Willem Toorop
a66232153a
Some more NSEC conditional checks
...
(from studying unbound code)
2015-07-03 00:44:53 +02:00
Willem Toorop
af49184fd5
A single RRSIG per RRSET in validation_chain
2015-07-02 17:30:37 +02:00
Willem Toorop
d47c533b64
getdns_validate_dnssec validate replies in turn
2015-07-02 15:31:31 +02:00
Willem Toorop
ae580575d0
Only validate NOERROR & NXDOMAIN
2015-07-02 12:59:28 +02:00
Willem Toorop
e3fe89c802
Turn on specific debugging with configure options
2015-07-02 12:49:50 +02:00
Willem Toorop
f066d5ef73
Merge branch 'features/native-stub-dnssec' into develop
...
Conflicts:
configure.ac
src/stub.c
2015-07-02 10:27:27 +02:00
Willem Toorop
6cffc4792b
Validate replies with getdns_validate_dnssec
...
You can feed it the replies_tree as the records to validate list
2015-07-02 00:25:41 +02:00
Willem Toorop
f92dd5ac0d
getdns_validate_dnssec with new DNSSEC code
2015-07-01 21:50:47 +02:00
Willem Toorop
2b3aa84337
getdns_query show output of getdns_validate_dnssec
2015-07-01 14:38:24 +02:00
Willem Toorop
41cf772fb3
Trust anchors in wireformat in context
2015-06-30 14:43:52 +02:00
Willem Toorop
996b09ba2b
Reminder for single RRSIG per RRSET return
...
With the dnssec_return_validation_chain extension
2015-06-30 00:12:30 +02:00
Willem Toorop
3cd9caa704
Evaluate DNSSEC only with stub resolution
2015-06-29 23:48:46 +02:00
Willem Toorop
8d5ac3afde
Store dnsreq->name in wire format
2015-06-29 23:32:49 +02:00
Willem Toorop
407ecffb67
dnssec_status in netreqs
2015-06-29 22:23:01 +02:00
wtoorop
93e0237273
Merge pull request #106 from saradickinson/features/transport_fixups
...
Features/transport fixups
2015-06-29 21:09:47 +02:00
Sara Dickinson
8bb01c46ad
Turn TFO off by default. Strange crash found if TCP is not available.
2015-06-29 17:39:14 +01:00
Sara Dickinson
e5a80943e2
Turn fast open on by default. Fix build warning.
2015-06-29 11:54:31 +01:00
Sara Dickinson
e20d679bc8
Improve TCP close handling and sync connection closing
2015-06-29 09:09:13 +01:00
wtoorop
9ac1ea39b8
Merge pull request #105 from saradickinson/features/transport_fallback
...
Features/transport fallback
2015-06-29 09:21:31 +02:00
Willem Toorop
2b83bddd4d
More sense making parameter names for is_subdomain
2015-06-29 09:18:53 +02:00
Willem Toorop
4e45d31413
No wildcard NSEC3 check on opt-out
2015-06-28 13:41:48 +02:00
Willem Toorop
170218c350
Expand dname rdata fields before compare
2015-06-27 23:47:47 +02:00
Willem Toorop
f6c1a48b6e
Validaton of wildcard answers
2015-06-27 23:28:23 +02:00
Sara Dickinson
8c61ecd024
Finally fix problem with upstream walking that was causing intermittent crash. And fix sync idle timeouts. Again.
2015-06-26 16:14:04 +01:00
Sara Dickinson
8925fb22fc
More bug fixes and tidy up
2015-06-26 14:27:21 +01:00
Willem Toorop
0411668cb4
blah
2015-06-26 11:39:44 +02:00
Sara Dickinson
ddd90e29c5
Fix idle_timeout bug
2015-06-26 08:19:22 +01:00
Willem Toorop
fe4b7095b3
Set has_ta before unbound context initialization
2015-06-26 00:29:20 +02:00
Willem Toorop
19b79b066f
NSEC NXDOMAIN + NSEC3 denial of exist. validation
2015-06-26 00:26:40 +02:00
Sara Dickinson
cb5bbac26d
Do better with unbound transport mapping and fix problems with sync fallback
2015-06-25 20:21:00 +01:00
Willem Toorop
ea69d30e64
Validation of signed responses
...
+ start with unsigned responses (only the NSEC NOERROR case)
2015-06-25 10:04:19 +02:00
Sara Dickinson
8819d29535
Implement TCP fallback and hack for lack of sync idle timeout.
2015-06-24 18:49:34 +01:00
Sara Dickinson
c9a0ffc7a5
Improve error reporting in getdns_query.
2015-06-23 17:01:43 +01:00
Willem Toorop
c7c7884350
Generalize getdns_rrset for raw pkt, not netreq
2015-06-23 16:41:34 +02:00
Willem Toorop
1babc715b7
Init context->dnssec_trust_anchors with default
2015-06-23 16:40:47 +02:00
Sara Dickinson
c425f96e0b
Fix TLS handshake for sync messages.
2015-06-23 15:39:56 +01:00
Willem Toorop
5c01df226c
Init netreq dnssec status at netreq init time
2015-06-23 16:39:30 +02:00
Willem Toorop
3631cd658a
get_val_chain for all possible scenarios
2015-06-23 00:00:20 +02:00
Sara Dickinson
67e282edd1
More work on transport/upstream fallback. TLS and UDP fallback not working yet.... Probably need to maintain a current upstream for each transport to get this working properly
2015-06-22 18:02:28 +01:00
Sara Dickinson
57b163c790
Fix bug in STARTTLS timeout
2015-06-22 14:31:19 +01:00
Sara Dickinson
b73b5b2792
Fix some bugs...
2015-06-21 16:55:12 +01:00
Sara Dickinson
635cf9e182
Re-factor of internal handing of transport list.
2015-06-19 18:28:29 +01:00
Willem Toorop
e328f848eb
getdns_rrset and iterators
2015-06-19 18:02:16 +02:00
wtoorop
d819bc901b
Merge pull request #104 from saradickinson/features/transport_api
...
Commit addition of transport list to the API.
2015-06-18 22:02:46 +02:00
Sara Dickinson
0acdcc34b0
Changelog, idle_timeout test, formatting
2015-06-18 17:29:23 +01:00
Sara Dickinson
68dfb15706
Add context idle timeout
2015-06-18 17:11:11 +01:00
Sara Dickinson
8dd8d90e74
Commit addition of transport list to the API.
...
- set and get functions are added.
- Existing transport functions retained for backwards compatibility.
- Basic combinations work as before, but underlying functional changes and cleanup are not complete yet...
- Context level options for timeouts and max_transactions_per_tcp_connection coming soon...
2015-06-17 17:18:09 +01:00
Willem Toorop
129e340e8e
Collect validation chains for RRs without sigs
2015-06-17 14:46:44 +02:00
Willem Toorop
39639a86c4
Make dname_equal reusable
...
+ some symbol renames
2015-06-16 16:11:51 +02:00
Willem Toorop
4445a5f9cc
Include rdata size with compressed names
2015-06-12 15:45:50 +02:00