interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,387 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

995 Commits

Author SHA1 Message Date
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
Willem Toorop dd836b2a11 Conversion functions prototypes 2015-12-03 14:54:38 +01:00
Willem Toorop 08bf613cde Prevent segfault with failed TLS handshake? 
Need proper review for this patch!  Sara?
 2015-11-15 12:46:21 -05:00
Willem Toorop 95618bb3a7 Merge branch 'release/v0.5.1' of github.com:getdnsapi/getdns into release/v0.5.1 2015-11-14 20:01:48 -05:00
Willem Toorop afe5db6b55 Get validation chain avoiding roadblocks 2015-11-14 20:00:13 -05:00
Sara Dickinson 508127a856 Add missing file.... 2015-11-13 14:47:03 +00:00
Sara Dickinson d75ba83013 Fix bug with call_debugging reporting of UDP and add a getter for tls_authentication 2015-11-13 13:28:43 +00:00
Willem Toorop 1bb2daff1e ub_setup_recursing not used without libunbound 2015-11-11 14:03:16 +01:00
Willem Toorop b9f8f94361 Update ChangeLog and check versions 2015-11-11 12:40:23 +01:00
saradickinson 1a72454b88 Remove debug 2015-11-05 14:41:23 +09:00
saradickinson 5f60683f57 Fix seg fault on timeout 2015-11-05 14:41:23 +09:00
Willem Toorop c7f4fc3625 Fix disabling roadblock avoidance with configure 2015-11-05 07:43:33 +09:00
Willem Toorop 26566a3b00 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2015-11-04 23:25:49 +01:00
Willem Toorop 7f4bdc0868 Bumb versions 2015-11-04 23:25:38 +01:00
Willem Toorop eb4ba438f7 return_validation_chain + roadblock_avoidance bug 2015-11-05 07:11:51 +09:00
Willem Toorop 8a6f7d5b90 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-04 17:49:21 +09:00
Willem Toorop 0c3eb08f4d Merge branch 'features/call_debug' into develop 2015-11-04 16:23:22 +09:00
Willem Toorop 3a19050413 Code review changes 
Commented inline on github
 2015-11-04 16:18:22 +09:00
wtoorop 7230031c0a Merge pull request #119 from dkg/ietf94-privacy-hackathon 
Thank you dkg!  Great work!

Interestingly you've put the configuration of those two features at "context" level.  Since both options (just like cookies) relate to upstreams, I think they should be configurable per upstream as well  (perhaps using the context settings as the defaults, over-loadable by those upstream options).  With my cookie implementation, I've implemented activation with an extension, but cookies also relate to upstreams, so perhaps they should be enableable per upstream as well (and have a global over-loadable setting in context).

Cheers,
-- Willem
 2015-11-02 16:26:25 +09:00
Gowri 1bccd56244 Name change on test server certificate 2015-11-02 03:05:17 +01:00
Daniel Kahn Gillmor c322a8a330 add -P flag to getdns_query for EDNS padding policy 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 83bf5ab08b actually implement tls_query_padding_blocksize 
since no DNS OPT value has been allocated, i chose a random value in
the experimental/local range.
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 1457c1a2b5 stash tls_query_padding_blocksize in the dns_req from the context 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 8291cdb455 add -c flag for EDNS Client Subnet privacy to getdns_query 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 05585281eb add test for context update callback for edns_client_subnet_private 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Willem Toorop b062974fb1 ub_setup_recursion also for non roadblock avoidance 2015-11-01 15:48:31 +09:00
Daniel Kahn Gillmor 0b388872ea clarify per-query options vs. per-upstream options 
Sending DNS cookies was overwriting any existing options (DNS OPT) in
the outbound query.

Also, DNS cookies may not be the only option that gets set
per-upstream (instead of per-query).

This changeset establishes a set of per-query options (established at
the time of the query), and a buffer of additional space for adding
options based on the upstream is in use.

The size of this buffer is defined at configure time (defaults to 3000
octets).

Just before a query is sent out, we add the per-upstream options to
the query.

Note: we're also standardizing the query in tls too, even though we're
not sending any upstream options in that case at the moment
(edns_cookies are much weaker than TLS itself)
 2015-11-01 15:47:22 +09:00
Daniel Kahn Gillmor 3e90795680 enable talking to servers with ECDSA certs 
There is no clear reason to reject servers that don't have RSA certs.
We should accept ECDSA certs as well.

(also, clean up comments about opportunistic TLS)
 2015-11-01 15:47:03 +09:00
Willem Toorop af6947cbb3 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-01 15:34:21 +09:00
Willem Toorop 8b9041325b Bugfix don't grow upstreams memory 
upstreams have internal references and cannot be realloc'ed easily
 2015-11-01 15:23:26 +09:00
jad 30043d2ba5 corrected name 2015-11-01 13:09:18 +09:00
jad 51eb2fdf55 working prototype 6 2015-11-01 12:47:49 +09:00
Willem Toorop ae2cc39a36 Full roadblock avoidance functionality 2015-11-01 12:28:43 +09:00
jad f5662bbf32 working prototype 5 2015-11-01 11:43:12 +09:00
jad 2d20e18b8a working prototype 4 2015-11-01 11:14:45 +09:00
jad 25f7f2182b working prototype 3 2015-11-01 11:04:03 +09:00
jad 80864655d7 Working prototype 2 2015-11-01 10:51:00 +09:00
jad a85b17c885 working prototype 1 2015-11-01 10:24:02 +09:00
Willem Toorop 58885e04d7 dnssec_roadblock_avoidance extension 2015-10-31 21:04:08 +09:00
Willem Toorop 35c803208b Bit more concise and clear confusing code text 2015-10-31 18:24:24 +09:00
Willem Toorop fb6642d6a5 Print response dict when there is one 2015-10-31 17:59:14 +09:00
Willem Toorop 521e46879b Document that thing that we keep forgetting about 2015-10-31 17:15:36 +09:00
Willem Toorop 9ce441e59a --enable-debug-sched for getdns_query too 2015-10-31 16:24:49 +09:00
Willem Toorop de59b700ce Fix libidn really absent + NetBSD fixes 2015-10-29 19:13:39 +01:00
Willem Toorop 0a717f5d51 Warning with older (less intelligent) compiles 2015-10-29 16:25:07 +01:00
Willem Toorop 8c3d348f05 Help text typo 2015-10-27 16:43:25 +01:00
Sara Dickinson e397d1e020 Fix error that was not allowing cipher suite fallback for opportunistic TLS. 2015-10-25 15:28:20 +00:00
Willem Toorop c613743644 Update spec to 0.701 2015-10-22 15:12:15 +02:00