]>
git.ipfire.org Git - people/ms/dnsmasq.git/log
Simon Kelley [Tue, 18 Feb 2014 22:30:30 +0000 (22:30 +0000)]
Cleanup of server reading code, preparation, for dynamic reading from files.
Simon Kelley [Mon, 17 Feb 2014 21:43:27 +0000 (21:43 +0000)]
--rev-server option. Syntactic sugar for PTR queries.
Simon Kelley [Thu, 13 Feb 2014 16:56:30 +0000 (16:56 +0000)]
Log BOGUS validation result when upstream sends SERVFAIL.
Simon Kelley [Thu, 13 Feb 2014 16:43:49 +0000 (16:43 +0000)]
TYpo.
Simon Kelley [Thu, 13 Feb 2014 16:42:02 +0000 (16:42 +0000)]
No CD in forwarded queries unless dnssec-debug for TCP too.
Simon Kelley [Thu, 13 Feb 2014 16:38:23 +0000 (16:38 +0000)]
Don't mess with the TTL of DNSSEC RRs.
Simon Kelley [Thu, 13 Feb 2014 14:56:10 +0000 (14:56 +0000)]
Add RFC-6605 ECDSA DNSSEC verification.
Simon Kelley [Tue, 11 Feb 2014 11:07:22 +0000 (11:07 +0000)]
Use DS records as trust anchors, not DNSKEYs.
This allows us to query for the root zone DNSKEY RRset and validate
it, thus automatically handling KSK rollover.
Simon Kelley [Mon, 10 Feb 2014 21:02:01 +0000 (21:02 +0000)]
Further tidying of AD and DO bit handling.
Simon Kelley [Mon, 10 Feb 2014 20:11:24 +0000 (20:11 +0000)]
Handle validation when more one key is needed.
Simon Kelley [Mon, 10 Feb 2014 16:42:46 +0000 (16:42 +0000)]
Fix Byte-order botch: broke DNSSEC on big-endian platforms.
Simon Kelley [Mon, 10 Feb 2014 10:35:42 +0000 (10:35 +0000)]
Fix DNSSEC caching problems: incomplete RRSIG RRsets.
Simon Kelley [Thu, 6 Feb 2014 18:14:09 +0000 (18:14 +0000)]
AD bit in queries handled as RFC6840 p5.7
Simon Kelley [Thu, 6 Feb 2014 15:21:37 +0000 (15:21 +0000)]
Add trust-anchors file to Debian package.
Simon Kelley [Thu, 6 Feb 2014 14:45:17 +0000 (14:45 +0000)]
Fix stack-smashing crash in DNSSEC. Thanks to Henk Jan Agteresch.
Simon Kelley [Thu, 6 Feb 2014 12:07:10 +0000 (12:07 +0000)]
DNSSEC config in example file.
Simon Kelley [Thu, 6 Feb 2014 12:01:05 +0000 (12:01 +0000)]
Protect against malicious DNS replies with very large RRsets.
Simon Kelley [Tue, 4 Feb 2014 22:03:06 +0000 (22:03 +0000)]
Make RR work when returning A/AAAA records and an RRSIG.
Jesse Glick [Tue, 4 Feb 2014 20:20:35 +0000 (20:20 +0000)]
Updated version of contrib/try-all-ns
Simon Kelley [Tue, 4 Feb 2014 16:57:25 +0000 (16:57 +0000)]
Linking stuff. Latest Debian/Ubuntu don't automatically link gmp.
Simon Kelley [Tue, 4 Feb 2014 16:49:41 +0000 (16:49 +0000)]
Make DNSEC default, add build-depends for same, bump version.
Simon Kelley [Tue, 4 Feb 2014 11:50:11 +0000 (11:50 +0000)]
CHANGLEOG for DNSSEC.
Simon Kelley [Mon, 3 Feb 2014 21:17:04 +0000 (21:17 +0000)]
Format tweak.
Simon Kelley [Mon, 3 Feb 2014 17:07:51 +0000 (17:07 +0000)]
Log NXDOMAIN correctly.
