
- Keep the document aligned with the project’s actual implemented behavior and current automated tests.
- Do not modify production code in this task.
- Do not broaden this into unrelated documentation cleanup.
Required outcomes:
A. Remove obsolete “work still to do” framing
- Eliminate outdated wording, strike-throughs, or roadmap-style phrasing that no longer reflects current status.
- The document should no longer read as a gap tracker for already-completed items.
- Rewrite it as a present-state reference document.
B. Preserve and improve the current explanatory structure
Keep the document useful for:
- implementation/reference purposes
- technically literate readers who are not DNS specialists
Preserve the current high-level structure unless a small adjustment clearly improves clarity:
- General purpose and scope
- Minimum RFCs required to fully meet the described scope
- Current coverage of each RFC
- For each RFC, required changes to fully cover it
However, reinterpret section 4 based on current reality:
- if Level 1 coverage is now effectively complete for the selected minimum RFC set, section 4 should say so clearly
- section 4 should focus on:
- any remaining limitations outside Level 1 scope
- any broader/full-DNS work not required for this project’s current target
- any known implementation constraints that are intentional project scope limits
- do not invent missing work if the repo now satisfies the documented Level 1 target
C. Reassess the selected RFC set against current implementation
- Re-check whether the current “minimum RFC” set is still the right one for the project’s implemented Level 1 scope.
- Keep the set minimal and justified.
- If the current selected RFCs are still correct, keep them.
- If any RFC is no longer needed or another clearly should be included, adjust carefully and explain through the document itself.
- Continue using:
- RFC numbers
- RFC section numbers
- rfc-editor.org links
D. Update section 3 so it reflects current implementation truthfully
For each selected RFC:
- describe what is now implemented
- describe any parts intentionally out of scope
- describe any parts only relevant for broader DNS conformance rather than this project’s current Level 1 target
- avoid stale “not implemented” or “gap” language where the repo already satisfies the requirement
- avoid speculation; if something cannot be confidently established from repo evidence, mark it explicitly as uncertain, though the expectation is that most previous uncertainties should now be resolved by code/tests/CI
E. Update section 4 to match the current status
Section 4 should no longer be a list of already-completed tasks.
Preferred direction:
- For each RFC, state one of:
- no additional changes required for the current Level 1 scope
- no additional Level 1 changes required; broader changes would only be needed for wider/full DNS conformance
- if any genuine remaining Level 1 gap still exists, document it explicitly and narrowly
- Separate clearly:
- Level 1 minimum-scope conformance status
- broader-than-Level-1 future work
F. Keep terminology and policy aligned with the repo as it exists now
Ensure docs/RFC-conformance.md remains consistent with:
- actual code behavior
- current test suite
- current CI workflows
- docs/project-rules.md terminology about unit/component/end-to-end tests
Specific examples to verify against implementation/tests:
- out-of-zone queries
- in-zone NXDOMAIN
- existing owner / absent type
- apex SOA in negative responses
- QDCOUNT handling
- QCLASS handling
- unsupported opcode handling
- positive A/SOA/NS queries
- health-driven DNS state transitions as they relate to the project’s defined scope
Writing requirements:
- Keep the document explanatory and readable.
- Assume the reader is technical but not a DNS specialist.
- Keep brief reader-friendly explanations for DNS terms where useful.
- Prefer precise present-tense wording.
- Avoid roadmap language for already-completed work.
- Use tables where they improve readability, especially in sections 2 and 3.
Scope control:
- Default expectation: only docs/RFC-conformance.md changes.
- Update docs/table-of-contents.md or README.md only if strictly needed due to title/description changes, otherwise do not touch them.
- Do not modify tests/workflows/code in this task.
Reuse analysis requirement:
Before editing, inspect the current document structure and reuse as much of the good explanatory structure as possible.
This is a refresh/rewrite for correctness and current status, not a brand-new document unless that is clearly the cleanest minimal path.
QA:
- Cross-check the revised document against the current code/tests/workflows as far as needed to avoid stale claims.
- Report what you actually checked.
At the end, provide a short PR-style summary with:
- files changed
- whether the minimum RFC set changed or stayed the same
- main documentation updates made
- whether any real remaining Level 1 gaps were found
- QA performed
Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in
|
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working inside the existing Pull Request for this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Inspect these files as the primary references for this task:
- AGENTS.md
- docs/table-of-contents.md
- docs/RFC-conformance.md
- README.md
- Keep this PR tightly scoped to clarifying and aligning the project’s required-reading signals.
