~lukeshu/systemd - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2016-01-05	resolved,networkd: unify ResolveSupport enum	Lennart Poettering
	networkd previously knew an enum "ResolveSupport" for configuring per-interface LLMNR support, resolved had a similar enum just called "Support", with the same value and similar pasers. Unify this, call the enum ResolveSupport, and port both daemons to it.
2016-01-05	resolved: when caching negative responses, honour NSEC/NSEC3 TTLs	Lennart Poettering
	When storing negative responses, clamp the SOA minimum TTL (as suggested by RFC2308) to the TTL of the NSEC/NSEC3 RRs we used to prove non-existance, if it there is any. This is necessary since otherwise an attacker might put together a faked negative response for one of our question including a high-ttl SOA RR for any parent zone, and we'd use trust the TTL.
2015-12-18	resolved: add support NSEC3 proofs, as well as proofs for domains that are ↵	Lennart Poettering
	OK to be unsigned This large patch adds a couple of mechanisms to ensure we get NSEC3 and proof-of-unsigned support into place. Specifically: - Each item in an DnsAnswer gets two bit flags now: DNS_ANSWER_AUTHENTICATED and DNS_ANSWER_CACHEABLE. The former is necessary since DNS responses might contain signed as well as unsigned RRsets in one, and we need to remember which ones are signed and which ones aren't. The latter is necessary, since not we need to keep track which RRsets may be cached and which ones may not be, even while manipulating DnsAnswer objects. - The .n_answer_cachable of DnsTransaction is dropped now (it used to store how many of the first DnsAnswer entries are cachable), and replaced by the DNS_ANSWER_CACHABLE flag instead. - NSEC3 proofs are implemented now (lacking support for the wildcard part, to be added in a later commit). - Support for the "AD" bit has been dropped. It's unsafe, and now that we have end-to-end authentication we don't need it anymore. - An auxiliary DnsTransaction of a DnsTransactions is now kept around as least as long as the latter stays around. We no longer remove the auxiliary DnsTransaction as soon as it completed. THis is necessary, as we now are interested not only in the RRsets it acquired but also in its authentication status.
2015-12-10	resolved: discard any reply packet that contains a bogus name	Daniel Mack
	Only .in-addr.arpa and .local are considered local in mDNS, so discard the packet if anything else is thrown at us.
2015-12-09	resolved: llmnr, mdns: simplify error handling	Daniel Mack
	sd_event_add_io() returns the error directly and does not mess with errno.
2015-12-08	resolved: add mDNS packet dispatcher	Daniel Mack
	Add the packet dispatching routine for mDNS. It differs to what LLMNR and DNS dispatchers do in the way it matches incoming packets. In mDNS, we actually handle all incoming packets, regardless whether we asked for them earlier or not.
2015-12-08	resolved: add infrastructure for mDNS related sockets	Daniel Mack
	Just hook up mDNS listeners with an empty packet dispather function, introduce a config directive, man page updates etc.