summaryrefslogtreecommitdiff
path: root/src/resolve
AgeCommit message (Expand)Author
2016-01-17resolved: rename dnssec_verify_dnskey() → dnssec_verify_dnskey_by_ds()Lennart Poettering
2016-01-17resolved: be stricter when using NSEC3Lennart Poettering
2016-01-17resolved: when validating an RRset, store information about the synthesizing ...Lennart Poettering
2016-01-17resolved: do not use NSEC RRs from the wrong zone for proofsLennart Poettering
2016-01-17resolved: ignore DS RRs without generating an error if they use an unsupporte...Lennart Poettering
2016-01-17resolved: some RR types may appear only or not at all in a zone apexLennart Poettering
2016-01-13resolved: implement the full NSEC and NSEC3 postive wildcard proofsLennart Poettering
2016-01-13resolved: refuse validating wildcard RRs for SOA, NSEC3, DNAMELennart Poettering
2016-01-13resolved: properly handles RRs in domains beginning in an asterisk labelLennart Poettering
2016-01-13resolved: optimize dnssec_verify_rrset() a bitLennart Poettering
2016-01-13resolved: allocate bounded strings on stack instead of heap, if we canLennart Poettering
2016-01-13resolved: consider inverted RRSIG validity intervals expiredLennart Poettering
2016-01-11resolved: improve query RR type error wording a bitLennart Poettering
2016-01-11resolved: don#t allow explicit queries for RRSIG RRsLennart Poettering
2016-01-11resolved: refuse doing queries for known-obsolete RR typesLennart Poettering
2016-01-11resolved: rename DnsTransaction's current_features field to current_feature_l...Lennart Poettering
2016-01-11resolved: split out resetting of DNS server counters into a function call of ...Lennart Poettering
2016-01-11resolved: accept rightfully unsigned NSEC responsesLennart Poettering
2016-01-11resolved: rework how and when we detect whether our chosen DNS server knows D...Lennart Poettering
2016-01-11resolved: cache formatted server string in DnsServer structureLennart Poettering
2016-01-11resolved: rework server feature level logicLennart Poettering
2016-01-11resolved: add missing case to switch statementLennart Poettering
2016-01-11resolved: log why we use TCP when UDP isn't supported by a serverLennart Poettering
2016-01-11resolved: log about truncated replies before trying again, not afterLennart Poettering
2016-01-11resolved: don't attempt to send queries for DNSSEC RR types to servers not su...Lennart Poettering
2016-01-11resolved: log about reasons for switching to TCPLennart Poettering
2016-01-11resolved: when we get a packet failure from a server, don't downgrade UDP to ...Lennart Poettering
2016-01-11resolved: properly handle UDP ICMP errors as lost packetsLennart Poettering
2016-01-11resolved: when we get a TCP connection failure, try againLennart Poettering
2016-01-11resolved: when DNS/TCP doesn't work, try DNS/UDP againLennart Poettering
2016-01-11resolved: introduce dns_transaction_retry() and use it everywhereLennart Poettering
2016-01-11resolved: set a description on all our event sourcesLennart Poettering
2016-01-11resolved: fix error propagationLennart Poettering
2016-01-11shared: make sure foo.bar and foobar result in different domain name hashesLennart Poettering
2016-01-11resolved: properly look for NSEC/NSEC3 RRs when getting a positive wildcard r...Lennart Poettering
2016-01-11resolved: split up nsec3_hashed_domain() into two callsLennart Poettering
2016-01-11resolved: drop flags unused parameter from nsec3_is_goodLennart Poettering
2016-01-11resolved: when validating, first strip revoked trust anchor keys from validat...Lennart Poettering
2016-01-11basic: introduce generic ascii_strlower_n() call and make use of it everywhereLennart Poettering
2016-01-11resolved: rework trust anchor revoke checkingLennart Poettering
2016-01-11resolved: look for revoked trust anchors before validating a messageLennart Poettering
2016-01-11resolved: use dns_answer_size() where appropriate to handle NULL DnsAnswerLennart Poettering
2016-01-11resolved: remove one level of indentation in dns_transaction_validate_dnssec()Lennart Poettering
2016-01-11resolved: be less strict where the OPT pseudo-RR is placedLennart Poettering
2016-01-11resolved: rename suffix_rr → zone_rrLennart Poettering
2016-01-11resolved: fix NSEC3 iterations limit to what RFC5155 suggestsLennart Poettering
2016-01-07Merge pull request #2284 from teg/resolved-cname-2Lennart Poettering
2016-01-07resolved: query_process_cname - make fully recursiveTom Gundersen
2016-01-06update DNSSEC TODOLennart Poettering
2016-01-06resolved: introduce support for per-interface negative trust anchorsLennart Poettering