Gitiles
Code Review Sign In
gerrit.nordix.org / thekelleys / dnsmasq / dfb1f7ccf19d07155adebc0fbd8308719fe91e69 / src / dnssec.c
  1. 8ebdc36 Optimise sort_rrset for the case where the RR type no canonicalisation. by Simon Kelley · 3 years, 11 months ago
  2. 059aded Optimse RR digest calculation in DNSSEC. by Simon Kelley · 4 years, 1 month ago
  3. 2d76586 Use SHA-256 to provide security against DNS cache poisoning. by Simon Kelley · 4 years, 1 month ago
  4. 4e96a4b Fix remote buffer overflow CERT VU#434904 by Simon Kelley · 4 years, 1 month ago
  5. 532246f Tweak to DNSSEC logging. by Simon Kelley · 4 years, 8 months ago
  6. c65b77c dnssec: add hostname info to insecure DS warning by Kevin Darbyshire-Bryant · 6 years ago
  7. 2a8710a Update copyrights to 2020. by Simon Kelley · 5 years ago
  8. 19b0e3b Check for REFUSED and SERVFAIL replies to DNSKEY queries. by Simon Kelley · 5 years ago
  9. e24abf2 Fix botch in ae7a3b9d2e8705af203a1347c397718a24331747 by Simon Kelley · 5 years ago
  10. 69a0477 DNSSEC: unsigned RRs in the auth section are not bogus. by Simon Kelley · 5 years ago
  11. ae7a3b9 DNSSEC: implement RFC-4036 para 5.3.3. rules on TTL values. by Simon Kelley · 5 years ago
  12. fef2f1c DNSSEC: Unsigned RRs in auth section proving that a DS doesn't exist are OK. by Simon Kelley · 5 years ago
  13. 05299fd Fix wrong return code from explore_rrset() with some errors. by Simon Kelley · 5 years ago
  14. cc921df Remove nested struct/union in cache records and all_addr. by Simon Kelley · 6 years ago
  15. ab194ed Futher address union tidying. by Simon Kelley · 6 years ago
  16. 65a01b7 Tidy address-union handling: move class into explicit argument. by Simon Kelley · 6 years ago
  17. 91421cb Fix compiler warning. by Simon Kelley · 6 years ago
  18. e1791f3 Fix logging of DNSSEC queries in TCP mode. Destination server address was misleading. by Simon Kelley · 6 years ago
  19. f84e674 Be persistent with broken-upstream-DNSSEC warnings. by Simon Kelley · 7 years ago
  20. 7f00843 Handle DNSSEC-unaware upstream servers better. by Simon Kelley · 7 years ago
  21. 4e72fec Fix DNSSEC without dnssec-check-unsigned. by Simon Kelley · 7 years ago
  22. a969ba6 Special case NSEC processing for root DS record, to avoid spurious BOGUS. by Simon Kelley · 7 years ago
  23. cd7df61 Fix DNSSEC validation errors introduced in 4fe6744a220eddd3f1749b40cac3dfc510787de6 by Simon Kelley · 7 years ago
  24. 4fe6744 DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies. by Simon Kelley · 7 years ago
  25. faaf306 Spelling fixes. by Ville Skyttä · 7 years ago
  26. e541245 Handle duplicate RRs in DNSSEC validation. by Simon Kelley · 7 years ago
  27. d1ced3a Update copyrights to 2018. by Simon Kelley · 7 years ago
  28. 373e917 Fix a6004d7f17687ac2455f724d0b57098c413f128d to cope with >256 RRs in answer section. by Simon Kelley · 7 years ago
  29. b77efc1 Tidy DNSSEC algorithm table use. by Simon Kelley · 7 years ago
  30. ad9c6f0 Add support for Ed25519 DNSSEC signature algorithm. by Simon Kelley · 7 years ago
  31. a6004d7 Fix caching logic for validated answers. by Simon Kelley · 7 years ago
  32. 0549c73 Security fix, CVE-2017-14491 DNS heap buffer overflow. by Simon Kelley · 7 years ago
