interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,319 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

145 Commits

Author SHA1 Message Date
Daniel Kahn Gillmor 4dbe1813e4 added simple sha256 public key pinning linked list to getdns_upstream 2015-12-23 17:59:50 +00:00
Willem Toorop fbae577a54 Setting of root servers 
test with

	getdns_query -f yeti.key -R yeti.hints nlnetlabs.nl A +dnssec_return_status

where yeti.key comes from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache

and yeti.hints from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub
 2015-12-23 17:15:45 +01:00
Willem Toorop 5bbcbb97a1 Merge branch 'develop' into features/conversion_functions 2015-12-22 11:28:27 +01:00
Willem Toorop ee2a1fbfe6 Merge branch 'features/tsig' into develop 2015-12-22 01:08:25 +01:00
Sara Dickinson 746a827baa Implement client side edns-tcp-keepalive 2015-12-21 17:05:56 +00:00
Willem Toorop 98dc4018c3 Setting & getting of tsig info per upstream 2015-12-21 12:22:59 +01:00
Sara Dickinson c5b839bda8 remove STARTTLS 2015-12-18 16:14:54 +00:00
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 6350b4fad4 --without-libunbound option to configure 2015-08-19 10:47:46 +02:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS 
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
 2015-08-15 14:40:15 +01:00
Daniel Kahn Gillmor 319a20a66c improve documentation 
improve the documentation of the getdns_upstream objects.
 2015-07-19 12:22:10 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ... 
Switch freely between stub and recursive resolving
 2015-07-10 00:05:26 +02:00
Willem Toorop f066d5ef73 Merge branch 'features/native-stub-dnssec' into develop 
Conflicts:
	configure.ac
	src/stub.c
 2015-07-02 10:27:27 +02:00
Willem Toorop 41cf772fb3 Trust anchors in wireformat in context 2015-06-30 14:43:52 +02:00
Sara Dickinson e20d679bc8 Improve TCP close handling and sync connection closing 2015-06-29 09:09:13 +01:00
Sara Dickinson 8819d29535 Implement TCP fallback and hack for lack of sync idle timeout. 2015-06-24 18:49:34 +01:00
Sara Dickinson 635cf9e182 Re-factor of internal handing of transport list. 2015-06-19 18:28:29 +01:00
Sara Dickinson 68dfb15706 Add context idle timeout 2015-06-18 17:11:11 +01:00
Sara Dickinson 8dd8d90e74 Commit addition of transport list to the API. 
- set and get functions are added.
- Existing transport functions retained for backwards compatibility.
- Basic combinations work as before, but underlying functional changes and cleanup are not complete yet...
- Context level options for timeouts and max_transactions_per_tcp_connection coming soon...
 2015-06-17 17:18:09 +01:00
Sara Dickinson 7905eda8b7 Some clean up of connection handling. Still a problem with STARTTLS fallback that needs fixing. 2015-04-30 12:24:13 +01:00
Sara Dickinson 79b3412fbf Add another transport option as proof of concept for STARTTLS. 2015-04-29 19:20:25 +01:00
Sara Dickinson 3de15ad782 Change internal transport handling to use a list, not a fixed type 2015-04-24 16:29:08 +01:00
Sara Dickinson f2ae55858f First pass at making handshake async. Lots of issues with this code still 
- timeouts are not being rescheduled on fallback
- several error cases are not being handled correctly (e.g. 8.8.8.8) and a user callback is not always called
- the fallback mechanism is not generic (specific to tls to tcp)
 2015-04-23 17:46:31 +01:00
Willem Toorop 0ba6af3523 upstreams_cleanup from upstreams_dereference 2015-04-18 22:17:28 +02:00
Sara Dickinson 6c7ffc4e4e 1) Fix enum mapping error. 
2) Also add detection of TLS 1.2 in openssl during configure and warn that it if not available then TLS will not be available. Using TLS_ONLY in stub mode will then error with BAD_CONTEXT. TLS/TCP will fallback to TCP.

3) Explicitly disallow use of TLS_ONLY in RECURSIVE mode since it isn't supported yet. TLS/TCP will fallback to TCP.

