1. ebedcba Typo in printf format string added in 22dee512f3738f87539a79aeb52b9e670b3bd104 by Simon Kelley · 7 years ago
  2. a6004d7 Fix caching logic for validated answers. by Simon Kelley · 7 years ago
  3. 22dee51 Log DNS server max packet size reduction. by Simon Kelley · 7 years ago
  4. 6fd5d79 Fix logic on EDNS0 headers. by Simon Kelley · 7 years ago
  5. 9d6918d Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS. by Simon Kelley · 7 years ago
  6. a3303e1 Don't return arcount=1 if EDNS0 RR won't fit in the packet. by Simon Kelley · 7 years ago
  7. 63437ff Fix CVE-2017-13704, which resulted in a crash on a large DNS query. by Simon Kelley · 7 years ago
  8. 9396752 Try other servers if first returns REFUSED when --strict-order active. by Hans Dedecker · 7 years ago
  9. 50ca855 Bump year in copyrights. by Simon Kelley · 7 years ago
  10. ff19b1a Fix &/&& confusion. by Simon Kelley · 8 years ago
  11. bf05f8f Fix crash introduced by 09f3b2cd9c7b5b5e0e96ba41f666e69808862620. by Simon Kelley · 8 years ago
  12. 09f3b2c Fix case of DS queries to domains marked as not doing DNSSEC. by Simon Kelley · 8 years ago
  13. e33b487 When forwarding a query to a non-DNSSEC nameserver, don't verify the lack of DNSSEC. by James Bottomley · 8 years ago
  14. 43517fc Spelling fixes. by klemens · 8 years ago
  15. 361dfe5 Improve connection handling when talking to TCP upsteam servers. by Simon Kelley · 8 years ago
  16. 68f6312 Stop treating SERVFAIL as a successful response from upstream servers. by Baptiste Jonglez · 8 years ago
  17. 730c674 Comprehensive spelling/typo fixes. by Josh Soref · 8 years ago
  18. 4ace25c Treat REFUSED (not SERVFAIL) as an unsuccessful upstream response by Chris Novakovic · 9 years ago
  19. d05dd58 Fix wrong reply to simple name when --domain-needed set and no servers configured. by Simon Kelley · 9 years ago
  20. f7443d7 Fix problems in last commit when DNSSEC not enabled. by Simon Kelley · 9 years ago
  21. f344dbc Complete DNSSEC server-selection code and set conntrack on DNSSEC queries. by Simon Kelley · 9 years ago
  22. 1801a29 Fix botch in forward.c flags code. by Simon Kelley · 9 years ago
  23. 92be34a Complete work to allow DNSSEC validation with private DNS servers. by Simon Kelley · 9 years ago
  24. 367341f Disable DNSSEC for server=/domain/.. servers unless trust-anchor provided. by Simon Kelley · 9 years ago
  25. 5757371 Inhibit DNSSEC validation when forwarding to private servers for a domain. by Simon Kelley · 9 years ago
  26. c49778d Update copyright notices. Happy new year! by Simon Kelley · 9 years ago
  27. 33702ab First complete version of DNS-client-id EDNS0 and ARP tracking code. by Simon Kelley · 9 years ago
  28. d3a8b39 More EDNS0 packet-size tweaks. by Simon Kelley · 9 years ago
  29. 5aa5f0f Truncate DNS replies >512 bytes that the client isn't expecting. by Simon Kelley · 9 years ago
  30. 5bb88f0 Handle extending EDNS0 OPT RR. by Simon Kelley · 9 years ago
  31. fa14bec Major tidy up of EDNS0 handling and computation/use of udp packet size. by Simon Kelley · 9 years ago
  32. c2bcd1e Generalise RR-filtering code, for use with EDNS0. by Simon Kelley · 9 years ago
  33. 9a31b68 Major rationalisation of DNSSEC validation. by Simon Kelley · 9 years ago
  34. 3a3965a Don't answer non-auth queries for auth zones locally when --localise-queries set. by Simon Kelley · 9 years ago
  35. d389e01 DNSSEC fix: correct logic for signed records in unsigned DNS space. by Simon Kelley · 9 years ago
  36. b842bc9 Use poll() instead of select() to remove limits on open file descriptors. by Simon Kelley · 9 years ago
  37. e3ec6f0 Handle CNAMEs to DS records when confirming absence of DS for DNSSEC. by Simon Kelley · 9 years ago
  38. bd7bfa2 Correctly sanitise DNS header bits in answer when recreating query for retry. by swigger · 10 years ago
  39. 86fa104 Tweak EDNS timeout code. by Simon Kelley · 10 years ago
  40. a77cec8 Handle UDP packet loss when fragmentation of large packets is broken. by Simon Kelley · 10 years ago
  41. e66b4df Fix argument-order botch which broke DNSSEC for TCP queries. by Simon Kelley · 10 years ago
  42. 554b580 Log domain when reporting DNSSEC validation failure. by Simon Kelley · 10 years ago
  43. 982faf4 Fix compiler warning when not including DNSSEC. by Simon Kelley · 10 years ago
  44. fe3992f Return INSECURE, rather than BOGUS when DS proved not to exist. by Simon Kelley · 10 years ago
  45. 150162b Return SERVFAIL when validation abandoned. by Simon Kelley · 10 years ago
  46. ff841eb Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc. by Simon Kelley · 10 years ago
  47. aff3396 Update copyrights for dawn of 2015. by Simon Kelley · 10 years ago
  48. 2ae195f Don't treat SERVFAIL as a recoverable error..... by Simon Kelley · 10 years ago
