summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-dnssec.c
AgeCommit message (Expand)Author
2016-01-17resolved: some RR types may appear only or not at all in a zone apexLennart Poettering
2016-01-13resolved: implement the full NSEC and NSEC3 postive wildcard proofsLennart Poettering
2016-01-13resolved: refuse validating wildcard RRs for SOA, NSEC3, DNAMELennart Poettering
2016-01-13resolved: properly handles RRs in domains beginning in an asterisk labelLennart Poettering
2016-01-13resolved: optimize dnssec_verify_rrset() a bitLennart Poettering
2016-01-13resolved: allocate bounded strings on stack instead of heap, if we canLennart Poettering
2016-01-13resolved: consider inverted RRSIG validity intervals expiredLennart Poettering
2016-01-11resolved: properly look for NSEC/NSEC3 RRs when getting a positive wildcard r...Lennart Poettering
2016-01-11resolved: split up nsec3_hashed_domain() into two callsLennart Poettering
2016-01-11resolved: drop flags unused parameter from nsec3_is_goodLennart Poettering
2016-01-11basic: introduce generic ascii_strlower_n() call and make use of it everywhereLennart Poettering
2016-01-11resolved: use dns_answer_size() where appropriate to handle NULL DnsAnswerLennart Poettering
2016-01-11resolved: rename suffix_rr → zone_rrLennart Poettering
2016-01-11resolved: fix NSEC3 iterations limit to what RFC5155 suggestsLennart Poettering
2016-01-06update DNSSEC TODOLennart Poettering
2016-01-05update DNSSEC TODOLennart Poettering
2016-01-05resolved,networkd: add a per-interface DNSSEC settingLennart Poettering
2016-01-05resolved: rename "downgrade-ok" mode to "allow-downgrade"Lennart Poettering
2016-01-05resolved: when caching negative responses, honour NSEC/NSEC3 TTLsLennart Poettering
2016-01-04update DNSSEC TODOLennart Poettering
2016-01-04resolved: partially implement RFC5011 Trust Anchor supportLennart Poettering
2016-01-04resolved: fix DNSSEC canonical ordering logicLennart Poettering
2016-01-03resolved: never authenticate RRsets with revoked keysLennart Poettering
2016-01-03resolved: print a log message when we ignore an NSEC3 RR with an excessive am...Lennart Poettering
2016-01-03Merge pull request #2255 from teg/resolved-fixes-2Lennart Poettering
2016-01-03resolved: add negative trust anchro support, and add trust anchor configurati...Lennart Poettering
2016-01-03resolved: dnssec - properly take wildcards into account in NESC3 proofTom Gundersen
2016-01-03resolved: dnssec - factor out hashed domain generationTom Gundersen
2016-01-03resolved: don't conclude NODATA if CNAME existsTom Gundersen
2016-01-02resolved: don't accept NSEC3 iteration fields unboundedLennart Poettering
2016-01-01resolved: dnssec - add reference to the algorithm we implementTom Gundersen
2016-01-01resolved: dnssec - prepend hashed labels to zone nameTom Gundersen
2016-01-01resolved: dnssec - rename some variablesTom Gundersen
2016-01-01resoled: dnssec - don't refuse to verify answer due to too many unrelated RRsTom Gundersen
2016-01-01resolved: dnssec - fix off-by-one in RSA key parsingTom Gundersen
2015-12-29resolved: NSEC3 hash algorithms are distinct from DS digest algorithmsLennart Poettering
2015-12-29update DNSSEC TODOLennart Poettering
2015-12-29resolved: add comments referencing various RFCs to various placesLennart Poettering
2015-12-28Merge pull request #2231 from phomes/resolve-misc2Tom Gundersen
2015-12-28resolved: update DNSSEC TODOLennart Poettering
2015-12-28resolved: use RRSIG expiry and original TTL for cache managementLennart Poettering
2015-12-28resolved: only keep a single list of supported signature algorithmsLennart Poettering
2015-12-28resolved: add ECDSA signature supportLennart Poettering
2015-12-28resolved: split out RSA-specific code from dnssec_verify_rrset()Lennart Poettering
2015-12-28resolved: simplify MD algorithm initialization a bitLennart Poettering
2015-12-28resolved: add SHA384 digest supportLennart Poettering
2015-12-28resolve: remove unused variablesThomas Hindoe Paaboel Andersen
2015-12-26resolved: add an automatic downgrade to non-DNSSEC modeLennart Poettering
2015-12-26resolved: if we accepted unauthenticated NSEC/NSEC3 RRs, use them for proofsLennart Poettering
2015-12-26resolved: be stricter when searching for a DS RR for a DNSKEY RRLennart Poettering