Simon Kelley [Mon, 3 Feb 2014 16:44:32 +0000 (16:44 +0000)]
Return configured DNSKEYs even though we don't have RRSIGS for them.
Simon Kelley [Mon, 3 Feb 2014 16:27:37 +0000 (16:27 +0000)]
Nasty cache failure and memory leak with DNSSEC.
Simon Kelley [Sat, 1 Feb 2014 14:54:26 +0000 (14:54 +0000)]
Validate Ooops.
Simon Kelley [Fri, 31 Jan 2014 21:05:48 +0000 (21:05 +0000)]
Blockdata fixes and tuning.
Simon Kelley [Fri, 31 Jan 2014 12:42:54 +0000 (12:42 +0000)]
Blockdata leak.
Simon Kelley [Fri, 31 Jan 2014 11:12:27 +0000 (11:12 +0000)]
copy-n-paste error.
Simon Kelley [Fri, 31 Jan 2014 10:32:45 +0000 (10:32 +0000)]
Anounce DNSSEC at startup.
Simon Kelley [Fri, 31 Jan 2014 10:19:52 +0000 (10:19 +0000)]
Init ->dependent field in frec allocation.
Simon Kelley [Fri, 31 Jan 2014 09:52:50 +0000 (09:52 +0000)]
Compiler warning.
Simon Kelley [Thu, 30 Jan 2014 09:49:28 +0000 (09:49 +0000)]
Add a file containing current root trust anchors, for convenience.
Simon Kelley [Tue, 28 Jan 2014 14:54:46 +0000 (14:54 +0000)]
Crash in cache code when compiled with HAVE_DNSSEC.
Simon Kelley [Tue, 28 Jan 2014 11:16:49 +0000 (11:16 +0000)]
Allow use of COPTS in Debian rules invokation for nefarious purposes.
Simon Kelley [Tue, 28 Jan 2014 11:08:57 +0000 (11:08 +0000)]
Debian package with DNSSEC now possible.
DNSSEC will eventually become opt-out and when that happens
I'll add libnettle build-depends. For now, build with
fakeroot debian/rules DEB_BUILD_OPTIONS=usednssec
to get DNSSEC support.
Simon Kelley [Mon, 27 Jan 2014 22:38:48 +0000 (22:38 +0000)]
Man page entries for DNSSEC flags.
Simon Kelley [Mon, 27 Jan 2014 21:38:11 +0000 (21:38 +0000)]
Trivial format fix.
Simon Kelley [Sun, 26 Jan 2014 23:39:17 +0000 (23:39 +0000)]
Code tidy.
Simon Kelley [Sun, 26 Jan 2014 22:47:39 +0000 (22:47 +0000)]
Don't mark answers as DNSEC validated if DNS-doctored.
Simon Kelley [Sun, 26 Jan 2014 09:36:54 +0000 (09:36 +0000)]
Exclude CRC code in DNSSEC build - replaced with SHA1.
Simon Kelley [Sun, 26 Jan 2014 09:33:21 +0000 (09:33 +0000)]
Remove --dnssec-permissive, pointless if we don't set CD upstream.
Simon Kelley [Sat, 25 Jan 2014 23:46:23 +0000 (23:46 +0000)]
Fix to last commit.
Simon Kelley [Sat, 25 Jan 2014 23:17:21 +0000 (23:17 +0000)]
Replace CRC32 with SHA1 for spoof detection in DNSSEC builds.
Simon Kelley [Sat, 25 Jan 2014 18:43:59 +0000 (18:43 +0000)]
Get AA flag right in DNSSEC answers from cache.
Simon Kelley [Sat, 25 Jan 2014 18:19:51 +0000 (18:19 +0000)]
RRSIG answer logging.
Simon Kelley [Sat, 25 Jan 2014 17:59:14 +0000 (17:59 +0000)]
Class specifier in --dnskey, instead of hardwiring C_IN.
