interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,140 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

147 Commits

Author SHA1 Message Date
Jim Hague b8424e494d Fix up some small usage typos, and don't report result if issuing test usage message. 2018-01-16 11:05:16 +00:00
Jim Hague 5ea0edf262 Update usage. 2018-01-15 17:42:57 +00:00
Jim Hague 8dc3a84735 Add options specifying transport. 2018-01-15 17:42:43 +00:00
Jim Hague 3438c68591 Prefix TLS-only options with 'tls-'. 2018-01-15 13:26:09 +00:00
Jim Hague 08b5976f9c Decouple from getdns config. This is now a pure getdns client. 2018-01-15 13:19:48 +00:00
Jim Hague 3298b5cd50 Extract common processing into search_check() and parse_search_check(). 2018-01-15 12:37:57 +00:00
Jim Hague cb7af33488 Some tests imply TLS. Explicitly make sure these always go over TLS. 2018-01-15 11:28:11 +00:00
Jim Hague 77a5a15cdf Minor output corrections. 2018-01-15 11:02:14 +00:00
Jim Hague 22996bf07d If TLS auth name given, lookup is to go over TLS. 2018-01-15 11:00:12 +00:00
Jim Hague c0d7d2c279 Print exit status at end of main output line. 2018-01-15 10:27:10 +00:00
Jim Hague 5d4bc8bc96 Add rtt test. 2018-01-15 10:16:26 +00:00
Jim Hague b9312e790f Correct certificate expiry custom threshold handling. 2018-01-15 10:01:01 +00:00
Jim Hague 3258fdfd5a Tabs? Spaces? Currently both, switch to spaces only. 2018-01-14 23:28:55 +00:00
Jim Hague 379662a3f3 Add plain lookup test. 2018-01-14 13:41:44 +00:00
Jim Hague 60118e9241 Improve cert-valid argument order to most likely first. 2018-01-13 14:56:55 +00:00
Jim Hague e7618321ce Add cert-valid test. 2018-01-12 18:21:38 +00:00
Jim Hague e597daa4c0 Add 'auth' test. 2018-01-12 17:23:42 +00:00
Jim Hague 305daab9aa Add first version of getdns_server_mon. 
Currently only QNAME minimisation check is working.
 2018-01-12 16:11:48 +00:00
Willem Toorop 608189710c Log printing in getdns_query 2018-01-04 16:35:22 +01:00
Sara Dickinson 00d3232ba4 Fix windows build 2017-12-15 16:53:23 +00:00
Willem Toorop e691312a3f Schedule DNSSEC meta queries against existing context 2017-12-13 12:50:03 +01:00
Willem Toorop 96ed06c6a9 Initialize context with given resolv.conf and hosts files 
- getdns_context_create with set_from_os set will simply call these
  functions with the defaults

+ filechg_check is simplified somewhat (reducting memory management)
+ get OpenSSL version version via get_api_information()
 2017-12-12 12:24:31 +01:00
Willem Toorop 3e16075563 Test getdns_context_create2 with getdns_query 2017-11-23 12:26:40 +01:00
Willem Toorop 260416a859 Ignore SIGPIPE signal (for not suddenly stopping) 2017-11-10 10:42:17 +01:00
Willem Toorop 87879783ec Postpone dealing with upstream derenferencing issue 2017-10-18 14:33:59 +02:00
Willem Toorop eedd1a1448 Eat incoming garbage on statefull transports 
Can deal with timed out queries that are answered anyway.