  33. 50ca855 Bump year in copyrights. by Simon Kelley · 7 years ago
  34. 4583dd9 Replace obsolete utime() usage with utimes(). by Vladislav Grishenko · 8 years ago
  35. 730c674 Comprehensive spelling/typo fixes. by Josh Soref · 8 years ago
  36. 06093a9 Fix problem with --dnssec-timestamp by Kevin Darbyshire-Bryant · 8 years ago
  37. a7b27e8 NULL pointer check. by Simon Kelley · 9 years ago
  38. 40205a0 Bound hash-iterations in DNSSEC NSEC3 checking. by Simon Kelley · 9 years ago
  39. 367341f Disable DNSSEC for server=/domain/.. servers unless trust-anchor provided. by Simon Kelley · 9 years ago
  40. a63b8b8 DNSSEC: Handle non-root trust anchors, and check we have a root trust anchor. by Simon Kelley · 9 years ago
  41. c49778d Update copyright notices. Happy new year! by Simon Kelley · 9 years ago
  42. cc7cb0b Fix datatype-sixe botch which broke DNSSEC sig timestamps when far in the future. by Simon Kelley · 9 years ago
  43. ec0628c Trivial code tweak. by Simon Kelley · 9 years ago
  44. 33702ab First complete version of DNS-client-id EDNS0 and ARP tracking code. by Simon Kelley · 9 years ago
  45. 15379ea Log signature algo with DNSKEY and DS, also digest with DS. by Simon Kelley · 9 years ago
  46. 5bb88f0 Handle extending EDNS0 OPT RR. by Simon Kelley · 9 years ago
  47. ce5732e NSEC3 check: RFC5155 para 8.2 by Simon Kelley · 9 years ago
  48. a86fdf4 Minor tweak to previous commit. by Simon Kelley · 9 years ago
  49. 3e86d31 Nasty, rare and obscure off-by-one in DNSSEC hostname_cmp(). by Simon Kelley · 9 years ago
  50. d67ecac More tweaks in handling unknown DNSSEC algorithms. by Simon Kelley · 9 years ago
  51. fa14bec Major tidy up of EDNS0 handling and computation/use of udp packet size. by Simon Kelley · 9 years ago
  52. 14a4ae8 Do a better job of determining which DNSSEC sig algos are supported. by Simon Kelley · 9 years ago
  53. 3b799c8 Fix brace botch in dnssec_validate_ds() by Simon Kelley · 9 years ago
  54. b40f26c Tidy up DNSSEC non-existence code. Check zone status is NSEC proof bad. by Simon Kelley · 9 years ago
  55. dd4ad9a Tweaks to EDNS0 handling in DNS replies. by Simon Kelley · 9 years ago
  56. 2dbba34 DNSSEC validation tweak. by Simon Kelley · 9 years ago
  57. c2bcd1e Generalise RR-filtering code, for use with EDNS0. by Simon Kelley · 9 years ago
  58. d64c81f Move code which caches DS records to a more logical place. by Simon Kelley · 9 years ago
  59. 93be5b1 Abandon caching RRSIGs and returning them from cache. by Simon Kelley · 9 years ago
  60. 9a31b68 Major rationalisation of DNSSEC validation. by Simon Kelley · 9 years ago
  61. 67ab328 Handle unknown DS hash algos correctly. by Simon Kelley · 9 years ago
  62. 6de81f1 Handle signed dangling CNAME replies to DS queries. by Simon Kelley · 9 years ago
  63. f6381cf Declare utime(). by Simon Kelley · 9 years ago
  64. 34b5d19 Update DNSSEC timestamp file on process TERM. by Kevin Darbyshire-Bryant · 9 years ago
  65. d389e01 DNSSEC fix: correct logic for signed records in unsigned DNS space. by Simon Kelley · 9 years ago
  66. d3699bb Small tweak to DNSSEC fix. by Simon Kelley · 9 years ago
