1. 05 Mar, 2016 1 commit
  2. 03 Mar, 2016 1 commit
  3. 24 Feb, 2016 3 commits
  4. 23 Feb, 2016 1 commit
  5. 22 Feb, 2016 1 commit
  6. 17 Feb, 2016 1 commit
  7. 12 Feb, 2016 2 commits
  8. 11 Feb, 2016 1 commit
  9. 08 Feb, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/validate: scrubbed extra rrs in NS were checked · 78cb3f07
      Marek Vavrusa authored
      the validator module should ignore any data that
      will be scrubbed, that includes non-authoritative
      data outside current bailiwick. previously, 
      validator attempted to ignore these records only
      for answer section and had a special case for NS
      records.
      
      cache: non-authoritative NS records are always
      unchecked and must be treated as insecure
      
      affected: www.iana.org trying to provide
      delegation information for CNAME target, which is
      moot with CNAME target explicit-fetch policy unless
      the the resolver already knows DNSKEY with which
      is could verify the records
      78cb3f07
  10. 03 Feb, 2016 5 commits
  11. 30 Jan, 2016 5 commits
  12. 29 Jan, 2016 2 commits
  13. 23 Jan, 2016 2 commits
  14. 22 Jan, 2016 6 commits
    • Marek Vavrusa's avatar
      scripts: kresd-query.lua (new) · b81be10e
      Marek Vavrusa authored
      this is a boilerplate for a CLI utility to resolve
      names and execute script on query response
      in another words, "a jq for resolver answers"
      
      this is a scaffolding for alternative tools like
      'host' or a plug-in part for scripting around it.
      
      it basically starts a kresd instance, but doesn't
      bind to any interface or read configuration,
      then a query + callback is sent to kresd standard
      input, and it quits after the execution
      b81be10e
    • Marek Vavrusa's avatar
      daemon/trust_anchors: faster TA bootstrap refetch · f8500573
      Marek Vavrusa authored
      when boostrapping root TA, the DNSKEYs are updated
      immediately after retrieving DS from the side channel
      f8500573
    • Marek Vavrusa's avatar
      daemon/lua: kres can see request zone cut (part) · 6fc892e1
      Marek Vavrusa authored
      a part of the zone cut is visible from Lua world:
      - zone cut name (dname)
      - trust anchor (rrset)
      - current key (rrset)
      6fc892e1
    • Marek Vavrusa's avatar
      lib/resolve: new flag ALWAYS_CUT · adaed4ba
      Marek Vavrusa authored
      when raised, a response zone cut will be recovered
      even if the response came from cache. this is
      normally not needed (and incurs additional cache
      lookups), but it may be useful for
      inspection
      adaed4ba
    • Marek Vavrusa's avatar
      daemon: "-c -" doesn't ready any configuration · 05331a56
      Marek Vavrusa authored
      this includes default configuration, resolver
      starts completely blank
      05331a56
    • Marek Vavrusa's avatar
      daemon: resolve callback has request as well · 7f282a1d
      Marek Vavrusa authored
      the second parameter to resolve() callback function
      is request (kres.request_t), so the caller can
      look into request stats, timing and zone cut data
      7f282a1d
  15. 21 Jan, 2016 4 commits
  16. 20 Jan, 2016 2 commits
  17. 19 Jan, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/iterate: ignore out-of-bailiwick NSs for positive answers · 2800e375
      Marek Vavrusa authored
      there are broken resolution chains where a zone cut is advertised,
      but it doesn't exist and the final NS answers from its parent's
      zone cut, which is an attempt to escape bailiwick
      
      example:
      
      resolving A ab.cd.ef
      NS ef responds:
       - ab.cd.ef NS X ; adverises ab.cd.ef zone cut
      X responds:
       - A ab.cd.ef A 1.2.3.4
       - cd.ef NS X ; escapes previously advertised cut
      
      on the other hand, it is important to fail early for referrals as
      it signifies a lame answer
      2800e375
  18. 18 Jan, 2016 1 commit