+ reset the upstream on failure always
  (since requests are rescheduled for fallback by upstream_failed now anyway)
 2017-10-17 16:58:01 +02:00
Willem Toorop 52a4500792 Signedness error 2017-09-28 15:13:57 +02:00
Willem Toorop 078c50f1b2 fread with mingw32 compiled can return < file sz, 
because it automatically converts \r\n into \n
 2017-09-28 15:09:16 +02:00
Willem Toorop a7fc760141 Dependencies 2017-09-27 12:47:01 +02:00
Willem Toorop bf2e08e2df Move yaml config handling to Stubby 2017-09-27 12:45:13 +02:00
Willem Toorop 712f62a4c1 Things that came out of compiling on Windows 2017-09-21 11:03:38 +02:00
Jim Hague dcc6cd36c6 Merge pull request #2 from saradickinson/features/yaml 
Change extension from .yaml to .yml
 2017-09-13 17:56:47 +01:00
Jim Hague 80b2eacc26 Merge branch 'develop' into features/yaml 2017-09-13 16:55:11 +00:00
Sara Dickinson 8618e4b731 Change extension from .yaml to .yml 2017-09-13 17:41:16 +01:00
Sara Dickinson 8c331d580a Improve usage of getdns to make file extension clearer 2017-09-13 15:48:42 +01:00
Sara Dickinson f53e5645d9 Improve the comments about the new backoff handling. 
Remove unnecessary log.
 2017-09-13 10:00:56 +01:00
Jim Hague 6c95f4177d Add YAML configuration option. 
Add new extra functions getdns_yaml2(dict|list|bindata|value)(). These are like their getdns_str2() counterparts, but take YAML input rather than JSON.

YAML introduces a new dependency, on libyaml. YAML can be disabled at configuration time, in which case the dependency is removed.

Modify getdns_query such that if a configuration file name includes ".yaml" it will be processed as a YAML configuration, not a JSON configuration.

Internally, getdns_yaml2*() work by passing the YAML string through a simple translation to JSON. At present, this translation assumes that configuration is the only use case, and so will error if the outer layer of the YAML input is not a map. This in effect means that at present all getdns_yaml2*() functions apart from getdns_yaml2dict() will give an error on the YAML translation to JSON.
 2017-09-12 16:47:57 +01:00
Sara Dickinson 2e4e3873e4 First pass at fixing problems when connections to servers are lost. 
Need to reset connection state if connections fail at setup and on read/write if there are no more messages queued.
This means we will back-off servers that fail, so we should think about using a shorter backoff default in stubby
because otherwise temporarily loss of the network connection will mean having to restart stubby.
Also some minor changes to logging.
 2017-09-06 11:05:08 +01:00
Willem Toorop 5a94081634 Make switch/case fallthroughs explicit 
+1 fallthrough bugfix in getdns_query
 2017-08-24 13:51:58 +02:00
Willem Toorop 6024f9d72e Merge branch 'develop' into devel/without-stubby 2017-08-22 11:27:11 +02:00
Willem Toorop e57011a3ea Compile without stubby by default 
And with stubby from repo (as submodule) when --with-stubby is specified
 2017-08-22 11:25:47 +02:00
wtoorop da7083f55a Merge pull request #316 from wtoorop/devel/roadblocks_and_valchains 
Devel/roadblocks and valchains
 2017-08-18 15:55:56 +02:00
wtoorop ae0dd866aa Merge pull request #313 from MelindaShore/develop 
Modified Dockerfile to check out getdns master
 2017-08-18 15:52:49 +02:00
Willem Toorop c5acb3769b Exit with error when answers were bogus 2017-07-06 21:28:34 +02:00
Willem Toorop d402603f4a Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2017-07-06 12:13:30 +02:00
Willem Toorop 4478745955 No output from getdns_query to stdout except the result (unless -V is used) 
Resolves issue #315
 2017-07-06 12:08:09 +02:00
