interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,900 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

118 Commits

Author SHA1 Message Date
Sara Dickinson fdbefa17ec Add timer for back off on upstream (use 1 hr). Reset as new upstream when re-instated. 2016-08-05 17:25:27 +01:00
Sara Dickinson a1461d51ec Add abbreviated logging mode for daemon 2016-08-05 14:10:55 +01:00
Sara Dickinson 0432fe37c4 Tinker with upstream keepalive 2016-08-04 16:10:23 +01:00
wtoorop 79f92cedd2 Merge pull request #197 from saradickinson/feature/upstream_handling 
Feature/upstream handling
 2016-07-14 10:58:32 +02:00
Willem Toorop be97bd1d71 Mv getdns_context_set_listen_addresses in the lib 
Also, check for request_id +
cancel a reply by specifying NULL as response to getdns_reply
 2016-07-13 14:50:44 +02:00
Willem Toorop d0f01b6bc4 Default values for extensions in context 2016-07-07 14:47:38 +02:00
Sara Dickinson 8fa84c836a Initial re-work of stateful transport selection and timeout/error handling. Also update transport test to avoid timeout. 2016-07-04 17:02:14 +01:00
Sara Dickinson 98d636b99d Updates to unit tests and tpkg 2016-05-16 17:56:48 +01:00
Sara Dickinson 5f225d6be3 Add TLS session resumption 2016-05-16 17:41:55 +01:00
Willem Toorop da577a463d set upstream loop to the sync loop for sync reqs 
And reset to the async loop when sync request was finished, rescheduling the upstream->event.
Note that finished_event is scheduled against the async loop always.
 2016-04-11 14:49:44 +02:00
Willem Toorop b0ecda5d2e No more side effects with synchronous calls 
(and upstreams that keep connections open)
 2016-03-23 22:13:31 +01:00
Willem Toorop ab742b34b6 Miscelaneous scheduling fixes and improvements 2016-03-17 16:49:05 +01:00
Willem Toorop d938c433ab Set root servers without temporary file 2016-03-14 11:33:06 +01:00
Willem Toorop a83c54387d Reuse sync eventloop per context 
So recursive resolution can depend on and continue with outstanding queries it depends on
 2016-03-09 11:16:19 +01:00
Willem Toorop 4230961e9f Basic usage of unbound pluggable event loop 2016-03-01 16:29:37 +01:00
Willem Toorop ae2b16665b Setup getdns eventloop in libunbound 
When unbound supports this
 2016-01-19 16:52:11 +01:00
Willem Toorop 4fd8d3dddd Replace mini_event extension by default_eventloop 
* default_eventloop was prototyped in getdns_query and is still in there as my_eventloop
  * It interfaces directly with the scheduling primitives of getdns.
  * It can operate entirely from stack and does not have to do
    any memory allocations or deallocations.

* Adapted configure.ac to allow libunbound to be linked with Windows
  (with the removal of winsock_event.c we have no symbol clashed anymore)

* Added STUB_TCP_WOULDBLOCK return code in stub_resolving helper functions,
  to anticipate dealing with edge triggered event loops (versus level triggered). (i.e. Windows)
 2016-01-12 15:52:14 +01:00
Willem Toorop 89b6c04d4f First query append 2015-12-29 17:34:14 +01:00
Willem Toorop 54498cd556 Distinct between suffix and suffixes more clearly 2015-12-29 16:23:04 +01:00
Willem Toorop 5a388386b4 Store suffixes in wireformat 2015-12-29 16:00:15 +01:00
saradickinson b777552f34 Merge pull request #131 from saradickinson/feature/pubkey-pinning 
Feature/pubkey pinning
 2015-12-24 10:13:53 +00:00
Willem Toorop 8bde787703 Use mkstemp instead of tmpnam to eliminate warning 2015-12-24 10:50:58 +01:00
Daniel Kahn Gillmor d09675539e Provide access to the pinsets during the TLS verification callback 
We do this by associating a getdns_upstream object with the SSL object
handled by that upstream.

This allows us to collapse the verification callback code to a single
function.

Note that if we've agreed that fallback is ok, we are now willing to
accept *any* cert verification error, not just HOSTNAME_MISMATCH.
This is fine, because the alternative is falling back to cleartext,
which would be worse.

We also always set SSL_VERIFY_PEER, since we might as well try to do
so; we'll drop the verification error ourselves if we know we're OK
with falling back.
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 4dbe1813e4 added simple sha256 public key pinning linked list to getdns_upstream 2015-12-23 17:59:50 +00:00
Willem Toorop fbae577a54 Setting of root servers 
test with

	getdns_query -f yeti.key -R yeti.hints nlnetlabs.nl A +dnssec_return_status

where yeti.key comes from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache

and yeti.hints from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub
 2015-12-23 17:15:45 +01:00
Willem Toorop 5bbcbb97a1 Merge branch 'develop' into features/conversion_functions 2015-12-22 11:28:27 +01:00
Willem Toorop ee2a1fbfe6 Merge branch 'features/tsig' into develop 2015-12-22 01:08:25 +01:00
Sara Dickinson 746a827baa Implement client side edns-tcp-keepalive 2015-12-21 17:05:56 +00:00
Willem Toorop 98dc4018c3 Setting & getting of tsig info per upstream 2015-12-21 12:22:59 +01:00
Sara Dickinson c5b839bda8 remove STARTTLS 2015-12-18 16:14:54 +00:00
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 6350b4fad4 --without-libunbound option to configure 2015-08-19 10:47:46 +02:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS 
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
 2015-08-15 14:40:15 +01:00
Daniel Kahn Gillmor 319a20a66c improve documentation 
improve the documentation of the getdns_upstream objects.
 2015-07-19 12:22:10 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ... 
Switch freely between stub and recursive resolving
 2015-07-10 00:05:26 +02:00
Willem Toorop f066d5ef73 Merge branch 'features/native-stub-dnssec' into develop 
Conflicts:
	configure.ac
	src/stub.c
 2015-07-02 10:27:27 +02:00
Willem Toorop 41cf772fb3 Trust anchors in wireformat in context 2015-06-30 14:43:52 +02:00
Sara Dickinson e20d679bc8 Improve TCP close handling and sync connection closing 2015-06-29 09:09:13 +01:00