summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-dnssec.h
AgeCommit message (Expand)Author
2016-01-17resolved: rename dnssec_verify_dnskey() → dnssec_verify_dnskey_by_ds()Lennart Poettering
2016-01-13resolved: implement the full NSEC and NSEC3 postive wildcard proofsLennart Poettering
2016-01-11resolved: properly look for NSEC/NSEC3 RRs when getting a positive wildcard r...Lennart Poettering
2016-01-05resolved,networkd: add a per-interface DNSSEC settingLennart Poettering
2016-01-05resolved: rename "downgrade-ok" mode to "allow-downgrade"Lennart Poettering
2016-01-05resolved: when caching negative responses, honour NSEC/NSEC3 TTLsLennart Poettering
2016-01-04resolved: partially implement RFC5011 Trust Anchor supportLennart Poettering
2016-01-03resolved: print a log message when we ignore an NSEC3 RR with an excessive am...Lennart Poettering
2016-01-03resolved: dnssec - factor out hashed domain generationTom Gundersen
2016-01-03resolved: don't conclude NODATA if CNAME existsTom Gundersen
2015-12-26resolved: add an automatic downgrade to non-DNSSEC modeLennart Poettering
2015-12-26resolved: if we accepted unauthenticated NSEC/NSEC3 RRs, use them for proofsLennart Poettering
2015-12-18resolved: add support NSEC3 proofs, as well as proofs for domains that are OK...Lennart Poettering
2015-12-14resolved: add basic proof of non-existance support for NSEC+NSEC3Lennart Poettering
2015-12-11resolved: rework dnssec validation resultsLennart Poettering
2015-12-10resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabledLennart Poettering
2015-12-03resolved: introduce a dnssec_mode setting per scopeLennart Poettering
2015-12-03resolved: don't accept expired RRSIGsLennart Poettering
2015-12-02resolved: add basic DNSSEC supportLennart Poettering