summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-dnssec.c
AgeCommit message (Expand)Author
2016-01-25resolved: don't insist in RRSIG metadata for NSEC3 RRs that have not been aut...Lennart Poettering
2016-01-25update DNSSEC TODOLennart Poettering
2016-01-25resolved: log each time we increase the DNSSEC verdict countersLennart Poettering
2016-01-25resolve: use different bitmap checking rules when we find an exact NSEC3 matc...Lennart Poettering
2016-01-18update DNSSEC TODOLennart Poettering
2016-01-18resolved: rework IDNA logicLennart Poettering
2016-01-17resolved: update DNSSEC TODOLennart Poettering
2016-01-17resolved: update RFCs list and TODO listLennart Poettering
2016-01-17resolved: complete NSEC non-existance proofsLennart Poettering
2016-01-17resolved: make sure the NSEC proof-of-non-existance check also looks for wild...Lennart Poettering
2016-01-17resolved: on negative NODATA replies, properly deal with empty non-terminalsLennart Poettering
2016-01-17resolved: rename dnssec_verify_dnskey() → dnssec_verify_dnskey_by_ds()Lennart Poettering
2016-01-17resolved: be stricter when using NSEC3Lennart Poettering
2016-01-17resolved: when validating an RRset, store information about the synthesizing ...Lennart Poettering
2016-01-17resolved: do not use NSEC RRs from the wrong zone for proofsLennart Poettering
2016-01-17resolved: ignore DS RRs without generating an error if they use an unsupporte...Lennart Poettering
2016-01-17resolved: some RR types may appear only or not at all in a zone apexLennart Poettering
2016-01-13resolved: implement the full NSEC and NSEC3 postive wildcard proofsLennart Poettering
2016-01-13resolved: refuse validating wildcard RRs for SOA, NSEC3, DNAMELennart Poettering
2016-01-13resolved: properly handles RRs in domains beginning in an asterisk labelLennart Poettering
2016-01-13resolved: optimize dnssec_verify_rrset() a bitLennart Poettering
2016-01-13resolved: allocate bounded strings on stack instead of heap, if we canLennart Poettering
2016-01-13resolved: consider inverted RRSIG validity intervals expiredLennart Poettering
2016-01-11resolved: properly look for NSEC/NSEC3 RRs when getting a positive wildcard r...Lennart Poettering
2016-01-11resolved: split up nsec3_hashed_domain() into two callsLennart Poettering
2016-01-11resolved: drop flags unused parameter from nsec3_is_goodLennart Poettering
2016-01-11basic: introduce generic ascii_strlower_n() call and make use of it everywhereLennart Poettering
2016-01-11resolved: use dns_answer_size() where appropriate to handle NULL DnsAnswerLennart Poettering
2016-01-11resolved: rename suffix_rr → zone_rrLennart Poettering
2016-01-11resolved: fix NSEC3 iterations limit to what RFC5155 suggestsLennart Poettering
2016-01-06update DNSSEC TODOLennart Poettering
2016-01-05update DNSSEC TODOLennart Poettering
2016-01-05resolved,networkd: add a per-interface DNSSEC settingLennart Poettering
2016-01-05resolved: rename "downgrade-ok" mode to "allow-downgrade"Lennart Poettering
2016-01-05resolved: when caching negative responses, honour NSEC/NSEC3 TTLsLennart Poettering
2016-01-04update DNSSEC TODOLennart Poettering
2016-01-04resolved: partially implement RFC5011 Trust Anchor supportLennart Poettering
2016-01-04resolved: fix DNSSEC canonical ordering logicLennart Poettering
2016-01-03resolved: never authenticate RRsets with revoked keysLennart Poettering
2016-01-03resolved: print a log message when we ignore an NSEC3 RR with an excessive am...Lennart Poettering
2016-01-03Merge pull request #2255 from teg/resolved-fixes-2Lennart Poettering
2016-01-03resolved: add negative trust anchro support, and add trust anchor configurati...Lennart Poettering
2016-01-03resolved: dnssec - properly take wildcards into account in NESC3 proofTom Gundersen
2016-01-03resolved: dnssec - factor out hashed domain generationTom Gundersen
2016-01-03resolved: don't conclude NODATA if CNAME existsTom Gundersen
2016-01-02resolved: don't accept NSEC3 iteration fields unboundedLennart Poettering
2016-01-01resolved: dnssec - add reference to the algorithm we implementTom Gundersen
2016-01-01resolved: dnssec - prepend hashed labels to zone nameTom Gundersen
2016-01-01resolved: dnssec - rename some variablesTom Gundersen
2016-01-01resoled: dnssec - don't refuse to verify answer due to too many unrelated RRsTom Gundersen