Task:
Update the repository documentation so the required-reading path is explicit and aligned with AGENTS.md, including promoting docs/RFC-conformance.md into the formal required/core reading set if justified by the current project state.
Context:
AGENTS.md says that if a new or refactored doc is expected to influence future implementation decisions, it should be added to the Minimum Reading Set / Core Docs section in docs/table-of-contents.md.
docs/RFC-conformance.md now defines the project’s implemented Level 1 authoritative UDP DNS conformance target and is clearly relevant to future implementation and validation work.
Required outcomes:
A. Review whether docs/RFC-conformance.md should be part of the formal required/core reading set
- Use AGENTS.md as the governing rule.
- Evaluate the current role of docs/RFC-conformance.md in the repo.
- If justified, add docs/RFC-conformance.md to the “Minimum Reading Set” in docs/table-of-contents.md.
- Keep the minimum reading set concise, but ensure it includes all docs that clearly influence future implementation decisions.
B. Ensure required-reading signals are consistent across docs
- Make docs/table-of-contents.md clearly reflect the required/core reading set.
- Review README.md and update wording only if needed so it does not conflict with the table-of-contents reading model.
- Do not add unnecessary new sections if a small wording adjustment is enough.
C. Refresh stale wording about docs/RFC-conformance.md if needed
- README.md currently lists docs/RFC-conformance.md in the Documentation table.
- If its description still sounds transitional or outdated relative to the document’s current role, update that description so it matches the doc’s current-state purpose.
- Keep wording concise and consistent with the existing README style.
Important constraints:
- Keep this a documentation-only cleanup.
- Do not modify production code, tests, or workflows.
- Do not broaden this into unrelated documentation cleanup.
- Reuse the current structure and wording style as much as possible.
Guidance:
- The goal is not to maximize the number of required docs.
- The goal is to make the required-reading path explicit, accurate, and aligned with AGENTS.md.
- If you decide docs/RFC-conformance.md belongs in the Minimum Reading Set, make that change clearly and minimally.
- If there are any other docs that now clearly belong in the Minimum Reading Set, only include them if the case is strong and obvious from current repo usage.
Reuse analysis requirement:
Before editing, inspect the current required-reading signals in:
- AGENTS.md
- docs/table-of-contents.md
- README.md
Then make the smallest coherent documentation change set.
QA:
- Verify that the final required-reading story is internally consistent across AGENTS.md, docs/table-of-contents.md, and README.md.
- Report exactly which docs were changed.
At the end, provide a short PR-style summary with:
- Docs consulted
- Reuse analysis
- files changed
- whether docs/RFC-conformance.md was added to the Minimum Reading Set
- any README wording adjustment made
- confirmation that the required-reading path is now aligned with AGENTS.md
- QA performed
…DME description Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in A — B/C — |
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working inside the existing Pull Request for this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Read these docs as the primary references for this task:
- docs/RFC-conformance.md
- docs/project-rules.md
- docs/table-of-contents.md
- Inspect the current malformed-wire handling path and related tests/workflows:
- indisoluble/a_healthy_dns/dns_server_udp_handler.py
- tests/indisoluble/a_healthy_dns/test_dns_server_udp_handler.py
- tests/integration/test_dns_server_udp_integration.py
- .github/workflows/test-py-code.yml
- .github/workflows/test-integration.yml
- Keep this PR tightly scoped to closing the remaining malformed-wire / FORMERR conformance gap and updating docs/tests consistently.
Task:
Close the remaining Level 1 RFC-conformance gap for malformed DNS wire input by returning a minimal FORMERR response whenever the incoming UDP payload is malformed but still contains enough DNS header information to construct a reply.
Primary goal:
Improve malformed-wire handling so the server no longer silently drops parse-failing requests when a valid DNS header can still be recovered.
Required behavior:
- If the incoming UDP payload is malformed and dns.message.from_wire() fails, but the payload is still long enough to recover the DNS header safely:
- construct a minimal DNS response
- preserve the original transaction ID
- set QR=1
- set RCODE=FORMERR
- send the response back
- If the payload is too short or too malformed to recover even the DNS header safely:
- silently drop it
- Keep current behavior unchanged for:
- valid requests
- parseable-but-invalid requests already handled through normal response construction
- QDCOUNT handling
- QCLASS handling
- opcode handling
- negative responses and authority-section behavior
Important constraints:
- Make the smallest coherent implementation change.
