Ondřej Surý 15096aefdf Make the dns_validator validations asynchronous and limit it ... Instead of running all the cryptographic validation in a tight loop, spread it out into multiple event loop "ticks", but moving every single validation into own isc_async_run() asynchronous event. Move the cryptographic operations - both verification and DNSKEY selection - to the offloaded threads (isc_work_enqueue), this further limits the time we spend doing expensive operations on the event loops that should be fast. Limit the impact of invalid or malicious RRSets that contain crafted records causing the dns_validator to do many validations per single fetch by adding a cap on the maximum number of validations and maximum number of validation failures that can happen before the resolving fails.		2024-02-01 21:45:06 +01:00
..
check	disable checks by default in named-compilezone	2023-12-20 16:57:19 -08:00
confgen	Handle fatal and FIPS provider interactions	2023-04-03 12:44:27 +10:00
delv	fix consistency check for delv +ns and +qmin	2023-12-06 17:31:39 -08:00
dig	Handle ISC_R_SHUTTINGDOWN in dighost.c:tcp_connected	2023-12-19 09:43:15 +11:00
dnssec	Lower the maximum allowed NSEC3 iterations to 50	2023-12-05 14:58:58 +00:00
named	Make the dns_validator validations asynchronous and limit it	2024-02-01 21:45:06 +01:00
nsupdate	NetBSD has added 'hmac' to libc so rename out uses of hmac	2023-12-13 22:27:38 +00:00
plugins	Remove 'inst != NULL' from cleanup check in plugin_register	2023-04-04 23:51:22 +00:00
rndc	remove bin/rndc/rndc.conf	2023-12-06 17:31:38 -08:00
tests	Set the DNSKEY TTLs to match the dnssec policy	2024-01-03 12:09:12 +11:00
tools	remove some long-deprecated arguments from dig	2023-12-06 17:32:09 -08:00
Makefile.am	Remove native PKCS#11 support	2021-09-09 15:35:39 +02:00