4) Fix for MAC OS X build where openssl not linked correctly
 2015-04-17 18:38:13 +01:00
Sara Dickinson ab4fb8d9e9 Enable GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN for libunbound. Should only be used in stub mode. 
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN still just does TCP.
Also some tidy up of new transport types.
 2015-04-17 15:50:08 +01:00
saradickinson 99aa79b48f First pass at TLS implementation - needs work! 2015-04-16 18:05:27 +01:00
Willem Toorop 56bb9dbbdc Pass along a userarg with context update callbacks 2015-04-02 14:42:26 +02:00
Willem Toorop 00f047816d EDNS cookies processing as stub 2015-03-22 10:50:48 -05:00
Willem Toorop 736f5ff157 No executable flags on source files 
Thanks Paul Wouters
 2015-01-20 12:16:49 +01:00
Willem Toorop 4a3d7fd8b2 Replace ldns_rbtree with getdns_rbtree 
As much as possible.
In dnssec ldns_rbtree is inderectly used via the dnssec_zone struct

This change forces use to embed the data in the nodes as getdns_rbtree does not have a data attribute. This is good because lesser allocs and free's and thus slightly faster and less likely to leak memory.
 2014-10-23 23:00:30 +02:00
Willem Toorop 6f6b8e65a2 Stub edns0 payload 1232 for IPv6 and 1432 for IPv4 2014-10-23 14:30:23 +02:00
Willem Toorop 484f98daf9 remove ldns_res from context 2014-10-23 14:14:55 +02:00
Willem Toorop fc6e583b4b Stub TCP pipelining 
TODO: Resolve issue with timeouts in async pipelining mode.
 2014-10-18 14:32:55 +02:00
Willem Toorop 181d8cd3f4 stub tcp lookups 
And the foundation for tcp keep connections open
 2014-10-18 00:25:41 +02:00
Willem Toorop 623c9b04a5 Retry stub with different upstream after timeout 
Backing off the broken upsteams so they are tried again (increasingly less)
 2014-10-16 14:24:13 +02:00
Willem Toorop b62e2bb84c Prepare datastructs for tcp stub resolving 2014-10-16 11:28:32 +02:00
Willem Toorop 8f254913f1 Sync functions use the async _loop functions too 
So async and sync functions now have the same code path
 2014-10-15 12:16:34 +02:00
Willem Toorop 768d8fbf4d _loop version for async funcs 
So they can be used by the sync functions with a libmini_event loop
 2014-10-14 00:14:25 +02:00
Willem Toorop 1f203485e2 eventloop separate from context & libmini_event 2014-10-08 15:42:33 +02:00
Willem Toorop 54e0b42dcd Timeouts via default mini_event extension 2014-10-06 23:04:12 +02:00
Willem Toorop 648153f98c Timeouts are 64 bits 2014-10-06 16:10:09 +02:00
Willem Toorop 2dcdfaba37 getdns_context_set_upstream_recursive_servers 2014-10-01 23:16:43 +02:00
Willem Toorop 1c6ce72f74 Parse /etc/resolv.conf ourselves 
At the ame time IPv6 local-link scope_id support
 2014-09-30 15:12:48 +02:00
saradickinson d9addba883 Second pass at implementing per query namespaces! 2014-09-25 15:59:05 +00:00
saradickinson 050506341c First pass of implementing per query namespace lookup for stub resolver. Also a getdns local namespace lookup is now used for all sync calls. 2014-09-25 14:49:18 +00:00
Sara Dickinson f59689cf68 Use ldns as stub resolover for sync queries part 1 2014-09-12 14:15:46 +00:00
Willem Toorop 57b51a5dcc prefer includes local to builddir 2014-05-19 15:50:34 +02:00
Neel Goyal 3f8e8ac098 Possible fix for #21 and tests 2014-03-05 22:13:37 -05:00
Neel Goyal 108f72bc36 Fix for issue #18 - allow destroy in callback 2014-03-04 17:00:18 -05:00
