Willem Toorop
4987a27264
Pretty print TLDs
2015-07-10 00:04:14 +02:00
Willem Toorop
2dab8dd4d6
Fix handling of non specific trust anchors and ...
...
unsported DS digest types
2015-07-09 23:11:56 +02:00
Willem Toorop
254699ad8b
Constants must be in searchable order
2015-07-09 23:11:28 +02:00
Willem Toorop
cacd8951ff
getdns_query -k to test for root trust anchor
...
has exit status 0 on success, 1 otherwise.
2015-07-09 23:10:22 +02:00
Willem Toorop
70857ccc74
Proper handling of system stub query timeouts
2015-07-09 23:09:39 +02:00
Willem Toorop
4135f633ac
Fix invalid memory reads
2015-07-09 15:40:00 +02:00
Willem Toorop
d9fca20f18
Update consts, symbols and dependencies
2015-07-09 14:40:13 +02:00
Willem Toorop
bb20de43bd
Update EDNS0 COOKIE option code
2015-07-09 14:30:11 +02:00
Willem Toorop
c30f64497e
Update ChangeLog
2015-07-09 14:27:22 +02:00
Willem Toorop
423fbdf546
Prepare for 0.3.0 release
2015-07-09 14:05:45 +02:00
Willem Toorop
cea8ae4d11
[API 0.602] getdns_context_set_dns_transport_list
...
And the getdns_context_set_idle_timeout() functions.
2015-07-09 14:00:26 +02:00
Willem Toorop
ec476a9129
getdns_root_trust_anchor up in getdns.h.in
...
So it is on the same spot as where it is in the original specification.
This to ease comparing getdns.h with the API's getdns_code_only.h
2015-07-09 10:37:02 +02:00
Willem Toorop
098e0f19c4
Don't skip points zone cuts with trusted keys
...
A new keyset must be authenticated at every zone cut.
A keyset from an ancecter of the immediate zone may never be used
to authenticate RRsets within a zone.
(Review from Wouter)
2015-07-09 08:15:38 +02:00
Willem Toorop
d87d951874
set ds_signer only when actually signed
2015-07-08 17:15:27 +02:00
Willem Toorop
d4849dc0ba
Fix read of uninitialized memory
...
Not a dangerous one though, but still...
2015-07-08 15:36:39 +02:00
Willem Toorop
e8030b34d2
query_len not used
2015-07-08 15:05:40 +02:00
Willem Toorop
201b6af9a2
clang compiler warnings + 1 bug!
...
Bug is countring insecure answers in util-internal.c
found by clang warning reporting
2015-07-08 13:07:24 +02:00
Willem Toorop
2918c8b472
DSes with best digest + INSECURE on unsupportd alg
...
Adaptations to function ds_authenticates_keys.
With multiple DSes, only the ones with the highest (supported)
digest type will be used to authenticate DNSKEYs.
NO_SUPPORTED_ALGORITHMS will be returned if there were
DSes for a key in the DNSKEY set, but none of them has a supported
digest or algorithm. This leads to dnssec_status INSECURE.
2015-07-08 12:21:04 +02:00
Willem Toorop
a5bacfefcf
memory leak fixes
2015-07-08 11:07:44 +02:00
Willem Toorop
51a04f8f6c
RSAMD5 is deprecated
2015-07-08 00:18:19 +02:00
Willem Toorop
3b45255d1e
Try only closest trust anchors
2015-07-08 00:10:10 +02:00
Willem Toorop
e48b0c7fd7
INSECURE when NSEC3 iteration count too high
...
Fix from Wouter's review
2015-07-07 22:33:53 +02:00
Willem Toorop
4b53d70199
Review from Wouter minor issues
2015-07-07 14:52:32 +02:00
Willem Toorop
e571883811
Fix test for NODATA address_sync lookup
...
hampster.com no longer suitable anymore.
2015-07-07 11:46:52 +02:00
Willem Toorop
83425f959e
Review comments from Wouter
...
Thanks!
2015-07-07 11:15:38 +02:00
Willem Toorop
43980e9020
[API 0.601] CSYNC RR type
2015-07-06 14:14:46 +02:00
Willem Toorop
af23930725
CSYNC rr type
2015-07-06 12:45:08 +02:00
Willem Toorop
55444d07a2
Documentation in comments as a review guideline
2015-07-06 11:57:16 +02:00
Willem Toorop
70edb60f09
Some comment about google public dns
2015-07-04 13:14:16 +02:00
Willem Toorop
0e977ee4fb
rearrangements for documentational reasons
...
+ a fix for opt_out bug
2015-07-04 13:01:16 +02:00
Willem Toorop
7e3fbe547a
Check NSEC3 CE to be without delegations
...
(no DNAME, no NS or, if NS then also SOA)
2015-07-04 10:53:31 +02:00
Willem Toorop
f59b32414c
Three NSEC3 related things:
...
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
2015-07-04 10:23:02 +02:00
Willem Toorop
99f0026961
Allow remaining data RDF to be zero size
...
Usefull for NSECs on empty non terminals!
2015-07-04 08:09:50 +02:00
Willem Toorop
682f10b271
NSEC3s on empty non terminals
...
bitmap might even not be present.
2015-07-04 00:08:03 +02:00
Willem Toorop
2c09ff2541
Deal with synthesized CNAMEs from DNAMEs
2015-07-03 23:44:15 +02:00
Willem Toorop
4d4f235f76
NSEC handling complete
2015-07-03 22:50:29 +02:00
Willem Toorop
a66232153a
Some more NSEC conditional checks
...
(from studying unbound code)
2015-07-03 00:44:53 +02:00
Willem Toorop
af49184fd5
A single RRSIG per RRSET in validation_chain
2015-07-02 17:30:37 +02:00
Willem Toorop
d47c533b64
getdns_validate_dnssec validate replies in turn
2015-07-02 15:31:31 +02:00
Willem Toorop
ae580575d0
Only validate NOERROR & NXDOMAIN
2015-07-02 12:59:28 +02:00
Willem Toorop
e3fe89c802
Turn on specific debugging with configure options
2015-07-02 12:49:50 +02:00
Willem Toorop
f066d5ef73
Merge branch 'features/native-stub-dnssec' into develop
...
Conflicts:
configure.ac
src/stub.c
2015-07-02 10:27:27 +02:00
Willem Toorop
6cffc4792b
Validate replies with getdns_validate_dnssec
...
You can feed it the replies_tree as the records to validate list
2015-07-02 00:25:41 +02:00
Willem Toorop
f92dd5ac0d
getdns_validate_dnssec with new DNSSEC code
2015-07-01 21:50:47 +02:00
Willem Toorop
2b3aa84337
getdns_query show output of getdns_validate_dnssec
2015-07-01 14:38:24 +02:00
Willem Toorop
41cf772fb3
Trust anchors in wireformat in context
2015-06-30 14:43:52 +02:00
Willem Toorop
996b09ba2b
Reminder for single RRSIG per RRSET return
...
With the dnssec_return_validation_chain extension
2015-06-30 00:12:30 +02:00
Willem Toorop
3cd9caa704
Evaluate DNSSEC only with stub resolution
2015-06-29 23:48:46 +02:00
Willem Toorop
8d5ac3afde
Store dnsreq->name in wire format
2015-06-29 23:32:49 +02:00
Willem Toorop
407ecffb67
dnssec_status in netreqs
2015-06-29 22:23:01 +02:00