Willem Toorop
390e383a1a
ED25519 & ED448 DNSSEC validation support
2018-12-03 14:33:21 +01:00
Willem Toorop
6d066f95f9
Merge branch 'features/trust_anchors_backoff_time' into develop
2018-12-03 12:51:00 +01:00
Willem Toorop
4b688443f4
Sync with unbound
2018-12-03 12:50:37 +01:00
Willem Toorop
a1692359f3
RFE #408 : Retry fetching of TA after backoff time
2018-12-03 12:27:31 +01:00
Willem Toorop
1e7da76901
Bugfix getdnsapi/stubby#140 fallback on getentropy failure
2018-11-30 14:50:06 +01:00
Willem Toorop
c1f51815ba
RFE #408 : "dnssec" extension requiring DNSSEC
...
When this extension is set, GETDNS_DNSSEC_INDETERMINATE status will no
longer be returned.
2018-11-30 14:20:12 +01:00
Willem Toorop
e3b007a43a
Issue #410 : Document ownership with getdns_context_get_api_information()
...
+ const for extensions and namespaces
TODO: Look at other cases that are not const for no good reason.
Thanks Stefan Bühler
2018-11-27 16:59:47 +01:00
Willem Toorop
2d76a5fd52
We had complaints for serving the root, so..
...
TCP only full recursion test now starting from K-root
(because other roots are unreliable TCP-wise)
2018-11-22 12:16:19 +01:00
Willem Toorop
b90ba236ae
tls_ciphersuites, tls_cipher_list, tls_curve_list,
...
tls_min_version & tls_max_version settings must cause
failure when not supported by the TLS library. Not during
configure time, but during connection setup so it doesn't
hamper alternative transports.
2018-11-22 11:37:28 +01:00
Willem Toorop
6b10570842
DNSSEC bugfix found with static analysis
...
* Fix for DNSSEC bug in finding most specific key when
trust anchor proves non-existance of one of the labels
along the authentication chain other than the non-
existance of a DS record on a zonecut.
2018-11-22 10:21:48 +01:00
Willem Toorop
4ff9816e39
google now supports DoT
2018-11-21 17:00:03 +01:00
Willem Toorop
73868643d2
Fix compile warnings
2018-11-21 16:07:47 +01:00
Willem Toorop
1904ee7318
Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130
...
Configurable TLS version
2018-11-21 15:02:28 +01:00
Willem Toorop
6a5e96d4e1
tls_ciphersuites + bugfix in strdup2!!
2018-11-20 16:13:57 +01:00
Willem Toorop
12589d85c2
Wild guess at OpenSSL without engine support
2018-06-12 17:00:45 +02:00
Willem Toorop
9b4e8e9e91
X509_get_notAfter not in OpenSSL 1.1.1 anymore
2018-06-12 16:37:46 +02:00
Willem Toorop
884f6ddc5e
DS is always a delegation and never at the apex
2018-06-10 16:57:40 +02:00
Willem Toorop
25231aa686
Fix finding signer of NSEC and NSEC3s
...
Thanks Philip Homburg
2018-06-08 21:39:59 +02:00
Willem Toorop
000fa94ae2
Sync ldns & utils with unbound
2018-05-22 12:44:13 +02:00
Willem Toorop
799bd2f6b1
Bugfix #399 : Reinclude <linux/sysctl.h> in getentropy_linux.c
2018-05-15 08:11:55 +02:00
Willem Toorop
e481273ff4
Last minute update
2018-05-11 13:20:08 +02:00
wtoorop
0510fb00d3
Merge pull request #397 from ehmry/tcp_sendto
...
No TCP sendto without TCP_FASTOPEN
2018-05-11 12:04:49 +01:00
wtoorop
7fe45a7012
Merge pull request #396 from saradickinson/bugfix/windows_certs
...
Temporary fix for https://github.com/getdnsapi/stubby/issues/87 . Dete…
2018-05-11 11:51:33 +01:00
Willem Toorop
6c99e7b8a6
Bugfix getdnsapi/stubby#106 : Core dump when ...
...
printing certain configuration. Thanks Han Vinke
2018-05-11 11:28:52 +02:00
Willem Toorop
98b1ff624a
Memory loss with empty string bindata's
2018-05-11 11:23:19 +02:00
Emery Hemingway
a6ec2b2449
No TCP sendto without TCP_FASTOPEN
2018-05-08 14:58:17 +02:00
Willem Toorop
7331717990
Fix for Fallback to current (working) directory (for appdata_dir).
