Commits · 2dd9f406e333a1cedfa2380ffad57913cecf8efb · Knot projects / Knot DNS

Apr 05, 2017

Implement sensible default EDNS(0) padding policy. · 2dd9f406

Daniel Kahn Gillmor authored 7 years ago and

Daniel Salzman committed 7 years ago

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since future research could propose even better policies, and future
DNS traffic characteristics might evolve, I've implemented this
recommendation as a new function in libknot:
knot_edns_default_padding_size()

This changeset also modifies kdig to use this padding policy by
default when doing queries over TLS, and defines +padding (with no
argument) as a kdig option that forces the use of the default padding
policy.

With this changeset, any libknot user who wants to use "a sensible DNS
padding policy" can just rely on the library; this means that if a
better padding policy is determined in the future, it can be
distributed to all users by upgrading libknot.

2dd9f406

Apr 04, 2017
- confio: fix empty conf-diff if new section addition · 66549cc9
  Daniel Salzman authored 7 years ago
  
  66549cc9
- confio: disallow setting of group.id without a value + refactoring · 29afdfd5
  Daniel Salzman authored 7 years ago
  
  29afdfd5
- journal: typo fixes · 56277cb0
  Daniel Salzman authored 7 years ago
  
  56277cb0
Apr 03, 2017
- Merge branch 'journal_zoneload_discontinuity' into 'master' · 76f66ce1
  Daniel Salzman authored 7 years ago
```
journal: fixed EINVAL on (zone load + histiory discontinuity + dnssec)

See merge request !696
```
  76f66ce1
- journal: fixed EINVAL on (zone load + histiory discontinuity + dnssec) · a8c9d248
  Libor Peltan authored 7 years ago
  
  a8c9d248
Mar 30, 2017
- Merge branch 'indextostrchr' into 'master' · 0c9db175
  Daniel Salzman authored 7 years ago
```
utils: replace index function for strchr

See merge request !695
```
  0c9db175
- Merge branch 'fix_stats_yaml' into 'master' · 8e7007fb
  Libor Peltan authored 7 years ago
```
stats: fix missing 'zone' keyword in the YAML ouput

See merge request !694
```
  8e7007fb
- utils: replace index function for strchr · 0d66e386
  Filip Siroky authored 7 years ago
  
  0d66e386
- journal: test fix preventing too much influence by ~350kB lmdb overhead · 9053f80d
  Libor Peltan authored 7 years ago
  
  9053f80d
- stats: fix missing 'zone' keyword in the YAML ouput · 0a5c5f9b
  Daniel Salzman authored 7 years ago
  
  0a5c5f9b
Mar 29, 2017
- Merge branch 'journal_fixes' into 'master' · 35723d71
  Daniel Salzman authored 7 years ago
```
Journal fixes

See merge request !693
```
  35723d71
- journal: set 'occupied' metadata to zero when dropping/scraping zone journal · 7e29eb7b
  Libor Peltan authored 7 years ago
  
  7e29eb7b
- journal: preserve errcode on txn restart · a764a774
  Libor Peltan authored 7 years ago
  
  a764a774
- journal: metadata get 64-bit (except serial-number-related ones) · 672b41f2
  Libor Peltan authored 7 years ago
  
  672b41f2
Mar 27, 2017
- dynarray: fix typo · 305a3895
  Daniel Salzman authored 7 years ago
  
  305a3895
Mar 25, 2017
- Merge branch 'emacs-friendly' into 'master' · bba360df
  Ondřej Surý authored 7 years ago
```
added surmised C indentation rules for emacs users

See merge request !691
```
  bba360df
- added surmised C indentation rules for emacs users · 7eae9f55
  Daniel Kahn Gillmor authored 7 years ago
  
  7eae9f55
Mar 24, 2017
- zscanner: upgrade to Ragel 6.10 · 8db77b20
  Daniel Salzman authored 7 years ago
  
