getdns

Commit Graph

Author	SHA1	Message	Date
Willem Toorop	7e3fbe547a	Check NSEC3 CE to be without delegations (no DNAME, no NS or, if NS then also SOA)	2015-07-04 10:53:31 +02:00
Willem Toorop	f59b32414c	Three NSEC3 related things: - Better checking for type bits - NSEC3 Insecure proofs for opt-out on head's - NSEC3 wildcard NODATA proof	2015-07-04 10:23:02 +02:00
Willem Toorop	99f0026961	Allow remaining data RDF to be zero size Usefull for NSECs on empty non terminals!	2015-07-04 08:09:50 +02:00
Willem Toorop	682f10b271	NSEC3s on empty non terminals bitmap might even not be present.	2015-07-04 00:08:03 +02:00
Willem Toorop	2c09ff2541	Deal with synthesized CNAMEs from DNAMEs	2015-07-03 23:44:15 +02:00
Willem Toorop	4d4f235f76	NSEC handling complete	2015-07-03 22:50:29 +02:00
Willem Toorop	a66232153a	Some more NSEC conditional checks (from studying unbound code)	2015-07-03 00:44:53 +02:00
Willem Toorop	af49184fd5	A single RRSIG per RRSET in validation_chain	2015-07-02 17:30:37 +02:00
Willem Toorop	d47c533b64	getdns_validate_dnssec validate replies in turn	2015-07-02 15:31:31 +02:00
Willem Toorop	ae580575d0	Only validate NOERROR & NXDOMAIN	2015-07-02 12:59:28 +02:00
Willem Toorop	6cffc4792b	Validate replies with getdns_validate_dnssec You can feed it the replies_tree as the records to validate list	2015-07-02 00:25:41 +02:00
Willem Toorop	f92dd5ac0d	getdns_validate_dnssec with new DNSSEC code	2015-07-01 21:50:47 +02:00
Willem Toorop	41cf772fb3	Trust anchors in wireformat in context	2015-06-30 14:43:52 +02:00
Willem Toorop	996b09ba2b	Reminder for single RRSIG per RRSET return With the dnssec_return_validation_chain extension	2015-06-30 00:12:30 +02:00
Willem Toorop	3cd9caa704	Evaluate DNSSEC only with stub resolution	2015-06-29 23:48:46 +02:00
Willem Toorop	8d5ac3afde	Store dnsreq->name in wire format	2015-06-29 23:32:49 +02:00
Willem Toorop	407ecffb67	dnssec_status in netreqs	2015-06-29 22:23:01 +02:00
Willem Toorop	2b83bddd4d	More sense making parameter names for is_subdomain	2015-06-29 09:18:53 +02:00
Willem Toorop	4e45d31413	No wildcard NSEC3 check on opt-out	2015-06-28 13:41:48 +02:00
Willem Toorop	170218c350	Expand dname rdata fields before compare	2015-06-27 23:47:47 +02:00
Willem Toorop	f6c1a48b6e	Validaton of wildcard answers	2015-06-27 23:28:23 +02:00
Willem Toorop	19b79b066f	NSEC NXDOMAIN + NSEC3 denial of exist. validation	2015-06-26 00:26:40 +02:00
Willem Toorop	ea69d30e64	Validation of signed responses + start with unsigned responses (only the NSEC NOERROR case)	2015-06-25 10:04:19 +02:00
Willem Toorop	c7c7884350	Generalize getdns_rrset for raw pkt, not netreq	2015-06-23 16:41:34 +02:00
Willem Toorop	3631cd658a	get_val_chain for all possible scenarios	2015-06-23 00:00:20 +02:00
Willem Toorop	e328f848eb	getdns_rrset and iterators	2015-06-19 18:02:16 +02:00
Willem Toorop	129e340e8e	Collect validation chains for RRs without sigs	2015-06-17 14:46:44 +02:00
Willem Toorop	97f0dddb1e	remove ldns dependency from rr-dict.c Only dnssec.c left	2015-06-12 13:51:36 +02:00
Willem Toorop	ae1db39a33	Native stub validation	2015-06-11 15:40:44 +02:00
Willem Toorop	526c3a3491	Fix stub validation key rollover issue	2015-03-22 15:41:55 -05:00
Willem Toorop	a53f50b530	Minor stub validation fixes and improvements	2015-03-19 10:55:34 +01:00
Willem Toorop	d2345285a6	dnssec_return_validation_chain with stub resolving	2015-03-18 23:45:26 +01:00
Willem Toorop	7fc18e8c35	Anticipate older libldns with travis	2015-03-18 21:43:41 +01:00
Willem Toorop	fa782d1043	--enable-broken-native-stub-dnssec Still needs a little more work for wildcards and NODATA answers...	2015-03-18 14:45:06 +01:00
Willem Toorop	9942550748	dnssec_return_validation_chain without ldns	2015-03-16 17:05:03 +01:00
Willem Toorop	70cb26bb00	Read trust anchor file without ldns	2015-03-15 21:25:38 +01:00
Willem Toorop	a77f156d08	Remote the ldns_pkt result from the netreq Proving that we don't need ldns_pkt any more	2015-02-18 12:36:42 +01:00
Willem Toorop	3f046cf573	Embed netreqs in dns_reqs and wire_data in netreqs TODO: make sure the wire_data buffer is filled with the response	2015-01-29 12:30:40 +01:00
Willem Toorop	b780db0538	Portability with older systems (tested on SunOS 5.11)	2014-11-07 16:57:24 +01:00
Willem Toorop	114e459a43	Make things work on FreeBSD again	2014-10-31 14:17:30 +01:00
Willem Toorop	4a3d7fd8b2	Replace ldns_rbtree with getdns_rbtree As much as possible. In dnssec ldns_rbtree is inderectly used via the dnssec_zone struct This change forces use to embed the data in the nodes as getdns_rbtree does not have a data attribute. This is good because lesser allocs and free's and thus slightly faster and less likely to leak memory.	2014-10-23 23:00:30 +02:00
Willem Toorop	a0cb4e1774	Move stub resolving to stub.c again Merged hostname.c and service.c in general so that getdns_general_ns can become static. Removed specialized synchronous handling from return_validation_chain code. Removed un_timed_resolve (specialized sync handling is not needed anymore) Renamed inter-object file symbols to priv_<name> and made intra-object symbols static as much as possible.	2014-10-15 23:04:39 +02:00
Willem Toorop	a9dbea22ad	Chase NSEC and NSEC3 with return_validation_chain	2014-09-03 20:53:26 +02:00
Willem Toorop	fc2f091f05	timed synchronous resolves Also returns an response dict with status GETDNS_RESPSTATUS_ALL_TIMEOUT on timeout	2014-07-01 23:31:40 +02:00
Willem Toorop	57b51a5dcc	prefer includes local to builddir	2014-05-19 15:50:34 +02:00
Willem Toorop	d2c890ab6a	Fill in <organization> place holder. s/the name of the <organization>/the names of the copyright holders/g	2014-02-25 14:23:19 +01:00
Willem Toorop	8d77505219	s/Versign/Verisign/g in all files	2014-02-25 14:12:33 +01:00
Glen Wiley	6dd03b1cdc	fixed spelling of NLnet in licenses, fixed make clean errs in docs	2014-02-24 09:26:20 -05:00
Glen Wiley	344893f87f	fixed license and copyright notices	2014-02-20 09:12:19 -05:00
Willem Toorop	96b9f095a7	Implement getdns_root_trust_anchor	2014-02-19 16:56:00 +01:00

50 Commits