interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,394 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

1394 Commits

Author SHA1 Message Date
Willem Toorop 7e3fbe547a Check NSEC3 CE to be without delegations 
(no DNAME, no NS or, if NS then also SOA)
 2015-07-04 10:53:31 +02:00
Willem Toorop f59b32414c Three NSEC3 related things: 
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
 2015-07-04 10:23:02 +02:00
Willem Toorop 99f0026961 Allow remaining data RDF to be zero size 
Usefull for NSECs on empty non terminals!
 2015-07-04 08:09:50 +02:00
Willem Toorop 682f10b271 NSEC3s on empty non terminals 
bitmap might even not be present.
 2015-07-04 00:08:03 +02:00
Willem Toorop 2c09ff2541 Deal with synthesized CNAMEs from DNAMEs 2015-07-03 23:44:15 +02:00
Willem Toorop 4d4f235f76 NSEC handling complete 2015-07-03 22:50:29 +02:00
Willem Toorop a66232153a Some more NSEC conditional checks 
(from studying unbound code)
 2015-07-03 00:44:53 +02:00
Willem Toorop af49184fd5 A single RRSIG per RRSET in validation_chain 2015-07-02 17:30:37 +02:00
Willem Toorop d47c533b64 getdns_validate_dnssec validate replies in turn 2015-07-02 15:31:31 +02:00
Willem Toorop ae580575d0 Only validate NOERROR & NXDOMAIN 2015-07-02 12:59:28 +02:00
Willem Toorop e3fe89c802 Turn on specific debugging with configure options 2015-07-02 12:49:50 +02:00
Willem Toorop f066d5ef73 Merge branch 'features/native-stub-dnssec' into develop 
Conflicts:
	configure.ac
	src/stub.c
 2015-07-02 10:27:27 +02:00
Willem Toorop 6cffc4792b Validate replies with getdns_validate_dnssec 
You can feed it the replies_tree as the records to validate list
 2015-07-02 00:25:41 +02:00
Willem Toorop f92dd5ac0d getdns_validate_dnssec with new DNSSEC code 2015-07-01 21:50:47 +02:00
Willem Toorop 2b3aa84337 getdns_query show output of getdns_validate_dnssec 2015-07-01 14:38:24 +02:00
Willem Toorop 41cf772fb3 Trust anchors in wireformat in context 2015-06-30 14:43:52 +02:00
Willem Toorop 996b09ba2b Reminder for single RRSIG per RRSET return 
With the dnssec_return_validation_chain extension
 2015-06-30 00:12:30 +02:00
Willem Toorop 3cd9caa704 Evaluate DNSSEC only with stub resolution 2015-06-29 23:48:46 +02:00
Willem Toorop 8d5ac3afde Store dnsreq->name in wire format 2015-06-29 23:32:49 +02:00
Willem Toorop 407ecffb67 dnssec_status in netreqs 2015-06-29 22:23:01 +02:00
wtoorop 93e0237273 Merge pull request #106 from saradickinson/features/transport_fixups 
Features/transport fixups
 2015-06-29 21:09:47 +02:00
Sara Dickinson 8bb01c46ad Turn TFO off by default. Strange crash found if TCP is not available. 2015-06-29 17:39:14 +01:00
Sara Dickinson e5a80943e2 Turn fast open on by default. Fix build warning. 2015-06-29 11:54:31 +01:00
Sara Dickinson e20d679bc8 Improve TCP close handling and sync connection closing 2015-06-29 09:09:13 +01:00
wtoorop 9ac1ea39b8 Merge pull request #105 from saradickinson/features/transport_fallback 
Features/transport fallback
 2015-06-29 09:21:31 +02:00
Willem Toorop 2b83bddd4d More sense making parameter names for is_subdomain 2015-06-29 09:18:53 +02:00
Willem Toorop 4e45d31413 No wildcard NSEC3 check on opt-out 2015-06-28 13:41:48 +02:00
Willem Toorop 170218c350 Expand dname rdata fields before compare 2015-06-27 23:47:47 +02:00
Willem Toorop f6c1a48b6e Validaton of wildcard answers 2015-06-27 23:28:23 +02:00
Sara Dickinson 8c61ecd024 Finally fix problem with upstream walking that was causing intermittent crash. And fix sync idle timeouts. Again. 2015-06-26 16:14:04 +01:00
Sara Dickinson 8925fb22fc More bug fixes and tidy up 2015-06-26 14:27:21 +01:00
Willem Toorop 0411668cb4 blah 2015-06-26 11:39:44 +02:00
Sara Dickinson ddd90e29c5 Fix idle_timeout bug 2015-06-26 08:19:22 +01:00
Willem Toorop fe4b7095b3 Set has_ta before unbound context initialization 2015-06-26 00:29:20 +02:00
Willem Toorop 19b79b066f NSEC NXDOMAIN + NSEC3 denial of exist. validation 2015-06-26 00:26:40 +02:00
Sara Dickinson cb5bbac26d Do better with unbound transport mapping and fix problems with sync fallback 2015-06-25 20:21:00 +01:00
Willem Toorop ea69d30e64 Validation of signed responses 
+ start with unsigned responses (only the NSEC NOERROR case)
 2015-06-25 10:04:19 +02:00
Sara Dickinson 8819d29535 Implement TCP fallback and hack for lack of sync idle timeout. 2015-06-24 18:49:34 +01:00
Sara Dickinson c9a0ffc7a5 Improve error reporting in getdns_query. 2015-06-23 17:01:43 +01:00
Willem Toorop c7c7884350 Generalize getdns_rrset for raw pkt, not netreq 2015-06-23 16:41:34 +02:00
Willem Toorop 1babc715b7 Init context->dnssec_trust_anchors with default 2015-06-23 16:40:47 +02:00
Sara Dickinson c425f96e0b Fix TLS handshake for sync messages. 2015-06-23 15:39:56 +01:00
Willem Toorop 5c01df226c Init netreq dnssec status at netreq init time 2015-06-23 16:39:30 +02:00
Willem Toorop 3631cd658a get_val_chain for all possible scenarios 2015-06-23 00:00:20 +02:00
Sara Dickinson 67e282edd1 More work on transport/upstream fallback. TLS and UDP fallback not working yet.... Probably need to maintain a current upstream for each transport to get this working properly 2015-06-22 18:02:28 +01:00
Sara Dickinson 57b163c790 Fix bug in STARTTLS timeout 2015-06-22 14:31:19 +01:00
Sara Dickinson b73b5b2792 Fix some bugs... 2015-06-21 16:55:12 +01:00
Sara Dickinson 635cf9e182 Re-factor of internal handing of transport list. 2015-06-19 18:28:29 +01:00
Willem Toorop e328f848eb getdns_rrset and iterators 2015-06-19 18:02:16 +02:00
wtoorop d819bc901b Merge pull request #104 from saradickinson/features/transport_api 
Commit addition of transport list to the API.
 2015-06-18 22:02:46 +02:00