summaryrefslogtreecommitdiff
path: root/src/resolve
AgeCommit message (Collapse)Author
2016-01-04update DNSSEC TODOLennart Poettering
2016-01-04resolved: explicitly handle case when the trust anchor is emptyLennart Poettering
Since we honour RFC5011 revoked keys it might happen we end up with an empty trust anchor, or one where there's no entry for the root left. With this patch the logic is changed what to do in this case. Before this patch we'd end up requesting the root DS, which returns with NODATA but a signed NSEC we cannot verify, since the trust anchor is empty after all. Thus we'd return a DNSSEC result of "missing-key", as we lack a verified version of the key. With this patch in place, look-ups for the root DS are explicitly recognized, and not passed on to the DNS servers. Instead, if downgrade-ok mode is on an unsigned NODATA response is synthesized, so that the validator code continues under the assumption the root zone was unsigned. If downgrade-ok mode is off a new transaction failure is generated, that makes this case recognizable.
2016-01-04resolved: introduce a proper bus error for DNSSEC validation errorsLennart Poettering
2016-01-04resolved: explicitly avoid cyclic transaction dependenciesLennart Poettering
We already try hard not to create cyclic transaction dependencies, where a transaction requires another one for DNSSEC validation purposes, which in turn (possibly indirectly) pulls in the original transaction again, thus resulting in a cyclic dependency and ultimately a deadlock since each transaction waits for another one forever. So far we wanted to avoid such cyclic dependencies by only going "up the tree" when requesting auxiliary RRs and only going from one RR type to another, but never back. However this turned out to be insufficient. Consider a domain that publishes one or more DNSKEY but which has no DS for it. A request for the domain's DNSKEY triggers a request for the domain's DS, which will then fail, but return an NSEC, signed by the DNSKEY. To validate that we'd request the DNSKEY again. Thus a DNSKEY request results in a DS request which results in the original DNSKEY request again. If the original lookup had been a DS lookup we'd end up in the same cyclic dependency, hence we cannot statically break one of them, since both requests are of course fully valid. Hence, do full cyclic dependency checking: each time we are about to add a dependency to a transaction, check if the transaction is already a dependency of the dependency (recursively down the tree).
2016-01-04resolved: block transaction GC'ing while ↵Lennart Poettering
dns_transaction_request_dnssec_keys() is running If any of the transactions started by dns_transaction_request_dnssec_keys() finishes promptly without requiring asynchronous operation this is reported back to the issuing transaction from the same stackframe. This might ultimately result in this transaction to be freed while we are still in its _request_dnssec_keys() stack frame. To avoid memory corruption block the transaction GC while in the call, and manually issue a GC after it returned.
2016-01-04update RFCsLennart Poettering
2016-01-04resolved: partially implement RFC5011 Trust Anchor supportLennart Poettering
With this patch resolved will properly handle revoked keys, but not augment the locally configured trust anchor database with newly learned keys. Specifically, resolved now refuses validating RRsets with revoked keys, and it will remove revoked keys from the configured trust anchors (only until reboot). This patch does not add logic for adding new keys to the set of trust anchors. This is a deliberate decision as this only can work with persistent disk storage, and would result in a different update logic for stateful and stateless systems. Since we have to support stateless systems anyway, and don't want to encourage two independent upgrade paths we focus on upgrading the trust anchor database via the usual OS upgrade logic. Whenever a trust anchor entry is found revoked and removed from the trust anchor a recognizable log message is written, encouraging the user to update the trust anchor or update his operating system.
2016-01-04resolved: fix DNSSEC canonical ordering logicLennart Poettering
When applying canonical DNSSEC ordering for an RRset only order by the wire format of the RRs' RDATA, not by the full wire formatting. The RFC isn't particularly clear about this, but this is apparently how it is done. This fixes validation of pentagon.gov's DS RRset.
2016-01-04resolved: actually make use of message ID when logging about failed DNSSEC ↵Lennart Poettering
validation
2016-01-03resolved: refuse revoked DNSKEYs in trust anchorLennart Poettering
2016-01-03resolved: never authenticate RRsets with revoked keysLennart Poettering
2016-01-03resolved: print a log message when we ignore an NSEC3 RR with an excessive ↵Lennart Poettering
amount of iterations
2016-01-03Merge pull request #2255 from teg/resolved-fixes-2Lennart Poettering
Fixes to NSEC3 proof v2
2016-01-03resolve: add RFC4501 URI support to systemd-resolve-hostLennart Poettering
2016-01-03resolved: add negative trust anchro support, and add trust anchor ↵Lennart Poettering
configuration files This adds negative trust anchor support and allows reading trust anchor data from disk, from files /etc/systemd/dnssec-trust-anchors.d/*.positive and /etc/systemd/dnssec-trust-anchros.d/*.negative, as well as the matching counterparts in /usr/lib and /run. The positive trust anchor files are more or less compatible to normal DNS zone files containing DNSKEY and DS RRs. The negative trust anchor files contain only new-line separated hostnames for which to require no signing. By default no trust anchor files are installed, in which case the compiled-in root domain DS RR is used, as before. As soon as at least one positive root anchor for the root is defined via trust anchor files this buil-in DS RR is not added though.
