Gitiles
Code Review
Sign In
gerrit.nordix.org
/
thekelleys
/
dnsmasq
/
da8b6517decdac593e7ce24bde2824dd841725c8
/
src
/
forward.c
da8b651
Implement --address=/example.com/#
by Simon Kelley
· 6 years ago
1682d15
Add missing EDNS0 section.
by Simon Kelley
· 6 years ago
aba8bbb
Add collection of metrics
by Julian Kornberger
· 6 years ago
e27825b
Fix logging in previous.
by Simon Kelley
· 7 years ago
1f60a18
Retry SERVFAIL DNSSEC queries to a different server, if possible.
by Simon Kelley
· 7 years ago
a0088e8
Handle query retry on REFUSED or SERVFAIL for DNSSEC-generated queries.
by Simon Kelley
· 7 years ago
34e26e1
Retry query to other servers on receipt of SERVFAIL rcode.
by Simon Kelley
· 7 years ago
6b17335
Add packet-dump debugging facility.
by Simon Kelley
· 7 years ago
07ed585
Add logging for DNS error returns from upstream and local configuration.
by Simon Kelley
· 7 years ago
a691853
Change default for dnssec-check-unsigned.
by Simon Kelley
· 7 years ago
c1a4e25
Try to be a little more clever at falling back to smaller DNS packet sizes.
by Simon Kelley
· 7 years ago
faaf306
Spelling fixes.
by Ville Skyttä
· 7 years ago
d1ced3a
Update copyrights to 2018.
by Simon Kelley
· 7 years ago
ef3d137
Fix infinite retries in strict-order mode.
by Simon Kelley
· 7 years ago
373e917
Fix a6004d7f17687ac2455f724d0b57098c413f128d to cope with >256 RRs in answer section.
by Simon Kelley
· 7 years ago
ebedcba
Typo in printf format string added in 22dee512f3738f87539a79aeb52b9e670b3bd104
by Simon Kelley
· 7 years ago
a6004d7
Fix caching logic for validated answers.
by Simon Kelley
· 7 years ago
22dee51
Log DNS server max packet size reduction.
by Simon Kelley
· 7 years ago
6fd5d79
Fix logic on EDNS0 headers.
by Simon Kelley
· 7 years ago
9d6918d
Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS.
by Simon Kelley
· 7 years ago
a3303e1
Don't return arcount=1 if EDNS0 RR won't fit in the packet.
by Simon Kelley
· 7 years ago
63437ff
Fix CVE-2017-13704, which resulted in a crash on a large DNS query.
by Simon Kelley
· 7 years ago
9396752
Try other servers if first returns REFUSED when --strict-order active.
by Hans Dedecker
· 7 years ago
50ca855
Bump year in copyrights.
by Simon Kelley
· 7 years ago
ff19b1a
Fix &/&& confusion.
by Simon Kelley
· 8 years ago
bf05f8f
Fix crash introduced by 09f3b2cd9c7b5b5e0e96ba41f666e69808862620.
by Simon Kelley
· 8 years ago
09f3b2c
Fix case of DS queries to domains marked as not doing DNSSEC.
by Simon Kelley
· 8 years ago
e33b487
When forwarding a query to a non-DNSSEC nameserver, don't verify the lack of DNSSEC.
by James Bottomley
· 8 years ago
43517fc
Spelling fixes.
by klemens
· 8 years ago
361dfe5
Improve connection handling when talking to TCP upsteam servers.
by Simon Kelley
· 8 years ago
68f6312
Stop treating SERVFAIL as a successful response from upstream servers.
by Baptiste Jonglez
· 8 years ago
730c674
Comprehensive spelling/typo fixes.
by Josh Soref
· 8 years ago
4ace25c
Treat REFUSED (not SERVFAIL) as an unsuccessful upstream response
by Chris Novakovic
· 9 years ago
d05dd58
Fix wrong reply to simple name when --domain-needed set and no servers configured.
by Simon Kelley
· 9 years ago
f7443d7
Fix problems in last commit when DNSSEC not enabled.
by Simon Kelley
· 9 years ago
f344dbc
Complete DNSSEC server-selection code and set conntrack on DNSSEC queries.
by Simon Kelley
· 9 years ago
1801a29
Fix botch in forward.c flags code.
by Simon Kelley
· 9 years ago
92be34a
Complete work to allow DNSSEC validation with private DNS servers.
by Simon Kelley
· 9 years ago
367341f
Disable DNSSEC for server=/domain/.. servers unless trust-anchor provided.
by Simon Kelley
· 9 years ago
5757371
Inhibit DNSSEC validation when forwarding to private servers for a domain.
by Simon Kelley
· 9 years ago
c49778d
Update copyright notices. Happy new year!
by Simon Kelley
· 9 years ago
33702ab
First complete version of DNS-client-id EDNS0 and ARP tracking code.
by Simon Kelley
· 9 years ago
d3a8b39
More EDNS0 packet-size tweaks.
by Simon Kelley
· 9 years ago
5aa5f0f
Truncate DNS replies >512 bytes that the client isn't expecting.
by Simon Kelley
· 9 years ago
5bb88f0
Handle extending EDNS0 OPT RR.
by Simon Kelley
· 9 years ago
fa14bec
Major tidy up of EDNS0 handling and computation/use of udp packet size.
by Simon Kelley
· 9 years ago
c2bcd1e
Generalise RR-filtering code, for use with EDNS0.
by Simon Kelley
· 9 years ago
9a31b68
Major rationalisation of DNSSEC validation.
by Simon Kelley
· 9 years ago
3a3965a
Don't answer non-auth queries for auth zones locally when --localise-queries set.