  49. 25cf5e3 Add --log-queries=extra option for more complete logging. by Simon Kelley · 10 years ago
  50. 424c4a8 Merge branch 'unsigned' by Simon Kelley · 10 years ago
  51. 97e618a DNSSEC: do top-down search for limit of secure delegation. by Simon Kelley · 10 years ago
  52. 32fc6db Add --ignore-address option. by Glen Huang · 10 years ago
  53. 9890627 Fix conntrack with --bind-interfaces by Hans Dedecker · 10 years ago
  54. e9828b6 Set conntrack mark before connect() call. by Karl Vogel · 10 years ago
  55. 15b1b7e Fix endian bug in --local-service code. by Richard Genoud · 10 years ago
  56. b5ea1cc Add --dns-loop-detect feature. by Simon Kelley · 10 years ago
  57. 47a9516 Use event system to re-send query on new route. Tidies module boundaries. by Simon Kelley · 10 years ago
  58. 8938ae0 Get packet size right when removing pseudoheader. by Simon Kelley · 11 years ago
  59. 1fc0268 Do SERVFAIL, therefore continue when searching for DS in TCP path too. by Simon Kelley · 11 years ago
  60. 4872aa7 Handle SERVFAIL replies when looking for proven-nonexistence of DS. by Simon Kelley · 11 years ago
  61. 6375838 Fix crash on TCP DNS request when DNSSEC not enabled. by Simon Kelley · 11 years ago
  62. 82a14af Ensure request name in buffer for ipset lookup. by Simon Kelley · 11 years ago
  63. 8a8bbad Ensure ->sentto is valid for DNSSEC forwards. Otherwise retries SEGV. by Simon Kelley · 11 years ago
  64. 4e1fe44 Terminate DS-search when reaching the root via cache entries. by Simon Kelley · 11 years ago
  65. 51967f9 SERVFAIL is an expected error return, don't try all servers. by Simon Kelley · 11 years ago
  66. b37f8b9 Handle failure of hash_questions() by Tomas Hozza · 11 years ago
  67. fc2833f Memory leak in error path. by Tomas Hozza · 11 years ago
  68. 490f907 Reorder sanity checks on UDP packet reception, to cope with failed recvfrom() by Simon Kelley · 11 years ago
  69. 2a7a2b8 Ignore DNS queries from port 0: http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html by Simon Kelley · 11 years ago
  70. 2b29191 Fix DNSSEC crash retrying to IPv6 server. by Simon Kelley · 11 years ago
  71. 0c8584e Warn about non-local queries once only for UDP. by Simon Kelley · 11 years ago
  72. c8a8048 --local-service. Default protection from DNS amplification attacks. by Simon Kelley · 11 years ago
  73. 00a5b5d Check that unsigned replies come from unsigned zones if --dnssec-check-unsigned set. by Simon Kelley · 11 years ago
  74. 613ad15 Strip DNSSEC RRs when query doesn't have DO bit set. by Simon Kelley · 11 years ago
  75. dac7431 TYpo. by Simon Kelley · 11 years ago
  76. 2ecd9bd No CD in forwarded queries unless dnssec-debug for TCP too. by Simon Kelley · 11 years ago
  77. 83349b8 Further tidying of AD and DO bit handling. by Simon Kelley · 11 years ago
  78. 7fa836e Handle validation when more one key is needed. by Simon Kelley · 11 years ago
  79. e243c07 AD bit in queries handled as RFC6840 p5.7 by Simon Kelley · 11 years ago
  80. 610e782 Fix stack-smashing crash in DNSSEC. Thanks to Henk Jan Agteresch. by Simon Kelley · 11 years ago
  81. 81a883f Format tweak. by Simon Kelley · 11 years ago
  82. 8d718cb Nasty cache failure and memory leak with DNSSEC. by Simon Kelley · 11 years ago
  83. 97bc798 Init ->dependent field in frec allocation. by Simon Kelley · 11 years ago
  84. 6938f34 Don't mark answers as DNSEC validated if DNS-doctored. by Simon Kelley · 11 years ago
  85. 7d23a66 Remove --dnssec-permissive, pointless if we don't set CD upstream. by Simon Kelley · 11 years ago
  86. 703c7ff Fix to last commit. by Simon Kelley · 11 years ago
  87. 8a9be9e Replace CRC32 with SHA1 for spoof detection in DNSSEC builds. by Simon Kelley · 11 years ago
  88. 5b3bf92 --dnssec-debug by Simon Kelley · 11 years ago
  89. 0744ca6 More DNSSEC caching logic, and avoid repeated validation of DS/DNSKEY by Simon Kelley · 11 years ago
  90. 39048ad bug fix, avoids infinite loop in forwarding code. by Simon Kelley · 11 years ago
  91. 5d3b87a Better handling of truncated DNSSEC replies. by Simon Kelley · 11 years ago
  92. 6c0cb85 Trivial format fix by Simon Kelley · 11 years ago
  93. e0c0ad3 UDP retries for DNSSEC by Simon Kelley · 11 years ago
  94. 4619d94 Fix SEGV and failure to validate on x86_64. by Simon Kelley · 11 years ago
  95. a25720a protocol handling for DNSSEC by Simon Kelley · 11 years ago
  96. 795501b AD bit handling when doing validation. by Simon Kelley · 11 years ago
  97. c47e3ba Update copyright for 2014. by Simon Kelley · 11 years ago
  98. f1668d2 New source port for DNSSEC-originated queries. by Simon Kelley · 11 years ago
  99. 7d7b7b3 DNSSEC for TCP queries. by Simon Kelley · 11 years ago
  100. 60b6806 Rationalise DNS packet-buffer size calculations. by Simon Kelley · 11 years ago