Commits · d05dd58de1113bb99060af2772247a45ceb3a1ad · nanahira / Dnsmasq

20 Jan, 2016 2 commits
- Fix wrong reply to simple name when --domain-needed set and no servers configured. · d05dd58d
  Simon Kelley authored Jan 19, 2016
```
Also return REFUSED and not SERVFAIL when out of memory.

Thanks to Allain Legacy for problem report.
```
  d05dd58d
- Fix problems in last commit when DNSSEC not enabled. · f7443d76
  Simon Kelley authored Jan 19, 2016
  
  f7443d76
19 Jan, 2016 1 commit
- Complete DNSSEC server-selection code and set conntrack on DNSSEC queries. · f344dbc6
  Simon Kelley authored Jan 18, 2016
  
  f344dbc6
18 Jan, 2016 2 commits
- Fix sporadic crash in find_mac() - hwlen must be zero for empty entries. · f4d0c660
  Simon Kelley authored Jan 18, 2016
  
  f4d0c660
- Fix botch in forward.c flags code. · 1801a292
  Simon Kelley authored Jan 17, 2016
```
Thanks to Matthias Anfree for spotting this.
```
  1801a292
17 Jan, 2016 1 commit
- Complete work to allow DNSSEC validation with private DNS servers. · 92be34a4
  Simon Kelley authored Jan 16, 2016
  
  92be34a4
15 Jan, 2016 1 commit
- arp.c tidy up. · bb58f63c
  Simon Kelley authored Jan 14, 2016
  
  bb58f63c
12 Jan, 2016 4 commits
- Disable DNSSEC for server=/domain/.. servers unless trust-anchor provided. · 367341f7
  Simon Kelley authored Jan 12, 2016
  
  367341f7
- Fix bad cache-size calculation when hosts-file read fails. · eddf3652
  André Glüpker authored Jan 12, 2016
  
  eddf3652
- DNSSEC: Handle non-root trust anchors, and check we have a root trust anchor. · a63b8b89
  Simon Kelley authored Jan 12, 2016
  
  a63b8b89
- Inhibit DNSSEC validation when forwarding to private servers for a domain. · 5757371d
  Simon Kelley authored Jan 11, 2016
```
server=/example.com/<ip-of-server>

The rationale is that the chain-of-trust will not be complete to
private servers. If it was, it would not be necessary to access the
server direct.
```
  5757371d
07 Jan, 2016 3 commits
- Fix FTBFS when scripts excluded at compilation time. · b633de94
  Simon Kelley authored Jan 06, 2016
  
  b633de94
- Update copyright notices. Happy new year! · c49778df
  Simon Kelley authored Jan 06, 2016
  
  c49778df
- Handle building with script support enabled and DHCP disabled. · 53a9173f
  Simon Kelley authored Jan 06, 2016
  
  53a9173f
05 Jan, 2016 2 commits
- Fix botch in new arp-cache linked-list code resulting in 100% CPU spin. · d917275e
  Simon Kelley authored Jan 04, 2016
  
  d917275e
- Fix datatype-sixe botch which broke DNSSEC sig timestamps when far in the future. · cc7cb0b8
  Simon Kelley authored Jan 04, 2016
  
  cc7cb0b8
01 Jan, 2016 2 commits
- Trivial code tweak. · ec0628c4
  Simon Kelley authored Dec 31, 2015
  
  ec0628c4
- Correct logic for when to start helper. · 97b1d257
  Simon Kelley authored Dec 31, 2015
  
  97b1d257
29 Dec, 2015 1 commit
- First complete version of DNS-client-id EDNS0 and ARP tracking code. · 33702ab1
  Simon Kelley authored Dec 28, 2015
  
  33702ab1
24 Dec, 2015 1 commit
- Cache access to the kernel's ARP table. · 11867dc2
  Simon Kelley authored Dec 23, 2015
  
  11867dc2
23 Dec, 2015 1 commit
- More EDNS0 packet-size tweaks. · d3a8b39c
  Simon Kelley authored Dec 23, 2015
  
  d3a8b39c
22 Dec, 2015 4 commits
- Log signature algo with DNSKEY and DS, also digest with DS. · 15379ea1
  Simon Kelley authored Dec 21, 2015
  
  15379ea1
- Fix build failure when DNSSEC code omitted. · efef497b
  Simon Kelley authored Dec 21, 2015
  
  efef497b
- Truncate DNS replies >512 bytes that the client isn't expecting. · 5aa5f0ff
  Simon Kelley authored Dec 21, 2015
  
  5aa5f0ff
- Handle extending EDNS0 OPT RR. · 5bb88f09
  Simon Kelley authored Dec 21, 2015
  
  5bb88f09
21 Dec, 2015 6 commits
- Split EDNS0 stuff into its own source file. · 1d03016b
  Simon Kelley authored Dec 21, 2015
  
  1d03016b
- NSEC3 check: RFC5155 para 8.2 · ce5732e8
  Simon Kelley authored Dec 20, 2015
  
  ce5732e8
- Minor tweak to previous commit. · a86fdf43
  Simon Kelley authored Dec 20, 2015
  
  a86fdf43
- Nasty, rare and obscure off-by-one in DNSSEC hostname_cmp(). · 3e86d316
  Simon Kelley authored Dec 20, 2015
  
  3e86d316
- More tweaks in handling unknown DNSSEC algorithms. · d67ecac5
  Simon Kelley authored Dec 20, 2015
  
  d67ecac5
- Major tidy up of EDNS0 handling and computation/use of udp packet size. · fa14bec8
  Simon Kelley authored Dec 20, 2015
  
  fa14bec8
18 Dec, 2015 2 commits
- Do a better job of determining which DNSSEC sig algos are supported. · 14a4ae88
  Simon Kelley authored Dec 17, 2015
  
  14a4ae88
- Fix brace botch in dnssec_validate_ds() · 3b799c82
  Simon Kelley authored Dec 17, 2015
```
Thanks to Michał Kępień for spotting this.
```
  3b799c82
17 Dec, 2015 2 commits
- Tidy up DNSSEC non-existence code. Check zone status is NSEC proof bad. · b40f26c0
  Simon Kelley authored Dec 17, 2015
  
  b40f26c0
- Tweaks to EDNS0 handling in DNS replies. · dd4ad9ac
  Simon Kelley authored Dec 17, 2015
  
  dd4ad9ac
16 Dec, 2015 3 commits
- DNSSEC validation tweak. · 2dbba34b
  Simon Kelley authored Dec 16, 2015
```
A zone which has at least one key with an algorithm we don't
support should be considered as insecure.
```
  2dbba34b
- Generalise RR-filtering code, for use with EDNS0. · c2bcd1e1
  Simon Kelley authored Dec 15, 2015
  
  c2bcd1e1
- Move code which caches DS records to a more logical place. · d64c81ff
  Simon Kelley authored Dec 15, 2015
  
  d64c81ff
15 Dec, 2015 2 commits

Abandon caching RRSIGs and returning them from cache. · 93be5b1e

Simon Kelley authored Dec 15, 2015

The list of exceptions to being able to locally answer
cached data for validated records when DNSSEC data is requested
was getting too long, so don't ever do that. This means
that the cache no longer has to hold RRSIGS and allows
us to lose lots of code. Note that cached validated
answers are still returned as long as do=0

93be5b1e

Major rationalisation of DNSSEC validation. · 9a31b68b

Simon Kelley authored Dec 15, 2015

Much gnarly special-case code removed and replaced with correct
general implementaion. Checking of zone-status moved to DNSSEC code,
where it should be, vastly simplifying query-forwarding code.

9a31b68b