Willem Toorop
|
55444d07a2
|
Documentation in comments as a review guideline
|
2015-07-06 11:57:16 +02:00 |
Willem Toorop
|
70edb60f09
|
Some comment about google public dns
|
2015-07-04 13:14:16 +02:00 |
Willem Toorop
|
0e977ee4fb
|
rearrangements for documentational reasons
+ a fix for opt_out bug
|
2015-07-04 13:01:16 +02:00 |
Willem Toorop
|
7e3fbe547a
|
Check NSEC3 CE to be without delegations
(no DNAME, no NS or, if NS then also SOA)
|
2015-07-04 10:53:31 +02:00 |
Willem Toorop
|
f59b32414c
|
Three NSEC3 related things:
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
|
2015-07-04 10:23:02 +02:00 |
Willem Toorop
|
99f0026961
|
Allow remaining data RDF to be zero size
Usefull for NSECs on empty non terminals!
|
2015-07-04 08:09:50 +02:00 |
Willem Toorop
|
682f10b271
|
NSEC3s on empty non terminals
bitmap might even not be present.
|
2015-07-04 00:08:03 +02:00 |
Willem Toorop
|
2c09ff2541
|
Deal with synthesized CNAMEs from DNAMEs
|
2015-07-03 23:44:15 +02:00 |
Willem Toorop
|
4d4f235f76
|
NSEC handling complete
|
2015-07-03 22:50:29 +02:00 |
Willem Toorop
|
a66232153a
|
Some more NSEC conditional checks
(from studying unbound code)
|
2015-07-03 00:44:53 +02:00 |
Willem Toorop
|
af49184fd5
|
A single RRSIG per RRSET in validation_chain
|
2015-07-02 17:30:37 +02:00 |
Willem Toorop
|
d47c533b64
|
getdns_validate_dnssec validate replies in turn
|
2015-07-02 15:31:31 +02:00 |
Willem Toorop
|
ae580575d0
|
Only validate NOERROR & NXDOMAIN
|
2015-07-02 12:59:28 +02:00 |
Willem Toorop
|
e3fe89c802
|
Turn on specific debugging with configure options
|
2015-07-02 12:49:50 +02:00 |
Willem Toorop
|
f066d5ef73
|
Merge branch 'features/native-stub-dnssec' into develop
Conflicts:
configure.ac
src/stub.c
|
2015-07-02 10:27:27 +02:00 |
Willem Toorop
|
6cffc4792b
|
Validate replies with getdns_validate_dnssec
You can feed it the replies_tree as the records to validate list
|
2015-07-02 00:25:41 +02:00 |
Willem Toorop
|
f92dd5ac0d
|
getdns_validate_dnssec with new DNSSEC code
|
2015-07-01 21:50:47 +02:00 |
Willem Toorop
|
2b3aa84337
|
getdns_query show output of getdns_validate_dnssec
|
2015-07-01 14:38:24 +02:00 |
Willem Toorop
|
41cf772fb3
|
Trust anchors in wireformat in context
|
2015-06-30 14:43:52 +02:00 |
Willem Toorop
|
996b09ba2b
|
Reminder for single RRSIG per RRSET return
With the dnssec_return_validation_chain extension
|
2015-06-30 00:12:30 +02:00 |
Willem Toorop
|
3cd9caa704
|
Evaluate DNSSEC only with stub resolution
|
2015-06-29 23:48:46 +02:00 |
Willem Toorop
|
8d5ac3afde
|
Store dnsreq->name in wire format
|
2015-06-29 23:32:49 +02:00 |
Willem Toorop
|
407ecffb67
|
dnssec_status in netreqs
|
2015-06-29 22:23:01 +02:00 |
wtoorop
|
93e0237273
|
Merge pull request #106 from saradickinson/features/transport_fixups
Features/transport fixups
|
2015-06-29 21:09:47 +02:00 |
Sara Dickinson
|
8bb01c46ad
|
Turn TFO off by default. Strange crash found if TCP is not available.