  8db77b20
- Merge branch 'dynarray_improvements' into 'master' · d5a1ed27
  Daniel Salzman authored 7 years ago
```
dynarray: modified to be exportable as symbols; added foreach

See merge request !679
```
  d5a1ed27
Mar 23, 2017
- log: add comment about LOG_SOURCE_ANY usage · 52b568ae
  Daniel Salzman authored 8 years ago
  
  52b568ae
- tests-extra: update zone expiry timer in zone/older_soa · a1a8f7f8
  Daniel Salzman authored 8 years ago
  
  a1a8f7f8
Mar 21, 2017
- rrl: tiny code cleanup · 71bce246
  Daniel Salzman authored 8 years ago
  
  71bce246
- tests/journal: remove debug output · e9a141bb
  Daniel Salzman authored 8 years ago
  
  e9a141bb
Mar 20, 2017
- Merge branch 'ddns_forward_tsig' into 'master' · e94d92c3
  Daniel Salzman authored 8 years ago
```
Ddns forward tsig

See merge request !689
```
  e94d92c3
- Merge branch 'update_report_time' into 'master' · cdafd5e5
  Daniel Salzman authored 8 years ago
```
Update report time

See merge request !690
```
  cdafd5e5
- ddns: fixed time report sec versus millis · 8cd4b423
  Libor Peltan authored 8 years ago
  
  8cd4b423
- Merge branch 'kdig_nocrypto' into 'master' · af9f4da1
  Daniel Salzman authored 8 years ago
```
kdig: added [no]crypto option omitting binary dump of keys

See merge request !682
```
  af9f4da1
- doc: added kdig status options detail · 6e14699f
  Libor Peltan authored 8 years ago and Daniel Salzman committed 8 years ago
  
  6e14699f
- kdig: added [no]crypto option omitting binary dump of keys · bbedbf02
  Libor Peltan authored 8 years ago and Daniel Salzman committed 8 years ago
  
  bbedbf02
- tests: switched ddns/forward to knot_knot scheme · 7205c844
  Libor Peltan authored 8 years ago
  
  7205c844
- ctl: remove running from status with arguments, fix snprintf err return · 18f37a08
  Daniel Salzman authored 8 years ago
  
  18f37a08
- ddns+forward+tsig: not changing msgID in general packet wire · d5e5070d
  Libor Peltan authored 8 years ago
```
instead of hard-changing msgID in packet wire, which breaks msgID for the response, we just
set the original msgID when computing the tsig hash to check against
```
  d5e5070d
Mar 17, 2017
- Merge branch 'journal_fast' into 'master' · 7d924855
  Daniel Salzman authored 8 years ago
```
journal: added journal-fast option by LMDB flags for many-zones slaves to speed up axfr

See merge request !688
```
  7d924855
- journal: added journal-fast option by LMDB flags for many-zones slaves to speed up axfr · 0e1f388e
  Libor Peltan authored 8 years ago
  
  0e1f388e
Mar 15, 2017
- Merge branch 'ctl_status_augment' into 'master' · 3ddf426c
  Daniel Salzman authored 8 years ago
```
ctl: status: added options: version, workers, configure

Closes #507

See merge request !683
```
  3ddf426c
- ctl server status: display configure result summary · 4fc34398
  Libor Peltan authored 8 years ago
```
instead of configure script parameters
```
  4fc34398
Mar 14, 2017
- dnssec/dname: remove duplicate macro DNAME_MAX_LABEL_LENGTH · 245ae377
  Daniel Salzman authored 8 years ago
  
  245ae377
Mar 13, 2017
- Merge branch 'nitpicks' into 'master' · 504ea373
  Daniel Salzman authored 8 years ago
```
add parameter check and improve doc-comments

See merge request !686
```
  504ea373
- knot_rrset_txt_dump_data: don't segfault if out of range · a8267f35
  Vladimír Čunát authored 8 years ago
  
  a8267f35

Admin message

Admin message