Sara Dickinson 28c41c3495 Move the SYNC/ASYNC response text to after the dict so the dict is the first thing output and can be parsed without stripping this text (request from user). 2017-07-06 12:03:35 +02:00
Melinda Shore 146638ab94 Modified Dockerfile to check out getdns master and to use unbound-anchor to install dnssec trust root 2017-06-28 22:11:30 -08:00
wtoorop 45884a2dd7 Merge pull request #310 from getdnsapi/features/getdns_context_set_logfunc 
A configurable log function
 2017-06-28 22:55:45 +02:00
Willem Toorop 264135e799 Reintroduct timestamps and replace GETDNS_DAEMON: with STUBBY: 2017-06-28 21:09:40 +02:00
Willem Toorop 8235250fb6 Rename SYSTEM_DAEMON in LOG_UPSTREAM_STATS 2017-06-28 20:57:53 +02:00
Melinda Shore b0c55d540f Basic Dockerfile for stubby. 2017-06-26 17:17:16 -08:00
Willem Toorop 04e554086a A configurable log function 
Currently used only for DAEMON_DEBUG
 2017-06-27 00:23:22 +02:00
Willem Toorop ac084db231 Don't build libtool stubby if installed directly 2017-06-19 12:19:14 +02:00
Willem Toorop 5e1cceca82 Stubby is installed from getdns_query directly 2017-06-19 12:12:09 +02:00
Willem Toorop a07290a9b0 Bugfix for parallel make install 2017-06-19 12:06:34 +02:00
Sara Dickinson d2e8ac9e61 Change script name so it is specific for macOS (which is the new ‘official’ name for Mac OS X!) 
Add the copyright statement to the stubby-setdns-macos.sh file
 2017-06-07 17:00:21 +01:00
Sara Dickinson 305a6f6b6a 1) Add a stubby-setdns script (for MAC OS X only at the moment) to support Homebrew formula 
2) Remove the OARC server from the default config. So now only include the servers that commit to not logging user data. Can make this clearer once we have a yaml config file.
3) Update makefile to include stubby.conf and stubby-setdns in dist tarball
 2017-06-02 11:52:56 +01:00
Willem Toorop ad53010cd2 NSAP-PTR 2017-05-02 14:50:39 +02:00
Willem Toorop eb8fe6184a getdnsapi.net DNS over TLS ips to match the name 2017-04-13 11:47:44 +02:00
wtoorop 0857926965 Merge pull request #283 from wtoorop/devel/doxygen 
Devel/doxygen
 2017-04-12 22:53:21 +02:00
Sara Dickinson 6e66754795 Nope - just add uncensored as the yeti servers would require a different trust anchor 2017-04-12 18:19:34 +01:00
Willem Toorop 708e520989 Spelling fixes from Andreas Schulze 2017-04-11 23:33:24 +02:00
Sara Dickinson ce7ee62355 Should we update stubby.conf to include 2 of the new test servers? 2017-04-11 15:24:10 +01:00
Willem Toorop c9b3e3cf7b Allow cleanup of naked idle timeouts 2017-04-06 20:50:34 +02:00
wtoorop fe49bc1c69 Merge pull request #279 from dkg/feature/padding-policy 
Implement sensible default padding policy.
 2017-03-27 08:19:31 -05:00
Daniel Kahn Gillmor f2a90925bc getdns-query: S is no longer a valid transport label. 2017-03-26 14:38:43 -05:00
Daniel Kahn Gillmor 9de4d6537b Implement sensible default padding policy. 
This commit changes the semantics of tls_query_padding_blocksize()
slightly.  Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
 2017-03-26 14:37:28 -05:00
Sara Dickinson 1d4e3dd790 Update the name of the new option to 'round_robin_upstreams' 2017-03-17 16:53:03 +00:00
Sara Dickinson f0f3c43552 - Add a new mode where for TLS (and infact TCP too) the upstream selection simply cycles over all the upstreams rather than treating them as an ordered list and always using the first open one. 
- Make IP field in debug output fixed width
- Collect all the one line config options at the top of the stubby.conf file to make it easier to read
 2017-03-16 14:51:46 +00:00
Willem Toorop 09baade016 Print pinsets Bas64 too 
+ bugfix in reading base64
+ base64 pinsets in stubby.conf
 2017-02-28 07:28:18 -08:00
Sara Dickinson ebdf657fd7 Change pins for IPv6 addresses for Sinodun privacy servers! 