- Do not redesign the handler architecture.
- Do not broaden this into unrelated protocol work.
- Keep the fallback response path narrow and defensive.
- Do not touch unrelated production code.
Implementation guidance:
- Inspect the exception path around dns.message.from_wire().
- Add a minimal fallback that manually reads the DNS header from raw bytes only when safe to do so.
- Do not rely on dnspython having produced a parsed Message object in this path.
- Preserve only what is appropriate for a minimal FORMERR reply.
- Avoid over-implementing behavior for malformed inputs beyond what is needed for this gap.
Testing requirements:
Update or add tests so the repo now clearly distinguishes between:
A. malformed input with recoverable DNS header
- expect a minimal FORMERR response
- verify at least:
- same transaction ID
- QR=1
- RCODE=FORMERR
B. malformed input too short to recover the header
- expect silent drop / no response
Use the existing test layering appropriately:
- unit/handler tests for precise malformed-wire edge cases
- Python integration tests only if there is already a clean way to exercise the recoverable malformed-wire path at that level without making the suite fragile
- do not broaden Docker E2E tests into malformed-wire coverage
Documentation requirements:
- Update docs/RFC-conformance.md so it reflects the new current-state truth after this fix.
- Remove or revise any wording that still describes malformed parse failures as a remaining Level 1 conformance gap.
- Keep the document aligned with actual implementation and test evidence.
- Update docs only where needed for correctness; do not do unrelated documentation cleanup.
Reuse analysis requirement:
Before editing, inspect:
- the current malformed-wire tests
- the current RFC-conformance wording
- the current integration-test scope
Then make the smallest coherent change set.
Scope control:
- Do not redesign test taxonomy.
- Do not add new workflows.
- Do not modify README or unrelated docs unless strictly necessary.
- Keep this PR focused on closing the malformed-wire FORMERR gap and synchronizing docs/tests.
QA:
- Run the smallest relevant unit tests first.
- Run the relevant integration tests if you added/changed any.
- Then run the broader relevant test set if practical.
- Report what you actually ran.
At the end, provide a short PR-style summary with:
- Docs consulted
- Reuse analysis
- files changed
- malformed-wire behavior implemented
- tests added/updated
- docs updated
- whether the remaining Level 1 malformed-wire gap is now closed
- QA run
…RFC 1035 §4.1.1) Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in Production ( Unit tests: split the old Integration tests: added
|
indisoluble
left a comment
indisoluble
left a comment
There was a problem hiding this comment.
You are working inside the existing Pull Request for this repository.
Before making changes:
- Read AGENTS.md and follow it.
- Inspect these docs carefully:
- README.md
- docs/table-of-contents.md
- docs/RFC-conformance.md
- Keep this PR tightly scoped to a final wording/alignment cleanup only.
Task:
Remove the last stale wording that still implies there is a remaining RFC-conformance gap, now that docs/RFC-conformance.md reflects current implemented Level 1 status.
Problem:
Some documentation strings still sound transitional and refer to a “remaining gap”, even though the RFC conformance document now states that the Level 1 behaviors are implemented and only broader-than-Level-1 limitations remain.
Required outcomes:
A. Update README.md
- Find the description for docs/RFC-conformance.md in the documentation table.
- Replace wording that implies “remaining gap” or unfinished Level 1 work.
- Use wording that matches the document’s current role as a current-state conformance/reference document.
B. Update docs/table-of-contents.md
- Find the entry for docs/RFC-conformance.md.
- Replace wording that implies a remaining conformance gap.
- Keep the description concise and aligned with the current doc purpose.
C. Update docs/RFC-conformance.md section-4 framing
- Review the section title and any nearby wording that still implies an unresolved Level 1 gap.
- Change it so section 4 reflects current reality:
- no remaining Level 1 gap
- only broader-than-Level-1 limitations, future extensions, or intentional scope limits
- Keep the section useful and explanatory.
Guidance:
- This is a wording cleanup only.
- Do not modify production code, tests, workflows, or unrelated docs.
- Reuse the existing style and structure.
- Make the smallest coherent change set.
