interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,438 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2438 Commits

Author SHA1 Message Date
Willem Toorop a27915ccc9 One more ChangeLog update 2017-04-06 19:47:15 +02:00
Willem Toorop 2d011e3d19 Merge branch 'features/unset_max_udp_payload_sz' into release/1.1.0 2017-04-06 19:40:35 +02:00
Willem Toorop f0ee920227 Bump version, update ChangeLog 2017-04-06 16:13:15 +02:00
wtoorop f251f8aeda Merge pull request #282 from wtoorop/bugfix/issue-272 
Bugfix/issue 272
 2017-04-06 15:55:24 +02:00
Willem Toorop c2edc94a3a Clear timeout event when getting dnssec chain 
With full recursion
 2017-04-06 15:18:12 +02:00
Willem Toorop e35a2182a9 missing #include 2017-04-06 12:24:27 +02:00
Willem Toorop 4ceec33d08 Do something about TLS renegotiation. 2017-04-06 11:46:10 +02:00
Willem Toorop e08d3592a0 Schedule timeout when collecting for dnssec chain 2017-04-06 11:20:08 +02:00
Willem Toorop f8c7d8b5d5 Network request submission and callback reporting 2017-04-05 22:43:27 +02:00
Willem Toorop 2220c1a48d Options for request debugging 2017-04-05 17:53:39 +02:00
Willem Toorop 67baa1d651 getdns_context_unset_edns_maximum_udp_payload_size 2017-04-05 12:37:48 +02:00
Willem Toorop edecca8b63 smime verification of root-anchors.xml in ~/.getdns 2017-03-27 09:21:29 -05:00
wtoorop fe49bc1c69 Merge pull request #279 from dkg/feature/padding-policy 
Implement sensible default padding policy.
 2017-03-27 08:19:31 -05:00
wtoorop d5005a8ac0 Merge pull request #278 from dkg/getdns-query-transport-cleanup 
getdns-query: S is no longer a valid transport label.
 2017-03-26 14:53:53 -05:00
Daniel Kahn Gillmor f2a90925bc getdns-query: S is no longer a valid transport label. 2017-03-26 14:38:43 -05:00
Daniel Kahn Gillmor 9de4d6537b Implement sensible default padding policy. 
This commit changes the semantics of tls_query_padding_blocksize()
slightly.  Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
 2017-03-26 14:37:28 -05:00
Willem Toorop f4fe2cb6c5 Merge branch 'develop' into hackathon/zeroconf-dnssec 2017-03-26 10:46:50 -05:00
wtoorop 148dfabf88 Merge pull request #276 from huitema/develop 
Fixing the select and poll event loops for Windows
 2017-03-26 10:20:48 -05:00
Willem Toorop 03efb66991 Keep connections open with sync requests too 2017-03-26 10:16:25 -05:00
huitema 6f0b08a400 Fixing the select event loop so it does not give up for naked timers in Windows. 
Making sure the poll event loop works on windows.
Fixing the poll event loop so it does not give up for naked timers in Windows.
