Commits · 97fae91563cb8d036a95f528ca3aef18ea5fda9c · Knot projects / Knot DNS

Apr 26, 2017
- zone/bugfix: replanning zonefile flush even when was not flushed · 97fae915
  Libor Peltan authored 7 years ago and Daniel Salzman committed 7 years ago
  
  97fae915
Apr 24, 2017
- conf: decrease default max-journal-db-size to 1 GiB for 32-bit system · def24ab7
  Daniel Salzman authored 7 years ago
  
  def24ab7
Apr 19, 2017
- tcp: simplify process_query_param initialization · f4563e32
  Daniel Salzman authored 7 years ago
  
  f4563e32
- confio: a better implementation of c3f4368d · b0ec887d
  Daniel Salzman authored 7 years ago
  
  b0ec887d
- conf: fix conf_new leaks if an error · eee274c8
  Daniel Salzman authored 7 years ago
  
  eee274c8
- knotd: add missing conf_iter_finish if early return · a0eb2d3b
  Daniel Salzman authored 7 years ago
  
  a0eb2d3b
Apr 18, 2017
- module/whoami: simplify SOA TTL getter · 1817add1
  Daniel Salzman authored 7 years ago
  
  1817add1
- confio: print error output if general conf-check error · c3f4368d
  Daniel Salzman authored 7 years ago
  
  c3f4368d
- confio: check id references if whole section removal · 9ef275b6
  Daniel Salzman authored 7 years ago
  
  9ef275b6
- nameserver: unify axfr and ixfr source files · 97b04676
  Daniel Salzman authored 7 years ago
  
  97b04676
Apr 11, 2017
- Remove knot tag from Gitlab CI · bab62de8
  Ondřej Surý authored 7 years ago
  
  bab62de8
- Update to Gitlab CI to use new docker images · b3c6ac57
  Ondřej Surý authored 7 years ago
  
  b3c6ac57
Apr 10, 2017
- Merge branch 'zone_einval_fix' into 'master' · 3b048bc3
  Daniel Salzman authored 7 years ago
```
zone: fixed einval when flushing non-open journal

See merge request !701
```
  3b048bc3
- zone: fixed einval when flushing non-open journal · 4fe64581
  Libor Peltan authored 7 years ago
  
  4fe64581
- Merge branch 'keymgr_dot_fix' into 'master' · d3ef6048
  Daniel Salzman authored 7 years ago
```
keymgr: fixed trailing dot at keymgr DS output

Closes #515

See merge request !700
```
  d3ef6048
- keymgr: fixed trailing dot at keymgr DS output · 951180df
  Libor Peltan authored 7 years ago
  
  951180df
- kdig: check QR bit only on the first XFR message · 6bce5bec
  Daniel Salzman authored 7 years ago
```
A warning for a non-first message would mix up with regular XFR output.
```
  6bce5bec
Apr 07, 2017
- Merge branch 'kdig_check_qr' into 'master' · 4d277301
  Daniel Salzman authored 7 years ago
```
kdig: checking QR bit on response

Closes #512

See merge request !699
```
  4d277301
- kdig: checking QR bit on response · 18407772
  Libor Peltan authored 7 years ago
  
  18407772
- Merge branch 'tsig_default_sha256' into 'master' · bb2ba911
  Daniel Salzman authored 7 years ago
```
utils: tsig argument: if alg unspecified, using sha256

Closes #514

See merge request !698
```
  bb2ba911
- utils: tsig argument: if alg unspecified, using sha256 · eedfad54
  Libor Peltan authored 7 years ago
  
  eedfad54
Apr 06, 2017
- conf: move address range item into yparser schema · a6351bf8
  Daniel Salzman authored 7 years ago
  
  a6351bf8
- Merge branch 'journal_evolution' into 'master' · 67e7952c
  Daniel Salzman authored 7 years ago
```
Journal evolution

See merge request !697
```
  67e7952c
- journal: bugfix: don't merge before drop_journal · 79948e49
  Libor Peltan authored 7 years ago
```
...because the merged changes had been pushed to insert queue and
inserted after drop_journal!!
```
  79948e49
- journal: fixed segfault on merging single changeset · bba0dcd0
  Libor Peltan authored 7 years ago
  
  bba0dcd0
- journal: cosmetic: removed double condition · 82fcdb2f
  Libor Peltan authored 7 years ago
  
  82fcdb2f
Apr 05, 2017

Implement sensible default EDNS(0) padding policy. · 2dd9f406

Daniel Kahn Gillmor authored 7 years ago and

Daniel Salzman committed 7 years ago

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since future research could propose even better policies, and future
DNS traffic characteristics might evolve, I've implemented this
recommendation as a new function in libknot:
knot_edns_default_padding_size()

This changeset also modifies kdig to use this padding policy by
default when doing queries over TLS, and defines +padding (with no
argument) as a kdig option that forces the use of the default padding
policy.

With this changeset, any libknot user who wants to use "a sensible DNS
padding policy" can just rely on the library; this means that if a
better padding policy is determined in the future, it can be
distributed to all users by upgrading libknot.

2dd9f406

journal: fixed iteration reset · 502db3fe
Libor Peltan authored 7 years ago

502db3fe

Apr 04, 2017
- confio: fix empty conf-diff if new section addition · 66549cc9
  Daniel Salzman authored 7 years ago
  
  66549cc9
- confio: disallow setting of group.id without a value + refactoring · 29afdfd5
  Daniel Salzman authored 7 years ago
  
  29afdfd5
- journal: removed nasty ESEMCHECK in favor of additional bool · cb2ed126
  Libor Peltan authored 7 years ago
  
  cb2ed126
- journal: typo fixes · 56277cb0
  Daniel Salzman authored 7 years ago
  
  56277cb0
Apr 03, 2017
- Merge branch 'journal_zoneload_discontinuity' into 'master' · 76f66ce1
  Daniel Salzman authored 7 years ago
```
journal: fixed EINVAL on (zone load + histiory discontinuity + dnssec)

See merge request !696
```
  76f66ce1
- journal: fixed EINVAL on (zone load + histiory discontinuity + dnssec) · a8c9d248
  Libor Peltan authored 7 years ago
  
  a8c9d248
Mar 30, 2017
- Merge branch 'indextostrchr' into 'master' · 0c9db175
  Daniel Salzman authored 7 years ago
```
utils: replace index function for strchr

See merge request !695
```
  0c9db175
- Merge branch 'fix_stats_yaml' into 'master' · 8e7007fb
  Libor Peltan authored 7 years ago
```
stats: fix missing 'zone' keyword in the YAML ouput

See merge request !694
```
  8e7007fb
- utils: replace index function for strchr · 0d66e386
  Filip Siroky authored 7 years ago
  
  0d66e386
- journal: test fix preventing too much influence by ~350kB lmdb overhead · 9053f80d
  Libor Peltan authored 7 years ago
  
  9053f80d
- stats: fix missing 'zone' keyword in the YAML ouput · 0a5c5f9b
  Daniel Salzman authored 7 years ago
  
  0a5c5f9b
Mar 29, 2017
- Merge branch 'journal_fixes' into 'master' · 35723d71
  Daniel Salzman authored 7 years ago
```
Journal fixes

See merge request !693
```
  35723d71

Admin message

Admin message