1. 08 Mar, 2016 1 commit
    • Marek Vavrusa's avatar
      daemon: track case when all upstreams fail · 8700f00d
      Marek Vavrusa authored
      previously full timeout led to reset of the evaluated
      address list and no upstream server was penalised
      for not answering the query, this penalises all of
      tried servers with TIMEOUT
  2. 05 Mar, 2016 1 commit
  3. 03 Mar, 2016 1 commit
  4. 24 Feb, 2016 3 commits
  5. 23 Feb, 2016 1 commit
  6. 22 Feb, 2016 1 commit
  7. 17 Feb, 2016 1 commit
  8. 12 Feb, 2016 2 commits
  9. 11 Feb, 2016 1 commit
  10. 08 Feb, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/validate: scrubbed extra rrs in NS were checked · 78cb3f07
      Marek Vavrusa authored
      the validator module should ignore any data that
      will be scrubbed, that includes non-authoritative
      data outside current bailiwick. previously, 
      validator attempted to ignore these records only
      for answer section and had a special case for NS
      cache: non-authoritative NS records are always
      unchecked and must be treated as insecure
      affected: www.iana.org trying to provide
      delegation information for CNAME target, which is
      moot with CNAME target explicit-fetch policy unless
      the the resolver already knows DNSKEY with which
      is could verify the records
  11. 03 Feb, 2016 5 commits
  12. 30 Jan, 2016 5 commits
  13. 29 Jan, 2016 2 commits
  14. 23 Jan, 2016 2 commits
  15. 22 Jan, 2016 6 commits
    • Marek Vavrusa's avatar
      scripts: kresd-query.lua (new) · b81be10e
      Marek Vavrusa authored
      this is a boilerplate for a CLI utility to resolve
      names and execute script on query response
      in another words, "a jq for resolver answers"
      this is a scaffolding for alternative tools like
      'host' or a plug-in part for scripting around it.
      it basically starts a kresd instance, but doesn't
      bind to any interface or read configuration,
      then a query + callback is sent to kresd standard
      input, and it quits after the execution
    • Marek Vavrusa's avatar
      daemon/trust_anchors: faster TA bootstrap refetch · f8500573
      Marek Vavrusa authored
      when boostrapping root TA, the DNSKEYs are updated
      immediately after retrieving DS from the side channel
    • Marek Vavrusa's avatar
      daemon/lua: kres can see request zone cut (part) · 6fc892e1
      Marek Vavrusa authored
      a part of the zone cut is visible from Lua world:
      - zone cut name (dname)
      - trust anchor (rrset)
      - current key (rrset)
    • Marek Vavrusa's avatar
      lib/resolve: new flag ALWAYS_CUT · adaed4ba
      Marek Vavrusa authored
      when raised, a response zone cut will be recovered
      even if the response came from cache. this is
      normally not needed (and incurs additional cache
      lookups), but it may be useful for
    • Marek Vavrusa's avatar
      daemon: "-c -" doesn't ready any configuration · 05331a56
      Marek Vavrusa authored
      this includes default configuration, resolver
      starts completely blank
    • Marek Vavrusa's avatar
      daemon: resolve callback has request as well · 7f282a1d
      Marek Vavrusa authored
      the second parameter to resolve() callback function
      is request (kres.request_t), so the caller can
      look into request stats, timing and zone cut data
  16. 21 Jan, 2016 4 commits
  17. 20 Jan, 2016 2 commits
  18. 19 Jan, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/iterate: ignore out-of-bailiwick NSs for positive answers · 2800e375
      Marek Vavrusa authored
      there are broken resolution chains where a zone cut is advertised,
      but it doesn't exist and the final NS answers from its parent's
      zone cut, which is an attempt to escape bailiwick
      resolving A ab.cd.ef
      NS ef responds:
       - ab.cd.ef NS X ; adverises ab.cd.ef zone cut
      X responds:
       - A ab.cd.ef A
       - cd.ef NS X ; escapes previously advertised cut
      on the other hand, it is important to fail early for referrals as
      it signifies a lame answer