interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,156 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

60 Commits

Author SHA1 Message Date
Willem Toorop a5bacfefcf memory leak fixes 2015-07-08 11:07:44 +02:00
Willem Toorop 51a04f8f6c RSAMD5 is deprecated 2015-07-08 00:18:19 +02:00
Willem Toorop 3b45255d1e Try only closest trust anchors 2015-07-08 00:10:10 +02:00
Willem Toorop e48b0c7fd7 INSECURE when NSEC3 iteration count too high 
Fix from Wouter's review
 2015-07-07 22:33:53 +02:00
Willem Toorop 4b53d70199 Review from Wouter minor issues 2015-07-07 14:52:32 +02:00
Willem Toorop 83425f959e Review comments from Wouter 
Thanks!
 2015-07-07 11:15:38 +02:00
Willem Toorop 43980e9020 [API 0.601] CSYNC RR type 2015-07-06 14:14:46 +02:00
Willem Toorop 55444d07a2 Documentation in comments as a review guideline 2015-07-06 11:57:16 +02:00
Willem Toorop 70edb60f09 Some comment about google public dns 2015-07-04 13:14:16 +02:00
Willem Toorop 0e977ee4fb rearrangements for documentational reasons 
+ a fix for opt_out bug
 2015-07-04 13:01:16 +02:00
Willem Toorop 7e3fbe547a Check NSEC3 CE to be without delegations 
(no DNAME, no NS or, if NS then also SOA)
 2015-07-04 10:53:31 +02:00
Willem Toorop f59b32414c Three NSEC3 related things: 
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
 2015-07-04 10:23:02 +02:00
Willem Toorop 99f0026961 Allow remaining data RDF to be zero size 
Usefull for NSECs on empty non terminals!
 2015-07-04 08:09:50 +02:00
Willem Toorop 682f10b271 NSEC3s on empty non terminals 
bitmap might even not be present.
 2015-07-04 00:08:03 +02:00
Willem Toorop 2c09ff2541 Deal with synthesized CNAMEs from DNAMEs 2015-07-03 23:44:15 +02:00
Willem Toorop 4d4f235f76 NSEC handling complete 2015-07-03 22:50:29 +02:00
Willem Toorop a66232153a Some more NSEC conditional checks 
(from studying unbound code)
 2015-07-03 00:44:53 +02:00
Willem Toorop af49184fd5 A single RRSIG per RRSET in validation_chain 2015-07-02 17:30:37 +02:00
Willem Toorop d47c533b64 getdns_validate_dnssec validate replies in turn 2015-07-02 15:31:31 +02:00
Willem Toorop ae580575d0 Only validate NOERROR & NXDOMAIN 2015-07-02 12:59:28 +02:00
Willem Toorop 6cffc4792b Validate replies with getdns_validate_dnssec 
You can feed it the replies_tree as the records to validate list
 2015-07-02 00:25:41 +02:00
Willem Toorop f92dd5ac0d getdns_validate_dnssec with new DNSSEC code 2015-07-01 21:50:47 +02:00
Willem Toorop 41cf772fb3 Trust anchors in wireformat in context 2015-06-30 14:43:52 +02:00
Willem Toorop 996b09ba2b Reminder for single RRSIG per RRSET return 
With the dnssec_return_validation_chain extension
 2015-06-30 00:12:30 +02:00
Willem Toorop 3cd9caa704 Evaluate DNSSEC only with stub resolution 2015-06-29 23:48:46 +02:00
Willem Toorop 8d5ac3afde Store dnsreq->name in wire format 2015-06-29 23:32:49 +02:00
Willem Toorop 407ecffb67 dnssec_status in netreqs 2015-06-29 22:23:01 +02:00
Willem Toorop 2b83bddd4d More sense making parameter names for is_subdomain 2015-06-29 09:18:53 +02:00
Willem Toorop 4e45d31413 No wildcard NSEC3 check on opt-out 2015-06-28 13:41:48 +02:00
Willem Toorop 170218c350 Expand dname rdata fields before compare 2015-06-27 23:47:47 +02:00
Willem Toorop f6c1a48b6e Validaton of wildcard answers 2015-06-27 23:28:23 +02:00
Willem Toorop 19b79b066f NSEC NXDOMAIN + NSEC3 denial of exist. validation 2015-06-26 00:26:40 +02:00
Willem Toorop ea69d30e64 Validation of signed responses 
+ start with unsigned responses (only the NSEC NOERROR case)
 2015-06-25 10:04:19 +02:00
Willem Toorop c7c7884350 Generalize getdns_rrset for raw pkt, not netreq 2015-06-23 16:41:34 +02:00
Willem Toorop 3631cd658a get_val_chain for all possible scenarios 2015-06-23 00:00:20 +02:00
Willem Toorop e328f848eb getdns_rrset and iterators 2015-06-19 18:02:16 +02:00
Willem Toorop 129e340e8e Collect validation chains for RRs without sigs 2015-06-17 14:46:44 +02:00
Willem Toorop 97f0dddb1e remove ldns dependency from rr-dict.c 
Only dnssec.c left
 2015-06-12 13:51:36 +02:00
Willem Toorop ae1db39a33 Native stub validation 2015-06-11 15:40:44 +02:00
Willem Toorop 526c3a3491 Fix stub validation key rollover issue 2015-03-22 15:41:55 -05:00
Willem Toorop a53f50b530 Minor stub validation fixes and improvements 2015-03-19 10:55:34 +01:00
Willem Toorop d2345285a6 dnssec_return_validation_chain with stub resolving 2015-03-18 23:45:26 +01:00
Willem Toorop 7fc18e8c35 Anticipate older libldns with travis 2015-03-18 21:43:41 +01:00
Willem Toorop fa782d1043 --enable-broken-native-stub-dnssec 
Still needs a little more work for wildcards and NODATA answers...
 2015-03-18 14:45:06 +01:00
Willem Toorop 9942550748 dnssec_return_validation_chain without ldns 2015-03-16 17:05:03 +01:00
Willem Toorop 70cb26bb00 Read trust anchor file without ldns 2015-03-15 21:25:38 +01:00
Willem Toorop a77f156d08 Remote the ldns_pkt result from the netreq 
Proving that we don't need ldns_pkt any more
 2015-02-18 12:36:42 +01:00
Willem Toorop 3f046cf573 Embed netreqs in dns_reqs and wire_data in netreqs 
TODO: make sure the wire_data buffer is filled with the response
 2015-01-29 12:30:40 +01:00
Willem Toorop b780db0538 Portability with older systems 
(tested on SunOS 5.11)
 2014-11-07 16:57:24 +01:00
Willem Toorop 114e459a43 Make things work on FreeBSD again 2014-10-31 14:17:30 +01:00