Willem Toorop d2c890ab6a Fill in <organization> place holder. 
s/the name of the <organization>/the names of the copyright holders/g
 2014-02-25 14:23:19 +01:00
Willem Toorop 8d77505219 s/Versign/Verisign/g in all files 2014-02-25 14:12:33 +01:00
Glen Wiley 6dd03b1cdc fixed spelling of NLnet in licenses, fixed make clean errs in docs 2014-02-24 09:26:20 -05:00
Neel Goyal 80703de636 Begin refactor out extensions into libs. 2014-02-21 12:23:20 -05:00
Neel Goyal 524783804c Fix some issues per code review 2014-02-20 16:17:41 -05:00
Neel Goyal 48fea8d9e0 Add getdns_context_set_return_dnssec_status 2014-02-20 15:42:10 -05:00
Glen Wiley 344893f87f fixed license and copyright notices 2014-02-20 09:12:19 -05:00
Neel Goyal a80d22f07f Add stub for rebuilding unbound ctx. Only allow updates to certain context fields if unbound query hasn't been sent. 2014-02-19 14:56:37 -05:00
Willem Toorop edf1da405f Only set default trust anchor file when it is good 2014-02-12 14:50:00 +01:00
Willem Toorop 340655330b Re-enabled stub resolution 
Also re-indented the prepare_for_resolution and ub_setup_stub functions
Sorry for that.
 2014-02-12 12:37:05 +01:00
Glen Wiley bdff98ffb3 steps toward proper support of namespaces and system files 2014-02-10 19:59:45 -05:00
Willem Toorop 20853601a6 use enum types where possible 
following API 0.387 (commit 13571e02f1)
 2014-02-09 17:46:12 +01:00
Neel Goyal c658b55d73 Add support for getting next timeout and number of pending events 2014-01-31 15:48:00 -05:00
Neel Goyal 1f847b0d96 Add timeout support 2014-01-31 14:43:02 -05:00
Glen Wiley 0dbc9ca8dc fixed license header 2014-01-28 09:22:46 -05:00
Neel Goyal 67fdf0eb04 timeout stubs 2014-01-27 17:05:25 -05:00
Neel Goyal 13b9e74ff5 Update extensions 2014-01-22 19:55:04 -05:00
Neel Goyal 2bcfedcf78 Initial pass at using unbound stock 2014-01-21 15:31:22 -05:00
Willem Toorop f81db41872 Match getdns.h with current spec 
Introducing consts at several places
 2014-01-14 17:25:23 +01:00
Willem Toorop c80cab6929 getdns_strdup, getdns_bindata_(copy|destroy) 
Restructure a bit to make that work too
 2013-12-09 00:05:18 +01:00
Willem Toorop 70e5193b3f Context has own mem-funcs 
It keeps using mem funcs for internal state that were given upon context creation.
Only dicts and lists are created with mem funcs set by getdns_context_set_memory_functions
 2013-12-08 23:15:57 +01:00
Willem Toorop 8fe9da6503 Header functions, structs/unions and macro's 2013-12-08 22:56:34 +01:00
Willem Toorop 3829dca0cc Get rid of typedefs for structs 2013-12-06 15:54:06 +01:00
Willem Toorop 373e0e4952 Custom mem funcs per dict/list 2013-11-12 17:00:19 +01:00
Willem Toorop 7158291e05 Custom memory management functions in context 2013-11-11 23:10:22 +01:00
Neel Goyal 74fcc3c81b Updating coding style for context.c/h 2013-11-06 13:32:05 -05:00
Neel Goyal f8380ff862 Ran indent with the indent.pro committed 2013-11-05 15:03:44 -05:00
Neel Goyal 65762811bf Adding timeout support 2013-10-18 13:55:31 -04:00
Neel Goyal da8dad5913 Adding A and AAAA handling for get_address 2013-10-16 18:33:12 -04:00
Neel Goyal c53c00ee2b Add recursive and stub support 2013-10-16 14:45:43 -04:00
Neel Goyal d608d3b670 Initial integration of unbound. 2013-10-15 17:28:23 -04:00
Neel Goyal 6c1dc93edf Adding some util modules 2013-08-15 12:33:05 -04:00
Neel Goyal dba0da5adb Massive restructure and renaming 2013-08-15 10:16:15 -04:00