Improve logging of auth failure
 2017-02-23 16:48:16 +00:00
Sara Dickinson 356408955d Update the SPKI pin in the stubby.conf file for the Sinodun/Surfnet servers. 2017-02-23 13:55:43 +00:00
Sara Dickinson 09df4e2d5d Fix spacing error in stubby help output 2017-02-23 13:55:43 +00:00
Willem Toorop 04f6a2b13b Fixed dependencies 2017-02-15 12:47:55 +01:00
Willem Toorop 80219a4195 Merge branch 'bugfix/replace__FUNCTION__' into bugfix/1.1.0-alpha3/replace__FUNCTION__ 2016-12-12 14:20:31 +01:00
Sara Dickinson 7b58dc25a6 - Fix bug where a self signed cert + only a pinset would not authenticate 
- Add OARC servers with pinset only to stubby.conf
- Move Authentication strings to types_internal for use in call_debugging
- Add connection counts to call_debugging
-
 2016-12-09 17:03:41 +00:00
Willem Toorop 1264099be7 Pedantic warnings and XTRA_CFLAGS for tools too 2016-12-09 14:02:27 +01:00
Willem Toorop 8b454afb80 dependencies 2016-12-09 13:57:42 +01:00
Willem Toorop 9d48c47980 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-08 16:31:47 +01:00
Willem Toorop 8f75e4ed8d Few more things to work with CFLAGS=-Wextra 2016-12-08 15:17:27 +01:00
Willem Toorop f31b2fa233 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-08 15:06:25 +01:00
Sara Dickinson 691d32cf80 Improve README entry on stubby. Add a link to dnsprivacy.org (Willem - is this set up yet?) 
Add sample Strict config file into the source with a pointer from the README. Not sure about installing this yet as opportunistic seems a better default...?
 2016-12-06 15:59:40 +00:00
Sara Dickinson 471e8725e2 Change the default profile for Stubby to use TLS then UDP/TCP 
- this will only try over TLS a few times before backing off to clear text
  - but makes the default  for Stubby opportunistic privacy (Willem - WDYT?)
Also use padding and ECS privacy by default for Stubby.
More debugging to help users when there are failures or fallbacks.
Also remove a few help options from Stubby that don't apply
Add -v to output version on getdns_query/stubby
 2016-12-06 14:44:40 +00:00
Willem Toorop 57e2a18f94 Minor fixes to make it compile on Windows again 2016-11-03 15:35:53 +01:00
Willem Toorop 4bf93de12b More conventional function prototypes for servers 2016-11-02 13:40:02 +01:00
Willem Toorop bc70b29416 Stubby release 2016-10-19 07:30:31 -05:00
Willem Toorop 732844eeaa Correct default config 2016-10-16 09:46:02 -05:00
Willem Toorop 05fb6edfcb Linking to allow running stubby from src/tools 2016-10-16 05:39:04 -05:00
Willem Toorop 838375fe66 Run stubby in foreground by default 2016-10-16 05:32:05 -05:00
Willem Toorop ec04dc21ee Stubby defaults in help text 2016-10-14 10:14:38 -05:00
Willem Toorop 3d356bd35e Stubby runs in background by default 2016-10-14 09:51:17 -05:00
Willem Toorop 58b5ead67a Make stubby act as stubby 2016-10-14 08:24:25 -05:00
Willem Toorop 3f965e68c0 Stubby is getdns_query with a different name 2016-10-14 12:02:23 +02:00
Willem Toorop 94292f5bc7 Merge branch 'release/v1.0.0b2' into release/v1.1.0a1 2016-07-14 16:22:53 +02:00
Willem Toorop 0340b74604 Dependencies 2016-07-14 15:04:19 +02:00
Willem Toorop 80ea8637d1 Recover src/tools 2016-07-14 14:50:26 +02:00