interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,535 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

1535 Commits

Author SHA1 Message Date
Willem Toorop 587b320d95 DNS tree was upside down (wording in comments) 
According to RFC1034 Section 4.2.1., the zone's apex is at the top and delegations at the bottom.
 2015-07-14 10:49:00 +02:00
Willem Toorop 554f015931 Deschedule idle_timeouts on context destroy 2015-07-14 10:44:15 +02:00
Willem Toorop 6f21d89e2a Lookup DS only, for no sigs INSECURE 2015-07-14 10:22:42 +02:00
Willem Toorop a8adf662d1 Fix memory leak setting transports 2015-07-13 16:39:43 +02:00
Willem Toorop 5c61954427 Fix geting recursive_upstream_servers 2015-07-13 16:22:39 +02:00
Willem Toorop 17faffa664 Ignore 2 more autoconf generated files 2015-07-13 15:42:48 +02:00
Willem Toorop c7d40e2cbc Strings in bindata's without '\0' byte 2015-07-13 15:41:40 +02:00
Willem Toorop 12567f5338 Fix compiling with --enable-debug-sched 2015-07-13 11:09:56 +02:00
Willem Toorop 431415bd3d rm debugging fprintf leftover 2015-07-10 10:18:00 +02:00
Willem Toorop 0d2f3a5bd9 functions and defines to get versions 
About the library and the API
In both strings and in numbers
 2015-07-10 00:57:58 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ... 
Switch freely between stub and recursive resolving
 2015-07-10 00:05:26 +02:00
Willem Toorop 4987a27264 Pretty print TLDs 2015-07-10 00:04:14 +02:00
Willem Toorop 2dab8dd4d6 Fix handling of non specific trust anchors and ... 
unsported DS digest types
 2015-07-09 23:11:56 +02:00
Willem Toorop 254699ad8b Constants must be in searchable order 2015-07-09 23:11:28 +02:00
Willem Toorop cacd8951ff getdns_query -k to test for root trust anchor 
has exit status 0 on success, 1 otherwise.
 2015-07-09 23:10:22 +02:00
Willem Toorop 70857ccc74 Proper handling of system stub query timeouts 2015-07-09 23:09:39 +02:00
Willem Toorop 4135f633ac Fix invalid memory reads 2015-07-09 15:40:00 +02:00
Willem Toorop d9fca20f18 Update consts, symbols and dependencies 2015-07-09 14:40:13 +02:00
Willem Toorop bb20de43bd Update EDNS0 COOKIE option code 2015-07-09 14:30:11 +02:00
Willem Toorop c30f64497e Update ChangeLog 2015-07-09 14:27:22 +02:00
Willem Toorop 423fbdf546 Prepare for 0.3.0 release 2015-07-09 14:05:45 +02:00
Willem Toorop cea8ae4d11 [API 0.602] getdns_context_set_dns_transport_list 
And the getdns_context_set_idle_timeout() functions.
 2015-07-09 14:00:26 +02:00
Willem Toorop ec476a9129 getdns_root_trust_anchor up in getdns.h.in 
So it is on the same spot as where it is in the original specification.
This to ease comparing getdns.h with the API's getdns_code_only.h
 2015-07-09 10:37:02 +02:00
Willem Toorop 098e0f19c4 Don't skip points zone cuts with trusted keys 
A new keyset must be authenticated at every zone cut.
A keyset from an ancecter of the immediate zone may never be used
to authenticate RRsets within a zone.

(Review from Wouter)
 2015-07-09 08:15:38 +02:00
Willem Toorop d87d951874 set ds_signer only when actually signed 2015-07-08 17:15:27 +02:00
Willem Toorop d4849dc0ba Fix read of uninitialized memory 
Not a dangerous one though, but still...
 2015-07-08 15:36:39 +02:00
Willem Toorop e8030b34d2 query_len not used 2015-07-08 15:05:40 +02:00
Willem Toorop 201b6af9a2 clang compiler warnings + 1 bug! 
Bug is countring insecure answers in util-internal.c
found by clang warning reporting
 2015-07-08 13:07:24 +02:00
Willem Toorop 2918c8b472 DSes with best digest + INSECURE on unsupportd alg 
Adaptations to function ds_authenticates_keys.

With multiple DSes, only the ones with the highest (supported)
digest type will be used to authenticate DNSKEYs.

NO_SUPPORTED_ALGORITHMS will be returned if there were
DSes for a key in the DNSKEY set, but none of them has a supported
digest or algorithm.  This leads to dnssec_status INSECURE.
 2015-07-08 12:21:04 +02:00
Willem Toorop a5bacfefcf memory leak fixes 2015-07-08 11:07:44 +02:00
Willem Toorop 51a04f8f6c RSAMD5 is deprecated 2015-07-08 00:18:19 +02:00
Willem Toorop 3b45255d1e Try only closest trust anchors 2015-07-08 00:10:10 +02:00
Willem Toorop e48b0c7fd7 INSECURE when NSEC3 iteration count too high 
Fix from Wouter's review
 2015-07-07 22:33:53 +02:00
Willem Toorop 4b53d70199 Review from Wouter minor issues 2015-07-07 14:52:32 +02:00
Willem Toorop e571883811 Fix test for NODATA address_sync lookup 
hampster.com no longer suitable anymore.
 2015-07-07 11:46:52 +02:00
Willem Toorop 83425f959e Review comments from Wouter 
Thanks!
 2015-07-07 11:15:38 +02:00
Willem Toorop 43980e9020 [API 0.601] CSYNC RR type 2015-07-06 14:14:46 +02:00
Willem Toorop af23930725 CSYNC rr type 2015-07-06 12:45:08 +02:00
Willem Toorop 55444d07a2 Documentation in comments as a review guideline 2015-07-06 11:57:16 +02:00
Willem Toorop 70edb60f09 Some comment about google public dns 2015-07-04 13:14:16 +02:00
Willem Toorop 0e977ee4fb rearrangements for documentational reasons 
+ a fix for opt_out bug
 2015-07-04 13:01:16 +02:00
Willem Toorop 7e3fbe547a Check NSEC3 CE to be without delegations 
(no DNAME, no NS or, if NS then also SOA)
 2015-07-04 10:53:31 +02:00
Willem Toorop f59b32414c Three NSEC3 related things: 
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
 2015-07-04 10:23:02 +02:00
Willem Toorop 99f0026961 Allow remaining data RDF to be zero size 
Usefull for NSECs on empty non terminals!
 2015-07-04 08:09:50 +02:00
Willem Toorop 682f10b271 NSEC3s on empty non terminals 
bitmap might even not be present.
 2015-07-04 00:08:03 +02:00
Willem Toorop 2c09ff2541 Deal with synthesized CNAMEs from DNAMEs 2015-07-03 23:44:15 +02:00
Willem Toorop 4d4f235f76 NSEC handling complete 2015-07-03 22:50:29 +02:00
Willem Toorop a66232153a Some more NSEC conditional checks 
(from studying unbound code)
 2015-07-03 00:44:53 +02:00
Willem Toorop af49184fd5 A single RRSIG per RRSET in validation_chain 2015-07-02 17:30:37 +02:00
Willem Toorop d47c533b64 getdns_validate_dnssec validate replies in turn 2015-07-02 15:31:31 +02:00