 2017-03-26 10:07:44 -05:00
Willem Toorop 8864dfce92 Merge branch 'develop' into hackathon/zeroconf-dnssec 2017-03-25 20:37:36 -05:00
Willem Toorop 007208a122 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2017-03-25 20:22:54 -05:00
Willem Toorop 9fa6ab5994 Clang pragma's with clang only 2017-03-25 20:22:34 -05:00
Melinda Shore 01eedd5ea8 Merge pull request #275 from getdnsapi/devel/cert_in_call_reporting 
Have the peer certificate in call_reporting
 2017-03-25 19:58:16 -05:00
Willem Toorop b3e5c5fb30 Merge branch 'develop' into hackathon/zeroconf-dnssec 2017-03-25 19:52:55 -05:00
Willem Toorop b7d16e3c89 One more leak 2017-03-25 17:00:02 -05:00
Willem Toorop 6316c558bc typo 2017-03-25 21:45:08 +01:00
Willem Toorop 3eb6ebf5e4 Fix memory leak 2017-03-25 21:33:30 +01:00
Willem Toorop 5f6e47d091 Only equip with peer cert when transport is TLS 2017-03-25 21:26:05 +01:00
Willem Toorop a2efd8f6c1 Report peer certificate in call_reporting 2017-03-25 19:36:20 +01:00
Willem Toorop 767ca21bc0 Debugging for anchor management 2017-03-25 19:02:51 +01:00
Willem Toorop ed0b655af0 Update doxygen 2017-03-25 06:45:02 -05:00
Willem Toorop e4d4e97542 Suppress unused parameter warnings when we can't help it 2017-03-23 16:59:03 +01:00
huitema 0560500e34 Merge pull request #10 from wtoorop/devel/huitema-develop 
Devel/huitema develop
 2017-03-23 07:45:53 -07:00
Willem Toorop 15b451d71b Recommit parts of "Minor fixes in MDNS code to make sure it does work after the recent loop tightening." 2017-03-23 13:09:34 +01:00
Willem Toorop b32ee619f1 Merge branch 'develop' into devel/huitema-develop 2017-03-23 13:05:09 +01:00
Willem Toorop b80ccba02c Revert "Minor fixes in MDNS code to make sure it does work after the recent loop tightening." 
This reverts commit c653e8502c.
 2017-03-23 13:04:11 +01:00
Willem Toorop 2a496969cd Fixes for mdns 2017-03-23 12:53:44 +01:00
Willem Toorop c275b205d3 Create doxygen tagfile 2017-03-23 10:58:18 +01:00
Christian Huitema c653e8502c Minor fixes in MDNS code to make sure it does work after the recent loop tightening. 
Suppressing the warning about mapping the 64 bit timeout value to a 32 bit integer,
based on the comments that the "maximum timeout used in practice is 6553500ms." If that
really is the case, we do not need to support 64 bit integers in the dict structure.
 2017-03-22 15:50:26 -07:00
huitema 95da0b46e0 Merge pull request #9 from getdnsapi/develop 
Align with develop branch
 2017-03-22 10:10:00 -07:00
Willem Toorop f67314c1c1 Unbound event API without header compile fix 2017-03-22 14:36:16 +01:00
Willem Toorop 426fc238da Fixes for FreeBSD warnings when compiling tests 
/usr/local/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__ is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
     _ck_assert_failed(__FILE__, __LINE__, "Assertion '"#expr"' failed" , ## __VA_ARGS__, NULL)
/usr/local/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__ is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
 2017-03-22 14:10:15 +01:00
Willem Toorop b2ac3849b7 Fxies for two NetBSD compiler warnings 
ubkey-pinning.c -o pubkey-pinning.lo
./pubkey-pinning.c: In function '_getdns_verify_pinset_match':
./pubkey-pinning.c:385: warning: 'prev' may be used uninitialized in this function
IX_C_SOURCE=200112L -D_XOPEN_SOURCE=600 -c ./context.c -o context.lo
./context.c: In function '_getdns_upstream_shutdown':
./context.c:760: warning: comparison between signed and unsigned
 2017-03-22 13:50:11 +01:00
Willem Toorop 3d45a77884 Mention how to enable MDNS in ChangeLog 2017-03-22 12:35:23 +01:00
Willem Toorop b48a92c8f5 Max OS-X and FreeBSD multicast portability 2017-03-22 12:33:13 +01:00
Willem Toorop 29c1c9524e Include unbound includes rerouting in dist tarball 
+ don't try to install getdns-*.tgz spec anymore
 2017-03-22 12:32:26 +01:00
Willem Toorop a7c824c756 Update changelog and documentation 2017-03-22 11:52:07 +01:00
Willem Toorop 5d12545391 Bugfix in handling UDP backing off 2017-03-22 10:52:55 +01:00
Willem Toorop fa99b206e8 Updated readme & new groups for doxygen 2017-03-21 12:28:48 +01:00