Preferred wording direction:
- describe docs/RFC-conformance.md as covering:
- minimum RFC set
- current coverage/status
- broader-than-Level-1 limitations or future extensions
- avoid phrases like:
- remaining gap
- required changes still pending
when referring to current Level 1 status
Reuse analysis requirement:
Before editing, inspect how these three docs currently describe docs/RFC-conformance.md and make them mutually consistent.
QA:
- Verify that README.md, docs/table-of-contents.md, and docs/RFC-conformance.md now describe the RFC doc consistently.
- Report exactly which files were changed.
At the end, provide a short PR-style summary with:
- files changed
- wording updated
- confirmation that no remaining Level 1 gap is implied anymore
- QA performed
…1 scope limits" Co-authored-by: indisoluble <472832+indisoluble@users.noreply.github.com>
Done in
No "remaining gap" phrasing survives anywhere in the docs. |
Adds a new reference document covering the project's RFC conformance target for its scoped Level 1 authoritative UDP DNS implementation, implements all six documented conformance gaps (including malformed-wire FORMERR), restructures the integration-testing strategy into two clear layers, adds a wire-level component integration test suite wired into CI, aligns CI workflow references and README documentation, promotes
docs/RFC-conformance.mdto the Minimum Reading Set, and corrects a long-standing typo in the zone-updater class and module names.New file:
docs/RFC-conformance.mdFour sections as specified:
path/file.py:lineformat per AGENTS.md §6Production change 1: REFUSED for out-of-zone queries (RFC 1034 §6.2)
indisoluble/a_healthy_dns/dns_server_udp_handler.py— the branch that handles queries whose name falls outside all served zones now returnsRCODE=REFUSED(previously returnedNXDOMAIN). Answer and authority sections remain empty.Production change 2: Apex SOA in authority for NXDOMAIN and NODATA responses (RFC 2308 §3 and §2.1)
indisoluble/a_healthy_dns/dns_server_udp_handler.py— added_build_apex_soa_rrset(zone, txn)private helper that retrieves the apex SOA viatxn.get(dns.name.empty, dns.rdatatype.SOA), constructs adns.rrset.RRsetnamed withzone.origin, and returns it as the authority list. Called in both the NXDOMAIN branch (owner name absent) and the NODATA branch (owner exists, type absent). Thewith zone.reader() as txn:block was also refactored to usercode,authority, andanswerlocal variables with sensible defaults, eliminating early returns and applying all three toresponseat the end of the block.Production change 3: QDCOUNT validation — FORMERR for ≠ 1 question (RFC 2181 §5.1)
indisoluble/a_healthy_dns/dns_server_udp_handler.py— replaced the former truthyif query.question:check withif len(query.question) == 1:. Queries with zero questions or more than one question now both returnRCODE=FORMERR.Production change 4: QCLASS validation — REFUSED for non-IN queries (project decision)
indisoluble/a_healthy_dns/dns_server_udp_handler.py— after confirming QDCOUNT == 1, the handler now checksquestion.rdclass != dns.rdataclass.IN. Non-IN queries returnRCODE=REFUSEDwith empty answer and authority sections.Production change 5: Opcode validation — NOTIMP for non-QUERY opcodes (RFC 1035 §4.1.1)
indisoluble/a_healthy_dns/dns_server_udp_handler.py— addedquery.opcode() != dns.opcode.QUERYcheck at the top of the validation chain (before QDCOUNT and QCLASS checks). Non-QUERY opcodes returnRCODE=NOTIMPwith empty answer and authority sections.Production change 6: Malformed-wire FORMERR — FORMERR when DNS header is recoverable (RFC 1035 §4.1.1)
indisoluble/a_healthy_dns/dns_server_udp_handler.py— theexceptbranch that previously silently dropped alldns.exception.FormError/ wire-parse failures now distinguishes two cases:QR=1, andRCODE=FORMERR, and sends it back to the client.This closes the last remaining Level 1 RFC-conformance gap. All Level 1 behaviours are now implemented.