by Simon Kelley
· 9 years ago
d389e01
DNSSEC fix: correct logic for signed records in unsigned DNS space.
by Simon Kelley
· 9 years ago
b842bc9
Use poll() instead of select() to remove limits on open file descriptors.
by Simon Kelley
· 9 years ago
e3ec6f0
Handle CNAMEs to DS records when confirming absence of DS for DNSSEC.
by Simon Kelley
· 9 years ago
bd7bfa2
Correctly sanitise DNS header bits in answer when recreating query for retry.
by swigger
· 10 years ago
86fa104
Tweak EDNS timeout code.
by Simon Kelley
· 10 years ago
a77cec8
Handle UDP packet loss when fragmentation of large packets is broken.
by Simon Kelley
· 10 years ago
e66b4df
Fix argument-order botch which broke DNSSEC for TCP queries.
by Simon Kelley
· 10 years ago
554b580
Log domain when reporting DNSSEC validation failure.
by Simon Kelley
· 10 years ago
982faf4
Fix compiler warning when not including DNSSEC.
by Simon Kelley
· 10 years ago
fe3992f
Return INSECURE, rather than BOGUS when DS proved not to exist.
by Simon Kelley
· 10 years ago
150162b
Return SERVFAIL when validation abandoned.
by Simon Kelley
· 10 years ago
ff841eb
Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc.
by Simon Kelley
· 10 years ago
aff3396
Update copyrights for dawn of 2015.
by Simon Kelley
· 10 years ago
2ae195f
Don't treat SERVFAIL as a recoverable error.....
by Simon Kelley
· 10 years ago
25cf5e3
Add --log-queries=extra option for more complete logging.
by Simon Kelley
· 10 years ago
424c4a8
Merge branch 'unsigned'
by Simon Kelley
· 10 years ago
97e618a
DNSSEC: do top-down search for limit of secure delegation.
by Simon Kelley
· 10 years ago
32fc6db
Add --ignore-address option.
by Glen Huang
· 10 years ago
9890627
Fix conntrack with --bind-interfaces
by Hans Dedecker
· 10 years ago
e9828b6
Set conntrack mark before connect() call.
by Karl Vogel
· 10 years ago
15b1b7e
Fix endian bug in --local-service code.
by Richard Genoud
· 10 years ago
b5ea1cc
Add --dns-loop-detect feature.
by Simon Kelley
· 10 years ago
47a9516
Use event system to re-send query on new route. Tidies module boundaries.
by Simon Kelley
· 10 years ago
8938ae0
Get packet size right when removing pseudoheader.
by Simon Kelley
· 11 years ago
1fc0268
Do SERVFAIL, therefore continue when searching for DS in TCP path too.
by Simon Kelley
· 11 years ago
4872aa7
Handle SERVFAIL replies when looking for proven-nonexistence of DS.
by Simon Kelley
· 11 years ago
6375838
Fix crash on TCP DNS request when DNSSEC not enabled.
by Simon Kelley
· 11 years ago
82a14af
Ensure request name in buffer for ipset lookup.
by Simon Kelley
· 11 years ago
8a8bbad
Ensure ->sentto is valid for DNSSEC forwards. Otherwise retries SEGV.
by Simon Kelley
· 11 years ago
4e1fe44
Terminate DS-search when reaching the root via cache entries.
by Simon Kelley
· 11 years ago
51967f9
SERVFAIL is an expected error return, don't try all servers.
by Simon Kelley
· 11 years ago
b37f8b9
Handle failure of hash_questions()
by Tomas Hozza
· 11 years ago
fc2833f
Memory leak in error path.
by Tomas Hozza
· 11 years ago
490f907
Reorder sanity checks on UDP packet reception, to cope with failed recvfrom()
by Simon Kelley
· 11 years ago
2a7a2b8
Ignore DNS queries from port 0: http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html
by Simon Kelley
· 11 years ago
2b29191
Fix DNSSEC crash retrying to IPv6 server.
by Simon Kelley
· 11 years ago
0c8584e
Warn about non-local queries once only for UDP.
by Simon Kelley
· 11 years ago
c8a8048
--local-service. Default protection from DNS amplification attacks.
by Simon Kelley
· 11 years ago
00a5b5d
Check that unsigned replies come from unsigned zones if --dnssec-check-unsigned set.
by Simon Kelley
· 11 years ago
613ad15
Strip DNSSEC RRs when query doesn't have DO bit set.
by Simon Kelley
· 11 years ago
dac7431
TYpo.
by Simon Kelley
· 11 years ago
2ecd9bd
No CD in forwarded queries unless dnssec-debug for TCP too.
by Simon Kelley
· 11 years ago
83349b8
Further tidying of AD and DO bit handling.
by Simon Kelley
· 11 years ago
7fa836e
Handle validation when more one key is needed.
by Simon Kelley
· 11 years ago
e243c07
AD bit in queries handled as RFC6840 p5.7
by Simon Kelley
· 11 years ago
610e782
Fix stack-smashing crash in DNSSEC. Thanks to Henk Jan Agteresch.
by Simon Kelley
· 11 years ago
81a883f
Format tweak.
by Simon Kelley
· 11 years ago
8d718cb
Nasty cache failure and memory leak with DNSSEC.
by Simon Kelley
· 11 years ago
97bc798
Init ->dependent field in frec allocation.
by Simon Kelley
· 11 years ago
6938f34
Don't mark answers as DNSEC validated if DNS-doctored.
by Simon Kelley
· 11 years ago
7d23a66
Remove --dnssec-permissive, pointless if we don't set CD upstream.
by Simon Kelley
· 11 years ago
Next »