Simon Kelley [Sat, 25 Jan 2014 17:03:07 +0000 (17:03 +0000)]
--dnssec-debug
Simon Kelley [Sat, 25 Jan 2014 16:40:15 +0000 (16:40 +0000)]
More DNSSEC caching logic, and avoid repeated validation of DS/DNSKEY
Simon Kelley [Fri, 24 Jan 2014 22:37:25 +0000 (22:37 +0000)]
RRSIGS for PTR records from cache.
Simon Kelley [Fri, 24 Jan 2014 10:37:36 +0000 (10:37 +0000)]
Tweak.
Simon Kelley [Thu, 23 Jan 2014 22:02:19 +0000 (22:02 +0000)]
RRSIGs in DS and DNSKEY cached answers.
Simon Kelley [Thu, 23 Jan 2014 20:59:46 +0000 (20:59 +0000)]
More DNSSEC cache readout.
Simon Kelley [Thu, 23 Jan 2014 12:11:43 +0000 (12:11 +0000)]
Compiler warning.
Simon Kelley [Thu, 23 Jan 2014 12:09:36 +0000 (12:09 +0000)]
Compiler warning.
Simon Kelley [Wed, 22 Jan 2014 22:32:33 +0000 (22:32 +0000)]
remove redundant headerage
Simon Kelley [Wed, 22 Jan 2014 22:21:51 +0000 (22:21 +0000)]
Cache RRSIGS.
Simon Kelley [Wed, 22 Jan 2014 19:31:38 +0000 (19:31 +0000)]
Caching of DNSSEC records.
Jonas Gorski [Wed, 22 Jan 2014 11:34:16 +0000 (11:34 +0000)]
Tweak definition of a permanent IPv6 address on Linux.
The linux kernel treats all addresses with a limited lifetime as being
non permanent, but when taking over the prefix livetimes from
upstream assigned prefixes through DHCP, addresses will always have a limited
lifetime.
Still reject temporary addresses, as they indicate autoconfigured
interfaces.
Contributed by T-Labs, Deutsche Telekom Innovation Laboratories
Signed-off-by: Jonas Gorski<jogo@openwrt.org>
Simon Kelley [Wed, 22 Jan 2014 11:16:59 +0000 (11:16 +0000)]
Handle time_t wraparound more sanely.
Simon Kelley [Tue, 21 Jan 2014 20:17:40 +0000 (20:17 +0000)]
Fix loop in RR sort.
Simon Kelley [Tue, 21 Jan 2014 17:33:58 +0000 (17:33 +0000)]
bug fix, avoids infinite loop in forwarding code.
Simon Kelley [Tue, 21 Jan 2014 16:26:41 +0000 (16:26 +0000)]
Fix to hostname_cmp, and update to canonicalisation table. RFC 4034 LIES.
Simon Kelley [Tue, 21 Jan 2014 14:28:02 +0000 (14:28 +0000)]
Rationalise hostname_cmp()
Simon Kelley [Tue, 21 Jan 2014 13:45:17 +0000 (13:45 +0000)]
Provide for static library linking.
Simon Kelley [Mon, 20 Jan 2014 22:37:55 +0000 (22:37 +0000)]
NSEC proof-of-non-existence.
Simon Kelley [Mon, 20 Jan 2014 11:57:23 +0000 (11:57 +0000)]
Better handling of truncated DNSSEC replies.
Simon Kelley [Sun, 19 Jan 2014 09:54:16 +0000 (09:54 +0000)]
Don't validate error returns.
Simon Kelley [Fri, 17 Jan 2014 14:40:46 +0000 (14:40 +0000)]
Trivial format fix
Simon Kelley [Thu, 16 Jan 2014 22:42:07 +0000 (22:42 +0000)]
UDP retries for DNSSEC
Simon Kelley [Thu, 16 Jan 2014 19:53:06 +0000 (19:53 +0000)]
Fix SEGV and failure to validate on x86_64.
Simon Kelley [Wed, 15 Jan 2014 17:12:08 +0000 (17:12 +0000)]
Merge branch 'master' of ssh://central/var/cache/git/dnsmasq
Simon Kelley [Tue, 14 Jan 2014 23:13:55 +0000 (23:13 +0000)]
protocol handling for DNSSEC
Simon Kelley [Mon, 13 Jan 2014 21:38:19 +0000 (21:38 +0000)]
Add ip6addr.h to Makefile list.