2018-05-04 15:30:27 +02:00
Willem Toorop
99bfe4a287
Fallback to current (working) directory (for appdata_dir).
...
To improve integration with system and service managers like systemd
See also getdnsapi/stubby#106
2018-05-04 10:40:49 +02:00
Willem Toorop
3c355d425b
Warnings are errors :(
2018-05-03 12:15:48 +02:00
Willem Toorop
101d602739
Travis output showed it was a bracket issue
2018-05-03 11:48:07 +02:00
Willem Toorop
de7f007bf3
Without dl_iterate_phdr for now...
2018-05-03 11:40:44 +02:00
Willem Toorop
f5c588c955
Need _GNU_SOURCE before config.h
2018-05-03 11:30:28 +02:00
Willem Toorop
f0f101511b
_GNU_SOURCE needed for struct dl_phdr_info from link.h
2018-05-03 11:21:11 +02:00
Willem Toorop
4f050facc3
Bugfix #394 : Update src/compat/getentropy_linux.c
...
in order to handle ENOSYS (not implemented) fallback.
Thanks Brent Blood
2018-05-02 14:32:12 +02:00
Willem Toorop
9c01968048
DS and DNSKEY lookups for tld and sld immediately
...
Resolves issue getdnsapi/stubby#99
2018-05-01 17:07:16 +02:00
Willem Toorop
7fecf5a93d
Allow NSEC spans starting from (unexpanded) wildcards
2018-05-01 13:19:24 +02:00
Willem Toorop
a834d32718
Fix negative reversed IPv4 test
...
which assumes 1.1.1.1.in-addr.arpa does not exist
2018-04-23 14:05:02 +02:00
Willem Toorop
1b5b0ca799
Force trailing '\0' with string config settings
...
Because even though it is added when parsing from JSON, it will be lost when the bindata is copied into a dict with getdns_dict_set_bindata.
2018-04-23 15:11:20 +02:00
saradickinson
ced112ca74
Temporary fix for https://github.com/getdnsapi/stubby/issues/87 . Detect and ignore duplicate certs in the root store.
2018-04-05 18:35:07 +01:00
Willem Toorop
7548b095bc
Doxygen fixes
2018-03-05 16:12:49 +01:00
Willem Toorop
8a2fc5f5a9
max_udp_backoff should not be public
...
At least, not with this point release
2018-03-05 12:42:27 +01:00
Robert Groenenberg
eec6ec29dd
[UDP] try upstreams in round-robin fashion when all yupstreams have failed
2018-03-05 12:03:20 +01:00
Robert Groenenberg
f787c87137
Reset back_off on successful query
2018-03-05 12:02:01 +01:00
Robert Groenenberg
a0fb2c8424
Limit back_off value to avoid very long retry interval
2018-03-05 12:01:52 +01:00
Willem Toorop
fd5e0cdc02
Merge branch 'bugfix/388-endless-fallback-loop' into release/1.4.1
2018-03-05 11:52:36 +01:00
Willem Toorop
e93b583a26
Merge branch 'devel/dnssec_issues' into release/1.4.1
2018-03-05 11:41:55 +01:00
Willem Toorop
0ff1839a6f
Upstream reset on searchpath retry
2018-03-02 23:31:33 +01:00
Willem Toorop
b178f94505
Don't retry an already tried upstream
2018-03-02 15:56:00 +01:00
Willem Toorop
e29cfb6b6a
Query for DS i.s.o. SOA to find zonecuts
...
Because of broken setups that have zonecuts without SOA:
```
$ drill -T www.gslb.kpn.com A
. 518400 IN NS i.root-servers.net.
com. 172800 IN NS a.gtld-servers.net.
kpn.com. 172800 IN NS ns1.kpn.net.
kpn.com. 172800 IN NS ns2.kpn.net.
gslb.kpn.com. 3600 IN NS gss1.kpn.com.
gslb.kpn.com. 3600 IN NS gss2.kpn.com.
www.gslb.kpn.com. 10 IN A 145.7.170.135
```
but
```
$ drill gslb.kpn.com SOA
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 48303
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; gslb.kpn.com. IN SOA
;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 8 msec
;; SERVER: 185.49.140.100
;; WHEN: Fri Mar 2 14:13:21 2018
;; MSG SIZE rcvd: 30
```
2018-03-02 14:14:28 +01:00
Willem Toorop
abc69f96fe
Follow unsigned SOA's as insecure zonecut indication
...
Should resolve issue #385
2018-03-02 11:15:45 +01:00