Ondřej Surý 15096aefdf Make the dns_validator validations asynchronous and limit it ... Instead of running all the cryptographic validation in a tight loop, spread it out into multiple event loop "ticks", but moving every single validation into own isc_async_run() asynchronous event. Move the cryptographic operations - both verification and DNSKEY selection - to the offloaded threads (isc_work_enqueue), this further limits the time we spend doing expensive operations on the event loops that should be fast. Limit the impact of invalid or malicious RRSets that contain crafted records causing the dns_validator to do many validations per single fetch by adding a cap on the maximum number of validations and maximum number of validation failures that can happen before the resolving fails.		2024-02-01 21:45:06 +01:00
..
include	Reformat sources with up-to-date clang-format-17	2023-11-13 16:52:35 +01:00
aclconf.c	Add 'proxy' option to 'listen-on' statement	2023-12-06 15:15:25 +02:00
check.c	Remove obsolete check for resolver-nonbackoff-tries	2023-12-07 13:10:58 +01:00
dnsconf.c	Update the copyright information in all files in the repository	2022-01-11 09:05:02 +01:00
duration.c	Remove do-nothing header <isc/print.h>	2023-02-15 16:44:47 +00:00
kaspconf.c	CID 469729: Remove leftover return call	2023-12-06 10:51:15 +01:00
log.c	Update the copyright information in all files in the repository	2022-01-11 09:05:02 +01:00
Makefile.am	Move bind9/check to isccfg/check	2023-02-17 12:13:37 +00:00
namedconf.c	Make the dns_validator validations asynchronous and limit it	2024-02-01 21:45:06 +01:00
parser.c	Apply the isc_mem_cget semantic patch	2023-08-31 22:08:35 +02:00
tests	Move all the unit tests to /tests/<libname>/	2022-05-28 14:53:02 -07:00