Simon Kelley [Mon, 13 Jan 2014 21:31:20 +0000 (21:31 +0000)]
Swap crypto library from openSSL to nettle.
Simon Kelley [Sun, 12 Jan 2014 22:36:12 +0000 (22:36 +0000)]
Merge branch 'master' of ssh://central/var/cache/git/dnsmasq
Simon Kelley [Sat, 11 Jan 2014 22:18:19 +0000 (22:18 +0000)]
[fd00::} and [fe80::] special addresses in DHCPv6 options.
Simon Kelley [Fri, 10 Jan 2014 18:15:16 +0000 (18:15 +0000)]
Fix missing RA RDNS option with --dhcp-option=option6:23,[::]
Simon Kelley [Fri, 10 Jan 2014 12:20:38 +0000 (12:20 +0000)]
Set AD bit for address replies from /etc/hosts &c
Simon Kelley [Fri, 10 Jan 2014 11:39:14 +0000 (11:39 +0000)]
Furthet tweak to RRset sort.
Simon Kelley [Thu, 9 Jan 2014 22:25:03 +0000 (22:25 +0000)]
RFC 4035 5.3.2 wildcard label rules.
Simon Kelley [Thu, 9 Jan 2014 17:31:19 +0000 (17:31 +0000)]
DNSSEC consolidation.
Simon Kelley [Thu, 9 Jan 2014 09:41:33 +0000 (09:41 +0000)]
Tweak blockdata accounting.
Simon Kelley [Wed, 8 Jan 2014 21:21:20 +0000 (21:21 +0000)]
Handle digest lengths greater than 1 block.
Simon Kelley [Wed, 8 Jan 2014 18:22:37 +0000 (18:22 +0000)]
AD into cache fixes.
Simon Kelley [Wed, 8 Jan 2014 18:11:55 +0000 (18:11 +0000)]
AD bit handling when doing validation.
Simon Kelley [Wed, 8 Jan 2014 18:04:20 +0000 (18:04 +0000)]
Memory stats for DNSSEC.
Simon Kelley [Wed, 8 Jan 2014 17:31:16 +0000 (17:31 +0000)]
Move blockdata to it's own file.
Simon Kelley [Wed, 8 Jan 2014 17:07:54 +0000 (17:07 +0000)]
Update copyright for 2014.
Simon Kelley [Wed, 8 Jan 2014 16:53:27 +0000 (16:53 +0000)]
New source port for DNSSEC-originated queries.
Simon Kelley [Wed, 8 Jan 2014 15:53:35 +0000 (15:53 +0000)]
DNSSEC for TCP queries.
Simon Kelley [Wed, 8 Jan 2014 14:32:03 +0000 (14:32 +0000)]
Ensure cache is big enough to do DNSSEC.
Simon Kelley [Wed, 8 Jan 2014 12:10:28 +0000 (12:10 +0000)]
Rationalise DNS packet-buffer size calculations.
Simon Kelley [Wed, 8 Jan 2014 11:22:32 +0000 (11:22 +0000)]
Handle truncated replies in DNSSEC validation.
Simon Kelley [Wed, 8 Jan 2014 11:00:01 +0000 (11:00 +0000)]
Tweak libraries and make DNSSEC compile optional.
Simon Kelley [Wed, 8 Jan 2014 10:26:58 +0000 (10:26 +0000)]
First functional DNSSEC - highly alpha.
Simon Kelley [Tue, 31 Dec 2013 13:50:39 +0000 (13:50 +0000)]
backup
Simon Kelley [Thu, 19 Dec 2013 15:45:12 +0000 (15:45 +0000)]
Send correct O and M bits when advertising only deprecated prefixes.
Simon Kelley [Wed, 18 Dec 2013 17:45:31 +0000 (17:45 +0000)]
Merge branch 'master' into dnssec