|
2015-06-29 17:39:14 +01:00 |
Sara Dickinson
|
e5a80943e2
|
Turn fast open on by default. Fix build warning.
|
2015-06-29 11:54:31 +01:00 |
Sara Dickinson
|
e20d679bc8
|
Improve TCP close handling and sync connection closing
|
2015-06-29 09:09:13 +01:00 |
wtoorop
|
9ac1ea39b8
|
Merge pull request #105 from saradickinson/features/transport_fallback
Features/transport fallback
|
2015-06-29 09:21:31 +02:00 |
Willem Toorop
|
2b83bddd4d
|
More sense making parameter names for is_subdomain
|
2015-06-29 09:18:53 +02:00 |
Willem Toorop
|
4e45d31413
|
No wildcard NSEC3 check on opt-out
|
2015-06-28 13:41:48 +02:00 |
Willem Toorop
|
170218c350
|
Expand dname rdata fields before compare
|
2015-06-27 23:47:47 +02:00 |
Willem Toorop
|
f6c1a48b6e
|
Validaton of wildcard answers
|
2015-06-27 23:28:23 +02:00 |
Sara Dickinson
|
8c61ecd024
|
Finally fix problem with upstream walking that was causing intermittent crash. And fix sync idle timeouts. Again.
|
2015-06-26 16:14:04 +01:00 |
Sara Dickinson
|
8925fb22fc
|
More bug fixes and tidy up
|
2015-06-26 14:27:21 +01:00 |
Willem Toorop
|
0411668cb4
|
blah
|
2015-06-26 11:39:44 +02:00 |
Sara Dickinson
|
ddd90e29c5
|
Fix idle_timeout bug
|
2015-06-26 08:19:22 +01:00 |
Willem Toorop
|
fe4b7095b3
|
Set has_ta before unbound context initialization
|
2015-06-26 00:29:20 +02:00 |
Willem Toorop
|
19b79b066f
|
NSEC NXDOMAIN + NSEC3 denial of exist. validation
|
2015-06-26 00:26:40 +02:00 |
Sara Dickinson
|
cb5bbac26d
|
Do better with unbound transport mapping and fix problems with sync fallback
|
2015-06-25 20:21:00 +01:00 |
Willem Toorop
|
ea69d30e64
|
Validation of signed responses
+ start with unsigned responses (only the NSEC NOERROR case)
|
2015-06-25 10:04:19 +02:00 |
Sara Dickinson
|
8819d29535
|
Implement TCP fallback and hack for lack of sync idle timeout.
|
2015-06-24 18:49:34 +01:00 |
Sara Dickinson
|
c9a0ffc7a5
|
Improve error reporting in getdns_query.
|
2015-06-23 17:01:43 +01:00 |
Willem Toorop
|
c7c7884350
|
Generalize getdns_rrset for raw pkt, not netreq
|
2015-06-23 16:41:34 +02:00 |
Willem Toorop
|
1babc715b7
|
Init context->dnssec_trust_anchors with default
|
2015-06-23 16:40:47 +02:00 |
Sara Dickinson
|
c425f96e0b
|
Fix TLS handshake for sync messages.
|
2015-06-23 15:39:56 +01:00 |
Willem Toorop
|
5c01df226c
|
Init netreq dnssec status at netreq init time
|
2015-06-23 16:39:30 +02:00 |
Willem Toorop
|
3631cd658a
|
get_val_chain for all possible scenarios
|
2015-06-23 00:00:20 +02:00 |
Sara Dickinson
|
67e282edd1
|
More work on transport/upstream fallback. TLS and UDP fallback not working yet.... Probably need to maintain a current upstream for each transport to get this working properly
|
2015-06-22 18:02:28 +01:00 |
Sara Dickinson
|
57b163c790
|
Fix bug in STARTTLS timeout
|
2015-06-22 14:31:19 +01:00 |
Sara Dickinson
|
b73b5b2792
|
Fix some bugs...
|
2015-06-21 16:55:12 +01:00 |