2016-01-03resolved: dnssec - properly take wildcards into account in NESC3 proofTom Gundersen
For NXDOMAIN, it is not sufficient to prove that the next-closest enclosure does not exist, we must also prove that there is no wildcard domain directly below the closest enclosure which would synthesise the name that has been requested. For positive responses, in addition to exact matches, we should accept wildcard ones. In that case we must first prove that there is no precise match (i.e., that the closest encounter is not the record itself) and secondly that the source of synthesis exists.
2016-01-03resolved: dnssec - factor out hashed domain generationTom Gundersen
2016-01-03resolved: don't conclude NODATA if CNAME existsTom Gundersen
Instead introduce the new return-code DNSSEC_NSEC_CNAME to indicate this condition. See RFC 6840, Section 4.3.
2016-01-02resolved: fix serialization of the root domainLennart Poettering
2016-01-02resolved: only suffix RR key names with a dot if they don't have one yetLennart Poettering
2016-01-02resolved: don't accept NSEC3 iteration fields unboundedLennart Poettering
2016-01-02resolved: explain why we don't check IP addresses/ports of incoming DNS UDP ↵Lennart Poettering
traffic
2016-01-02resolved: extend RFCs list a bitLennart Poettering
2016-01-01resolved: dnssec - add reference to the algorithm we implementTom Gundersen
2016-01-01resolved: dnssec - prepend hashed labels to zone nameTom Gundersen
All hashed names consist of the hashed label prepended to the zone name, not to the closest enclosure.
2016-01-01resolved: dnssec - rename some variablesTom Gundersen
Makes the NSEC3 proof somewhat simpler to follow.
2016-01-01resoled: dnssec - don't refuse to verify answer due to too many unrelated RRsTom Gundersen
Let VERIFY_RRS_MAX be about the max number of RRs in an RRSet that we actually try to verify, not about the total number of RRs in the RRSet.
2016-01-01resolved: dnssec - fix off-by-one in RSA key parsingTom Gundersen
If the first byte of the key is zero, the key-length is stored in the second and third byte (not first and second).
2015-12-29resolved: add a list of DNS-related RFCs and their implementation status in ↵Lennart Poettering
resolved
2015-12-29resolved: append RFC6975 algorithm data to EDNS OPT RRLennart Poettering
2015-12-29resolved: NSEC3 hash algorithms are distinct from DS digest algorithmsLennart Poettering
Previously, we'd use the same set of identifiers for both, but that's actually incorrect. It didn't matter much since the only NSEC3 hash algorithm defined (SHA-1) is mapped to code 1 which is also what it is encoded as in DS digests, but we really should make sure to use two distinct enumerations.
2015-12-29update DNSSEC TODOLennart Poettering
2015-12-29resolved: add comments referencing various RFCs to various placesLennart Poettering
2015-12-29resolved: include GOST in list of DNSSEC algorithmsLennart Poettering
We don't implement it, and we have no intention to, but at least mention that it exists. (This also adds a couple of other algorithms to the algorithm string list, where these strings were missing previously.)
2015-12-29resolved: use CLAMP() intsead of MIN(MAX())Lennart Poettering
2015-12-29resolved: don't allow RRs with TTL=0 and TTL!=0 in the same RRsetLennart Poettering
2015-12-29resolved: parse EDNS0 rcode extension bitsLennart Poettering
2015-12-29resolved: reset RR TTL to 0, if MSB is setLennart Poettering
RFC 2181, Section 8 suggests to treat an RR TTL with the MSB set as 0. Implement this.
2015-12-29resolved: properly handle SRV RRs with the DNS root as hostnameLennart Poettering
2015-12-28Merge pull request #2231 from phomes/resolve-misc2Tom Gundersen
Resolve misc2
2015-12-28resolved: update DNSSEC TODOLennart Poettering
2015-12-28resolved: also use RRSIG expiry for negative cachingLennart Poettering
This makes sure that we also honour the RRSIG expiry for negative caching.
2015-12-28resolved: use RRSIG expiry and original TTL for cache managementLennart Poettering
When we verified a signature, fix up the RR's TTL to the original TTL mentioned in the signature, and store the signature expiry information in the RR, too. Then, use that when adding RRs to the cache.
2015-12-28resolved: clean up dns_transaction_stop()Lennart Poettering
This renames dns_transaction_stop() to dns_transaction_stop_timeout() and makes it only about stopping the transaction timeout. This is safe, as in most occasions we call dns_transaction_stop() at the same time as dns_transaction_close_connection() anyway, which does the rest of what dns_transaction_stop() used to do. And in the one where we don't call it, it's implicitly called by the UDP emission or TCP connection code. This also closes the connections as we enter the validation phase of a transaction, so that no further messages may be received then.
2015-12-28resolved: only keep a single list of supported signature algorithmsLennart Poettering
This removes dnssec_algorithm_supported() and simply uses the algorithm_to_gcrypt() result as indication whether a DNSSEC algorithm is supported. The patch also renames "algorithm" to "md_algorithm", in a few cases, in order to avoid confusion between DNSSEC signature algorithms and gcrypt message digest algorithms.
2015-12-28resolved: add ECDSA signature supportLennart Poettering
2015-12-28resolved: split out RSA-specific code from dnssec_verify_rrset()Lennart Poettering
In preparation for ECDSA support.
2015-12-28resolved: simplify MD algorithm initialization a bitLennart Poettering
2015-12-28resolved: add SHA384 digest supportLennart Poettering
2015-12-28resolve: remove unused variablesThomas Hindoe Paaboel Andersen