interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,411 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

423 Commits

Author SHA1 Message Date
Willem Toorop e6536bb2ef Typo 2017-09-20 15:18:43 +02:00
Willem Toorop 34d35f9e79 Track updating TA's with root DNSKEY rrset 2017-09-20 10:30:13 +02:00
Willem Toorop 463855d274 Writability test for application data 2017-09-16 18:16:21 +02:00
Willem Toorop 6d29f7fb65 Fix issues accumulated when tpkg didn't work 2017-09-14 15:14:00 +02:00
Willem Toorop 8c4ed6294e Merge branch 'develop' into features/zeroconf-dnssec 2017-09-14 12:27:47 +02:00
Willem Toorop f31eb517e0 Lazy TA and time checking 2017-09-14 11:47:02 +02:00
Willem Toorop 8f3ce9af35 Configurable zero configuration DNSSEC parameters 2017-09-13 14:00:54 +02:00
Sara Dickinson b760a2ced2 Refine the logging levels to match the errors given when backing off, etc. 2017-09-12 15:01:02 +01:00
Sara Dickinson 729af1d159 Allow backed-off upstreams to be re-instated if all our upstreams are unusable (e.g. if the network is down). 
But limit re-tries for a given netreq to the total number of upstreams before failing. This should (roughly) allow 2 retries per upstream of the correct transport before bailing out. Otherwise we are stuck in a loop retrying forever!
 2017-09-12 13:47:56 +01:00
Willem Toorop 8aa46b305d Merge branch 'develop' into features/zeroconf-dnssec 2017-09-11 11:09:58 +02:00
Sara Dickinson 42945cfc08 Make the backoff time incrementally increase until the upstream starts working again 2017-09-08 17:28:37 +01:00
Sara Dickinson 2e4e3873e4 First pass at fixing problems when connections to servers are lost. 
Need to reset connection state if connections fail at setup and on read/write if there are no more messages queued.
This means we will back-off servers that fail, so we should think about using a shorter backoff default in stubby
because otherwise temporarily loss of the network connection will mean having to restart stubby.
Also some minor changes to logging.
 2017-09-06 11:05:08 +01:00
Willem Toorop c6d40d9adc Merge branch 'develop' into features/zeroconf-dnssec 2017-09-04 16:43:37 +02:00
Willem Toorop 21f538f60c Forgot ; 2017-09-01 17:00:34 +02:00
Willem Toorop bf23968226 Final for loop initializations elimination 2017-09-01 16:50:31 +02:00
Willem Toorop 11138ff678 Also register application set trust anchors 2017-07-01 01:00:40 +02:00
Willem Toorop 59ff5e8178 0 terminate xml files 2017-07-01 00:45:09 +02:00
Willem Toorop 2b20f35e0e Write fetched trust anchor 2017-07-01 00:05:20 +02:00
Willem Toorop 4a5f03ebbe Anticipate surplus reads 2017-06-30 21:14:02 +02:00
Willem Toorop 3e6c5775ff Fetch and equip context with trust-anchors 2017-06-30 10:18:07 +02:00
Willem Toorop 742588dd6f Merge branch 'develop' into hackathon/zeroconf-dnssec 2017-06-29 11:09:30 +02:00
Willem Toorop 91ccbcd7df Typo? 2017-06-28 21:45:54 +02:00
Willem Toorop 264135e799 Reintroduct timestamps and replace GETDNS_DAEMON: with STUBBY: 2017-06-28 21:09:40 +02:00
Willem Toorop 8235250fb6 Rename SYSTEM_DAEMON in LOG_UPSTREAM_STATS 2017-06-28 20:57:53 +02:00
Willem Toorop fb267938c3 Start with fetching root-anchors remotely 
Also lays the foundation for looking up upstreams by name and DANE authentication of upstreams.
 2017-06-28 20:35:30 +02:00
Sara Dickinson 55acf6662c Fix for outputting the address string in the DAEMON log 2017-06-28 17:58:38 +01:00
Willem Toorop 04e554086a A configurable log function 
Currently used only for DAEMON_DEBUG
 2017-06-27 00:23:22 +02:00
Willem Toorop 7ea3beaa6a Equip context with xml read trust anchors 2017-06-22 12:27:20 +02:00
Willem Toorop e496d13777 Start with getting files from user area 2017-06-20 15:38:32 +02:00
Willem Toorop b0af051809 Initialize in correct order 2017-06-20 12:20:11 +02:00
Willem Toorop 67d787d74a Merge branch 'develop' into hackathon/zeroconf-dnssec 2017-05-12 15:39:02 +02:00
Willem Toorop d5dcdac58c Validate tls_auth_name 
Deals with issue #270
 2017-04-13 11:19:22 +02:00
Hoda Rohani 6c4af3af93 unintiallized array 2017-04-13 09:44:08 +02:00
Willem Toorop 0da79ae77a Fix to compile with libressl. Thanks phicoh. 2017-04-12 23:05:17 +02:00
Willem Toorop c9b3e3cf7b Allow cleanup of naked idle timeouts 2017-04-06 20:50:34 +02:00
Willem Toorop 2d011e3d19 Merge branch 'features/unset_max_udp_payload_sz' into release/1.1.0 2017-04-06 19:40:35 +02:00
Willem Toorop e08d3592a0 Schedule timeout when collecting for dnssec chain 2017-04-06 11:20:08 +02:00
Willem Toorop f8c7d8b5d5 Network request submission and callback reporting 2017-04-05 22:43:27 +02:00
Willem Toorop 67baa1d651 getdns_context_unset_edns_maximum_udp_payload_size 2017-04-05 12:37:48 +02:00
Willem Toorop edecca8b63 smime verification of root-anchors.xml in ~/.getdns 2017-03-27 09:21:29 -05:00
Daniel Kahn Gillmor 9de4d6537b Implement sensible default padding policy. 
This commit changes the semantics of tls_query_padding_blocksize()
slightly.  Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
 2017-03-26 14:37:28 -05:00
Willem Toorop 6316c558bc typo 2017-03-25 21:45:08 +01:00
Willem Toorop 15b451d71b Recommit parts of "Minor fixes in MDNS code to make sure it does work after the recent loop tightening." 2017-03-23 13:09:34 +01:00
Willem Toorop b2ac3849b7 Fxies for two NetBSD compiler warnings 
ubkey-pinning.c -o pubkey-pinning.lo
./pubkey-pinning.c: In function '_getdns_verify_pinset_match':
./pubkey-pinning.c:385: warning: 'prev' may be used uninitialized in this function
IX_C_SOURCE=200112L -D_XOPEN_SOURCE=600 -c ./context.c -o context.lo
./context.c: In function '_getdns_upstream_shutdown':
./context.c:760: warning: comparison between signed and unsigned
 2017-03-22 13:50:11 +01:00
Willem Toorop 5d12545391 Bugfix in handling UDP backing off 2017-03-22 10:52:55 +01:00
wtoorop 52e3d2e1b0 Merge pull request #265 from saradickinson/feature/new_settings 
Feature/new settings
 2017-03-20 22:25:52 +01:00
Willem Toorop ed0d4d044c Merge remote-tracking branch 'upstream/develop' into features/mdns-client 2017-03-20 16:42:24 +01:00
Sara Dickinson 68eadedc10 Fix rogue bracket 2017-03-17 17:35:47 +00:00
Sara Dickinson 6f7bad5d73 Add new configuration parameters for TLS back off time and connection retries 2017-03-17 17:26:18 +00:00
Sara Dickinson 1d4e3dd790 Update the name of the new option to 'round_robin_upstreams' 2017-03-17 16:53:03 +00:00