Naming refactor:
DnsServerZoneUpdaterThreated→DnsServerZoneUpdaterThreadedPure rename — no behaviour change:
indisoluble/a_healthy_dns/dns_server_zone_updater_threated.py→indisoluble/a_healthy_dns/dns_server_zone_updater_threaded.pyDnsServerZoneUpdaterThreated→DnsServerZoneUpdaterThreadedmain.py), unit tests (test_dns_server_zone_updater_threaded.py, renamed fromtest_dns_server_zone_updater_threated.py), and documentation (docs/system-patterns.md) updated consistently. No stale references to the old name remain.Integration testing strategy — two explicit layers
The integration testing has been restructured into two clear, purpose-aligned layers:
Layer 1 — Python component integration tests
tests/indisoluble/a_healthy_dns/test_dns_server_udp_integration.py— component integration tests that start a realsocketserver.UDPServeron127.0.0.1:0backed by a realDnsServerZoneUpdaterzone, send actual UDP queries over raw sockets, and assert wire-level responses. The_integrationsuffix distinguishes these from unit tests.Covers:
These tests run automatically via
.github/workflows/test-py-code.ymlusing pytest discovery.Layer 2 — Docker end-to-end integration tests
.github/workflows/test-integration.yml(renamed fromtest-docker.yml) — validates the real packaged application including health-check-driven DNS state transitions.CI workflow alignment
.github/workflows/validate-tests.yml—workflow_runtrigger andWORKFLOWSvalidation array both use the exact lowercase names declared in each workflow file ("test integration","test python code","test version"), restoring reliable alignment between the actual CI workflows and the release gate..github/workflows/test-integration.yml— removed redundant post-build image-existence step.README.mddocs/RFC-conformance.mdto the documentation table with an updated description reflecting its current-state role.docs/table-of-contents.mdRFC-conformance.mdunder the Reference section.docs/RFC-conformance.mdto the Minimum Reading Set per AGENTS.md §8.3, as it defines the Level 1 conformance target and influences future implementation decisions.docs/project-rules.md_integrationnaming convention.validate teststrigger model.docs/RFC-conformance.md(current state)The document is now a fully current-state reference document with no remaining Level 1 gaps. Section 4 lists only out-of-scope items (TCP transport, EDNS0, DNSSEC, zone transfer, dynamic update).
Tests added / updated
test_update_response_with_absolute_name_outside_zone_origins— updated to assertREFUSED, empty authority and additional sections, and Level 1 response header fieldstest_update_response_domain_not_found— updated to assertNXDOMAIN, exactly one apex SOA in authority, empty answer and additional sections, and Level 1 response header fieldstest_update_response_record_type_not_found— updated to assertNOERROR, empty answer, exactly one apex SOA in authority, and empty additional sectiontest_update_response_with_relative_name_found/test_update_response_with_absolute_name_found— extended to assert empty authority and additional sections for positive A responsestest_handle_query_with_invalid_question_count_returns_formerr— parametrized test covering zero-question and two-question wire messagestest_handle_query_with_non_in_class_returns_refused— new test for CH-class queriestest_handle_query_with_unsupported_opcode_returns_notimp— new parametrized test covering STATUS and NOTIFY opcodestest_handle_malformed_wire_input_drops_silently— updated: now covers only payloads < 12 bytes (truly unrecoverable); confirms no response is senttest_handle_malformed_wire_with_recoverable_header_returns_formerr— new parametrized test: payloads ≥ 12 bytes that fail DNS parse; assertsFORMERR, ID preserved,QR=1,RA=0,TC=0tests/indisoluble/a_healthy_dns/test_dns_server_udp_integration.py— extended withTestMalformedWireInputclass covering FORMERR on recoverable-header malformed wire and silent-drop on < 12-byte payload, tested end-to-end over real UDPtests/indisoluble/a_healthy_dns/test_dns_server_zone_updater_threaded.py— renamed fromtest_dns_server_zone_updater_threated.py; all test references updated toDnsServerZoneUpdaterThreadedOriginal prompt
You are working in a new Pull Request on this repository.
Before making changes:
Task:
Create a new document at:
Primary objective:
Write an RFC conformance document that is useful for both:
This document must explain the project’s current conformance target for its limited authoritative UDP DNS scope. It must not read like a terse internal checklist only.
Important scope rules:
Use this Level 1 target behavior as the basis for the document:
The document must use exactly this top-level structure:
Detailed requirements by section:
Section 1 — General purpose and scope
Section 2 — Minimum RFCs required to fully meet the described scope
Section 3 — Current coverage of each RFC
Section 4 — For each RFC, required changes to fully cover it
RFC citation rules:
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.