interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,457 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

432 Commits

Author SHA1 Message Date
Willem Toorop cefeed2b47 PRIsz usage like PRIu64 etc. 2017-09-27 13:15:12 +02:00
Willem Toorop 114b5785f7 Doxygen documentation for Zero configuration DNSSEC 
+ rename of getdns_context_(get|set)_trust_anchor_*()
         to getdns_context_(get|set)_trust_anchors_*()
 2017-09-22 12:25:56 +02:00
Willem Toorop a3bfee7d0a Issues from unit tests 2017-09-22 11:12:27 +02:00
Willem Toorop da2aa634d3 Make appdata_dir configurable + 
settings via getdns_context_config()
 2017-09-21 17:06:29 +02:00
Willem Toorop 1b47ce4d10 Slightly different function prototypes 2017-09-21 12:38:49 +02:00
Willem Toorop 712f62a4c1 Things that came out of compiling on Windows 2017-09-21 11:03:38 +02:00
Willem Toorop 7c229c40cd Merge branch 'features/zeroconf-dnssec' into release/v1.2.0 2017-09-20 15:45:27 +02:00
Willem Toorop e6536bb2ef Typo 2017-09-20 15:18:43 +02:00
Willem Toorop 34d35f9e79 Track updating TA's with root DNSKEY rrset 2017-09-20 10:30:13 +02:00
Willem Toorop 463855d274 Writability test for application data 2017-09-16 18:16:21 +02:00
Willem Toorop 6d29f7fb65 Fix issues accumulated when tpkg didn't work 2017-09-14 15:14:00 +02:00
Willem Toorop 8c4ed6294e Merge branch 'develop' into features/zeroconf-dnssec 2017-09-14 12:27:47 +02:00
Willem Toorop f31eb517e0 Lazy TA and time checking 2017-09-14 11:47:02 +02:00
Jim Hague 80b2eacc26 Merge branch 'develop' into features/yaml 2017-09-13 16:55:11 +00:00
Sara Dickinson f0190e4f03 Add 2 missing parameters from the config output 2017-09-13 13:02:01 +01:00
Willem Toorop 8f3ce9af35 Configurable zero configuration DNSSEC parameters 2017-09-13 14:00:54 +02:00
Sara Dickinson b760a2ced2 Refine the logging levels to match the errors given when backing off, etc. 2017-09-12 15:01:02 +01:00
Sara Dickinson 729af1d159 Allow backed-off upstreams to be re-instated if all our upstreams are unusable (e.g. if the network is down). 
But limit re-tries for a given netreq to the total number of upstreams before failing. This should (roughly) allow 2 retries per upstream of the correct transport before bailing out. Otherwise we are stuck in a loop retrying forever!
 2017-09-12 13:47:56 +01:00
Willem Toorop 8aa46b305d Merge branch 'develop' into features/zeroconf-dnssec 2017-09-11 11:09:58 +02:00
Sara Dickinson 42945cfc08 Make the backoff time incrementally increase until the upstream starts working again 2017-09-08 17:28:37 +01:00
Sara Dickinson 2e4e3873e4 First pass at fixing problems when connections to servers are lost. 
Need to reset connection state if connections fail at setup and on read/write if there are no more messages queued.
This means we will back-off servers that fail, so we should think about using a shorter backoff default in stubby
because otherwise temporarily loss of the network connection will mean having to restart stubby.
Also some minor changes to logging.
 2017-09-06 11:05:08 +01:00
Willem Toorop c6d40d9adc Merge branch 'develop' into features/zeroconf-dnssec 2017-09-04 16:43:37 +02:00
Willem Toorop 21f538f60c Forgot ; 2017-09-01 17:00:34 +02:00
Willem Toorop bf23968226 Final for loop initializations elimination 2017-09-01 16:50:31 +02:00
Willem Toorop 11138ff678 Also register application set trust anchors 2017-07-01 01:00:40 +02:00
Willem Toorop 59ff5e8178 0 terminate xml files 2017-07-01 00:45:09 +02:00
Willem Toorop 2b20f35e0e Write fetched trust anchor 2017-07-01 00:05:20 +02:00
Willem Toorop 4a5f03ebbe Anticipate surplus reads 2017-06-30 21:14:02 +02:00
Willem Toorop 3e6c5775ff Fetch and equip context with trust-anchors 2017-06-30 10:18:07 +02:00
Willem Toorop 742588dd6f Merge branch 'develop' into hackathon/zeroconf-dnssec 2017-06-29 11:09:30 +02:00
Willem Toorop 91ccbcd7df Typo? 2017-06-28 21:45:54 +02:00
Willem Toorop 264135e799 Reintroduct timestamps and replace GETDNS_DAEMON: with STUBBY: 2017-06-28 21:09:40 +02:00
Willem Toorop 8235250fb6 Rename SYSTEM_DAEMON in LOG_UPSTREAM_STATS 2017-06-28 20:57:53 +02:00
Willem Toorop fb267938c3 Start with fetching root-anchors remotely 
Also lays the foundation for looking up upstreams by name and DANE authentication of upstreams.
 2017-06-28 20:35:30 +02:00
Sara Dickinson 55acf6662c Fix for outputting the address string in the DAEMON log 2017-06-28 17:58:38 +01:00
Willem Toorop 04e554086a A configurable log function 
Currently used only for DAEMON_DEBUG
 2017-06-27 00:23:22 +02:00
Willem Toorop 7ea3beaa6a Equip context with xml read trust anchors 2017-06-22 12:27:20 +02:00
Willem Toorop e496d13777 Start with getting files from user area 2017-06-20 15:38:32 +02:00
Willem Toorop b0af051809 Initialize in correct order 2017-06-20 12:20:11 +02:00
Willem Toorop 67d787d74a Merge branch 'develop' into hackathon/zeroconf-dnssec 2017-05-12 15:39:02 +02:00
Willem Toorop d5dcdac58c Validate tls_auth_name 
Deals with issue #270
 2017-04-13 11:19:22 +02:00
Hoda Rohani 6c4af3af93 unintiallized array 2017-04-13 09:44:08 +02:00
Willem Toorop 0da79ae77a Fix to compile with libressl. Thanks phicoh. 2017-04-12 23:05:17 +02:00
Willem Toorop c9b3e3cf7b Allow cleanup of naked idle timeouts 2017-04-06 20:50:34 +02:00
Willem Toorop 2d011e3d19 Merge branch 'features/unset_max_udp_payload_sz' into release/1.1.0 2017-04-06 19:40:35 +02:00
Willem Toorop e08d3592a0 Schedule timeout when collecting for dnssec chain 2017-04-06 11:20:08 +02:00
Willem Toorop f8c7d8b5d5 Network request submission and callback reporting 2017-04-05 22:43:27 +02:00
Willem Toorop 67baa1d651 getdns_context_unset_edns_maximum_udp_payload_size 2017-04-05 12:37:48 +02:00
Willem Toorop edecca8b63 smime verification of root-anchors.xml in ~/.getdns 2017-03-27 09:21:29 -05:00
Daniel Kahn Gillmor 9de4d6537b Implement sensible default padding policy. 
This commit changes the semantics of tls_query_padding_blocksize()
slightly.  Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
 2017-03-26 14:37:28 -05:00