  67. 13480e8 DNSSEC fix, signed wildcard CNAME to unsigned domain. by Simon Kelley · 9 years ago
  68. e3ec6f0 Handle CNAMEs to DS records when confirming absence of DS for DNSSEC. by Simon Kelley · 10 years ago
  69. 4d25cf8 Handle corner cases in NSEC coverage checks. by Simon Kelley · 10 years ago
  70. a77cec8 Handle UDP packet loss when fragmentation of large packets is broken. by Simon Kelley · 10 years ago
  71. b8f1655 Tweaks to previous, DNS label charset commit. by Simon Kelley · 10 years ago
  72. cbe379a Handle domain names with '.' or /000 within labels. by Simon Kelley · 10 years ago
  73. fe3992f Return INSECURE, rather than BOGUS when DS proved not to exist. by Simon Kelley · 10 years ago
  74. 394ff49 Allow control characters in names in the cache, handle when logging. by Simon Kelley · 10 years ago
  75. 1e15394 DNSSEC fix for non-ascii characters in labels. by Simon Kelley · 10 years ago
  76. 0b8a5a3 Protect against broken DNSSEC upstreams. by Simon Kelley · 10 years ago
  77. 8805283 Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone. by Simon Kelley · 10 years ago
  78. 360f251 Tweak DNSSEC timestamp code to create file later, removing need to chown it. by Simon Kelley · 10 years ago
  79. 9003b50 Fix last commit to not crash if uid changing not configured. by Simon Kelley · 10 years ago
  80. f6e62e2 Add --dnssec-timestamp option and facility. by Simon Kelley · 10 years ago
  81. 6ef15b3 Fix broken ECDSA DNSSEC signatures. by Simon Kelley · 10 years ago
  82. aff3396 Update copyrights for dawn of 2015. by Simon Kelley · 10 years ago
  83. 5e32173 Don't answer from cache RRsets from wildcards, as we don't have NSECs. by Simon Kelley · 10 years ago
  84. 25cf5e3 Add --log-queries=extra option for more complete logging. by Simon Kelley · 10 years ago
  85. 97e618a DNSSEC: do top-down search for limit of secure delegation. by Simon Kelley · 10 years ago
  86. 0b1008d Bad packet protection. by Simon Kelley · 10 years ago
  87. 83d2ed0 Initialise return value. by Simon Kelley · 10 years ago
  88. fbc5205 Fix problems validating NSEC3 and wildcards. by Simon Kelley · 10 years ago
  89. 094b5c3 Fix crash in DNSSEC code when attempting to verify large RRs. by Simon Kelley · 10 years ago
  90. cdb755c Fix FTBFS with Nettle-3.0. by Simon Kelley · 10 years ago
  91. 063efb3 Build config: add -DNO_GMP for use with nettle/mini-gmp by Simon Kelley · 10 years ago
  92. e6096e6 Another filter_rrsigs fix. by Simon Kelley · 11 years ago
  93. 9d1b22a Fix DNSSEC validation of ANY queries. by Simon Kelley · 11 years ago
  94. 50f86ce Need to fixup records in the additional section when removing DNSSEC stuff. by Simon Kelley · 11 years ago
  95. e98bd52 Add --dnssec-no-timecheck by Simon Kelley · 11 years ago
  96. 3f7483e Handle integer overflow in uid counter. Fixes rare crashes in cache code. by Simon Kelley · 11 years ago
  97. c07d30d Compiler warning. by Simon Kelley · 11 years ago
  98. 8707019 Mass edit of INSECURE->BOGUS returns for server failure/bad input. by Simon Kelley · 11 years ago
  99. 1fbe4d2 Tweak tuning params. by Simon Kelley · 11 years ago
  100. 0575610 Handle replies with no answers and no NS in validate_reply. by Simon Kelley · 11 years ago