Age | Commit message (Collapse) | Author |
|
|
|
Usually, we place the #pragma once before the copyright blurb in header files,
but in a few cases we didn't. Move those around, so that we do the same thing
everywhere.
|
|
DNS_TYPE_STRING_MAX causes a problem with the table autogeneration code,
change to _DNS_TYPE_STRING_MAX.
|
|
When the buffer is allocated on the stack we do not have to check for
failure everywhere. This is especially useful in debug statements, because
we can put dns_resource_key_to_string() call in the debug statement, and
we do not need a seperate if (log_level >= LOG_DEBUG) for the conversion.
dns_resource_key_to_string() is changed not to provide any whitespace
padding. Most callers were stripping the whitespace with strstrip(),
and it did not look to well anyway. systemd-resolve output is not column
aligned anymore.
The result of the conversion is not stored in DnsTransaction object
anymore. It is used only for debugging, so it seems fine to generate it
when needed.
Various debug statements are extended to provide more information.
|
|
authenticated
Doing DNS retrieval on non-authenticated crypt keys is useless, hence warn
loudly about it.
|
|
Better support of OPENPGPKEY, CAA, TLSA packets and tests
|
|
Left-over unknown flags are printed numerically. Otherwise,
it wouldn't be known what bits are remaining without knowning
what the known bits are.
A test case is added to verify the flag printing code:
============== src/resolve/test-data/fake-caa.pkts ==============
google.com. IN CAA 0 issue "symantec.com"
google.com. IN CAA 128 issue "symantec.com"
-- Flags: critical
google.com. IN CAA 129 issue "symantec.com"
-- Flags: critical 1
google.com. IN CAA 22 issue "symantec.com"
-- Flags: 22
|
|
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
|
|
This mirrors the behaviour of host and makes the conversion to and from
string symmetrical.
|
|
Example output:
_443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
-- Cert. usage: CA constraint
-- Selector: Full Certificate
-- Matching type: SHA-256
|
|
|
|
|
|
Add extra checks when validating with RRSIGs. This follows recommendations from:
http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/NotesOnDNSSSEC.htm
|
|
|
|
Given how fragile DNS servers are with some DNS types, and given that we really should avoid confusing them with
known-weird lookups, refuse doing lookups for known-obsolete RR types.
|
|
supporting them
If we already degraded the feature level below DO don't bother with sending requests for DS, DNSKEY, RRSIG, NSEC, NSEC3
or NSEC3PARAM RRs. After all, we cannot do DNSSEC validation then anyway, and we better not press a legacy server like
this with such modern concepts.
This also has the benefit that when we try to validate a response we received using DNSSEC, and we detect a limited
server support level while doing so, all further auxiliary DNSSEC queries will fail right-away.
|
|
Let's abstract which RRs shall honour CNAMEs, and which ones should not.
|
|
|
|
Let's make DNS class helpers more like DNS type helpers, let's move them
from resolved-dns-rr.[ch] into dns-type.[ch].
This also adds two new calls dns_class_is_pseudo() and
dns_class_is_valid_rr() which operate similar to dns_type_is_pseudo()
and dns_type_is_valid_rr() but for classes instead of types.
This should hopefully make handling of DNS classes and DNS types more
alike.
|
|
Check the validity of RR types as we parse or receive data from IPC
clients, and use the same code for all of them.
|
|
DNS RR types are uint16_t after all, treat them as such.
|
|
|
|
We are using it also to store _DNS_TYPE_INVALID, so it should be signed.
|
|
We are unlikely to evert support most of them, but we can at least
display the types properly.
The list is taken from the IANA list.
The table of number->name mappings is converted to a switch
statement. gcc does a nice job of optimizing lookup (when optimization
is enabled).
systemd-resolve-host -t is now case insensitive.
|