summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-zone.h
AgeCommit message (Collapse)Author
2015-12-10resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabledLennart Poettering
This adds initial support for validating RRSIG/DNSKEY/DS chains when doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not implemented yet. With this change DnsTransaction objects will generate additional DnsTransaction objects when looking for DNSKEY or DS RRs to validate an RRSIG on a response. DnsTransaction objects are thus created for three reasons now: 1) Because a user asked for something to be resolved, i.e. requested by a DnsQuery/DnsQueryCandidate object. 2) As result of LLMNR RR probing, requested by a DnsZoneItem. 3) Because another DnsTransaction requires the requested RRs for validation of its own response. DnsTransactions are shared between all these users, and are GC automatically as soon as all of these users don't need a specific transaction anymore. To unify the handling of these three reasons for existance for a DnsTransaction, a new common naming is introduced: each DnsTransaction now tracks its "owners" via a Set* object named "notify_xyz", containing all owners to notify on completion. A new DnsTransaction state is introduced called "VALIDATING" that is entered after a response has been receieved which needs to be validated, as long as we are still waiting for the DNSKEY/DS RRs from other DnsTransactions. This patch will request the DNSKEY/DS RRs bottom-up, and then validate them top-down. Caching of RRs is now only done after verification, so that the cache is not poisoned with known invalid data. The "DnsAnswer" object gained a substantial number of new calls, since we need to add/remove RRs to it dynamically now.
2015-11-19Merge pull request #1947 from phomes/sort-includes2Lennart Poettering
tree-wide: sort includes in *.h
2015-11-18tree-wide: sort includes in *.hThomas Hindoe Paaboel Andersen
This is a continuation of the previous include sort patch, which only sorted for .c files.
2015-11-18resolved: simplify dns zone logic: take a single key when looking up entriesLennart Poettering
Instead of taking a DnsQuestion object (i.e. an array of keys) only take a single key. This simplifies things a bit, and as DNS/LLMNR require a single question per query message was unnecessary anyway. This mimics a similar change that was done a while ago for the dns cache logic.
2015-08-26resolved: dump cache and zone contents to syslog on SIGUSR1Lennart Poettering
2014-08-11resolved: make sure we don't mark the wrong zone RRs conflictingLennart Poettering
2014-08-11resolved: verify all RRs when we come back from suspendLennart Poettering
2014-08-11resolved: implement full LLMNR conflict detection logicLennart Poettering
2014-07-31resolved: implement LLMNR uniqueness verificationLennart Poettering
2014-07-30resolved: properly set TTL in SOA recordsLennart Poettering
2014-07-30resolved: include SOA records in LLMNR replies for non-existing RRs to allow ↵Lennart Poettering
negative caching
2014-07-29resolve: add llmnr responder side for UDP and TCPLennart Poettering
Name defending is still missing.