1. 11 Feb, 2016 1 commit
  2. 08 Feb, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/validate: scrubbed extra rrs in NS were checked · 78cb3f07
      Marek Vavrusa authored
      the validator module should ignore any data that
      will be scrubbed, that includes non-authoritative
      data outside current bailiwick. previously, 
      validator attempted to ignore these records only
      for answer section and had a special case for NS
      cache: non-authoritative NS records are always
      unchecked and must be treated as insecure
      affected: www.iana.org trying to provide
      delegation information for CNAME target, which is
      moot with CNAME target explicit-fetch policy unless
      the the resolver already knows DNSKEY with which
      is could verify the records
  3. 03 Feb, 2016 5 commits
  4. 30 Jan, 2016 5 commits
  5. 29 Jan, 2016 2 commits
  6. 23 Jan, 2016 2 commits
  7. 22 Jan, 2016 6 commits
    • Marek Vavrusa's avatar
      scripts: kresd-query.lua (new) · b81be10e
      Marek Vavrusa authored
      this is a boilerplate for a CLI utility to resolve
      names and execute script on query response
      in another words, "a jq for resolver answers"
      this is a scaffolding for alternative tools like
      'host' or a plug-in part for scripting around it.
      it basically starts a kresd instance, but doesn't
      bind to any interface or read configuration,
      then a query + callback is sent to kresd standard
      input, and it quits after the execution
    • Marek Vavrusa's avatar
      daemon/trust_anchors: faster TA bootstrap refetch · f8500573
      Marek Vavrusa authored
      when boostrapping root TA, the DNSKEYs are updated
      immediately after retrieving DS from the side channel
    • Marek Vavrusa's avatar
      daemon/lua: kres can see request zone cut (part) · 6fc892e1
      Marek Vavrusa authored
      a part of the zone cut is visible from Lua world:
      - zone cut name (dname)
      - trust anchor (rrset)
      - current key (rrset)
    • Marek Vavrusa's avatar
      lib/resolve: new flag ALWAYS_CUT · adaed4ba
      Marek Vavrusa authored
      when raised, a response zone cut will be recovered
      even if the response came from cache. this is
      normally not needed (and incurs additional cache
      lookups), but it may be useful for
    • Marek Vavrusa's avatar
      daemon: "-c -" doesn't ready any configuration · 05331a56
      Marek Vavrusa authored
      this includes default configuration, resolver
      starts completely blank
    • Marek Vavrusa's avatar
      daemon: resolve callback has request as well · 7f282a1d
      Marek Vavrusa authored
      the second parameter to resolve() callback function
      is request (kres.request_t), so the caller can
      look into request stats, timing and zone cut data
  8. 21 Jan, 2016 4 commits
  9. 20 Jan, 2016 2 commits
  10. 19 Jan, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/iterate: ignore out-of-bailiwick NSs for positive answers · 2800e375
      Marek Vavrusa authored
      there are broken resolution chains where a zone cut is advertised,
      but it doesn't exist and the final NS answers from its parent's
      zone cut, which is an attempt to escape bailiwick
      resolving A ab.cd.ef
      NS ef responds:
       - ab.cd.ef NS X ; adverises ab.cd.ef zone cut
      X responds:
       - A ab.cd.ef A
       - cd.ef NS X ; escapes previously advertised cut
      on the other hand, it is important to fail early for referrals as
      it signifies a lame answer
  11. 18 Jan, 2016 1 commit
  12. 15 Jan, 2016 2 commits
  13. 11 Jan, 2016 8 commits