- Apr 26, 2017
-
-
- Apr 24, 2017
-
-
Daniel Salzman authored
-
- Apr 19, 2017
-
-
Daniel Salzman authored
-
Daniel Salzman authored
-
Daniel Salzman authored
-
Daniel Salzman authored
-
- Apr 18, 2017
-
-
Daniel Salzman authored
-
Daniel Salzman authored
-
Daniel Salzman authored
-
Daniel Salzman authored
-
- Apr 11, 2017
-
-
Ondřej Surý authored
-
Ondřej Surý authored
-
- Apr 10, 2017
-
-
Daniel Salzman authored
zone: fixed einval when flushing non-open journal See merge request !701
-
Libor Peltan authored
-
Daniel Salzman authored
keymgr: fixed trailing dot at keymgr DS output Closes #515 See merge request !700
-
Libor Peltan authored
-
Daniel Salzman authored
A warning for a non-first message would mix up with regular XFR output.
-
- Apr 07, 2017
-
-
Daniel Salzman authored
kdig: checking QR bit on response Closes #512 See merge request !699
-
Libor Peltan authored
-
Daniel Salzman authored
utils: tsig argument: if alg unspecified, using sha256 Closes #514 See merge request !698
-
Libor Peltan authored
-
- Apr 06, 2017
-
-
Daniel Salzman authored
-
Daniel Salzman authored
Journal evolution See merge request !697
-
Libor Peltan authored
...because the merged changes had been pushed to insert queue and inserted after drop_journal!!
-
Libor Peltan authored
-
Libor Peltan authored
-
- Apr 05, 2017
-
-
At NDSS 2017's DNS privacy workshop, I presented an empirical study of DNS padding policies: https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3 The slide deck is here: https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf The resulting recommendation from the research is that a simple padding policy is relatively cheap and still protective of metadata when DNS traffic is encrypted: * queries should be padded to a multiple of 128 octets * responses should be padded to a multiple of 468 octets Since future research could propose even better policies, and future DNS traffic characteristics might evolve, I've implemented this recommendation as a new function in libknot: knot_edns_default_padding_size() This changeset also modifies kdig to use this padding policy by default when doing queries over TLS, and defines +padding (with no argument) as a kdig option that forces the use of the default padding policy. With this changeset, any libknot user who wants to use "a sensible DNS padding policy" can just rely on the library; this means that if a better padding policy is determined in the future, it can be distributed to all users by upgrading libknot.
-
Libor Peltan authored
-
- Apr 04, 2017
-
-
Daniel Salzman authored
-
Daniel Salzman authored
-
Libor Peltan authored
-
Daniel Salzman authored
-
- Apr 03, 2017
-
-
Daniel Salzman authored
journal: fixed EINVAL on (zone load + histiory discontinuity + dnssec) See merge request !696
-
Libor Peltan authored
-
- Mar 30, 2017
-
-
Daniel Salzman authored
utils: replace index function for strchr See merge request !695
-
Libor Peltan authored
stats: fix missing 'zone' keyword in the YAML ouput See merge request !694
-
Filip Siroky authored
-
Libor Peltan authored
-
Daniel Salzman authored
-
- Mar 29, 2017
-
-
Daniel Salzman authored
Journal fixes See merge request !693
-