upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-02-03 18:49:28 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
19669 commits 142 branches 208 tags 63 MiB
Commit graph

3707 commits

Author SHA1 Message Date
Libor Peltan
34cb1aef7c dnssec/multi-keystore: implemented ksk-only keystore... 
...so that KSKs and ZSKs can be in distinct keystores
 2025-07-01 10:51:18 +02:00
Daniel Salzman
0a7d0fd9ca libknot: avoid calling close(-1) (Coverity) 2025-06-30 06:55:48 +02:00
Daniel Salzman
326525dbbe Merge branch 'knotd-cert-ca' into 'master' 
remote/acl TLS certificate validation

See merge request knot/knot-dns!1779
 2025-06-23 18:19:04 +02:00
Daniel Salzman
9f0f79779a server: purge sessticket_pool on server reload if creds changed 2025-06-23 17:55:14 +02:00
Jan Doskočil
261c378b74 conf: implemented certificate hostname validation 2025-06-23 17:55:14 +02:00
Daniel Salzman
82df13121e utils: add class aliases INTERNET and CHAOS 2025-06-14 20:48:18 +02:00
Daniel Salzman
4c9feb2572 tls: avoid passing NULL to strlen() when generating a certificate 2025-06-03 15:46:53 +02:00
Vladimír Čunát
f3124e1c4f
pkt: fix our check for trailing rdata when parsing 
- in case the \0 terminator got "compressed", we would get
  a spurious KNOT_EMALF
- if real compression happened, we could miss the fact
  that there are trailing data
 2025-06-02 15:57:23 +02:00
Jan Doskočil
56979de6f8
knotd: self-signed cert with SAN instead of Subject: CN 2025-06-02 11:27:57 +02:00
Libor Peltan
da0e3b0d95 dnskey sync: skip rrs with different keytag modulo 2025-05-26 10:17:42 +02:00
Daniel Salzman
fb9b2cc102 libknot: extend TLS API to be used for non-DNS communication 2025-05-19 08:19:15 +02:00
Daniel Salzman
5e34fd81d2 modules: allow zone-reload/reload to fail due to module configuration errors 
Based on https://github.com/CZ-NIC/knot/pull/34
 2025-05-12 16:22:30 +02:00
Libor Peltan
e7b46ce96b libknot/errors: refactoring -- reordering error codes 2025-05-06 15:35:49 +02:00
Libor Peltan
3f13a47ce1 refactoring/errors: two more specific codes instead of most KNOT_EAGAIN 2025-05-06 15:35:45 +02:00
Libor Peltan
0e1a925143 errors: less misleading message 2025-05-06 15:35:45 +02:00
Daniel Salzman
0b82e73f63 libknot/tls: don't use %DISABLE_TLS13_COMPAT_MODE with old GnuTLS versions... 
and allow TLS 1.2 in kdig.
 2025-05-06 12:59:46 +02:00
Daniel Salzman
9424715179 tls/quic: revert %DISABLE_TLS13_COMPAT_MODE removal 
The compatibility doesn't make sense with QUIC. With TLS it doesn't seem
to be necessary any more.

fixes #954
 2025-04-16 09:58:38 +02:00
Libor Peltan
42ba2b0b33 confio: additional check of same thread for whole confio txn 2025-04-14 18:07:52 +02:00
Libor Peltan
2666c6ff02 libknot/DoT: use GNUTLS_NO_END_OF_EARLY_DATA for QUIC only... 
...as ngtcp2 seems to require it
 2025-04-08 18:06:02 +02:00
Libor Peltan
9d5dd57981 fix TLS/0-RTT server-side by removing nonsensial relict +test 2025-04-08 18:06:02 +02:00
David Vašek
183bb878c4 quic: fix a possible NULL pointer dereference 2025-04-01 17:37:14 +02:00
Daniel Salzman
ad0c3f900b tls: add poll before gnutls_handshake to fix issues on FreeBSD 2025-03-30 10:47:42 +02:00
Daniel Salzman
c2a6056b56 src: relicense to GPL-2.0-or-later 2025-03-24 09:53:50 +01:00
Libor Peltan
dc325e87d5 zone/skip: also applies to zone diff computation 2025-03-12 12:37:59 +01:00
Daniel Salzman
933ef44ae7 xdp: fix vlan_map size calculation 
All indexes must be considered to avoid out-of-bound array access.
 2025-01-31 16:12:39 +01:00
Daniel Salzman
0f34c44d3f libknot: add EDNS ZONEVERSION support 2025-01-20 12:38:41 +01:00
Daniel Salzman
48cbe1577d xdp: update filter binary using Clang 18 2025-01-05 18:27:12 +01:00
Daniel Salzman
57b57eef49 xdp: add IPv6 extended headers parsing support with some filtering 
- Any packet with more than 3 IPv6 headers is dropped.
- Any packet with an IPPROTO_NONE or a reserved header (253 and 253) is dropped.
- A DNS-related packet is dropped if it contains any extended header.
 2025-01-05 18:27:12 +01:00
Daniel Salzman
6e0adc2db5 xdp: unify used byte-order conversion functions 
Note that functions like bpf_htons() internally disinguish whether the argument
is a constant.
 2025-01-03 19:44:20 +01:00
Daniel Salzman
b80a8508e9 xdp: drop DNS messages shorter than DNS header length 2025-01-03 19:44:20 +01:00
Daniel Salzman
57e40a4809 xdp: add check for IP payload length and udp->len equality 2025-01-03 19:44:20 +01:00
Daniel Salzman
2391550cee xdp: refactor access checks to be uniform with the other checks 2025-01-03 19:44:20 +01:00
Daniel Salzman
c29e79178a tls: call gnutls_bye() when closing a TLS connection 2025-01-03 11:35:36 +01:00
Jan Hák
69669d5349 libknot/quic: fix usage of new atomic in code (variable cert_creds) 2024-12-11 17:36:20 +01:00
Jan Hák
d459590fd6 libknot/quic: fix usage of new atomic in code (variable obufs_size) 2024-12-11 17:36:20 +01:00
Daniel Salzman
5840f0616a server: preserve KNOTD_QUERY_FLAG_AUTHORIZED across handling 2024-12-03 11:22:49 +01:00
Libor Peltan
d6c68c9d41 nameserver: add check for \0 bytes in QNAME labels and respond it as NXDOMAIN ... 
if it doens't exactly match a node owner.
 2024-11-15 08:07:25 +01:00
Daniel Salzman
82c3dbbbcb libknot: add knot_dname_with_null() 2024-11-15 08:07:25 +01:00
Daniel Salzman
80e636cf2c server: create QUIC/TLS key with the configured or running UID and GID 2024-10-13 07:53:12 +02:00
Libor Peltan
20be04fa97 kxdpgun: block eventual creation of conns when recvd initial... 
...just to make sure
 2024-10-11 19:24:49 +02:00
Daniel Salzman
000c5276f8 ctl: rename KNOT_CTL_IDX_FILTER to KNOT_CTL_IDX_FILTERS 2024-09-24 17:10:22 +02:00
Jan Hák
aaff152cfd yparser: add support for link-local IPv6 addresses 2024-09-16 12:46:46 +02:00
谢致邦 (XIE Zhibang)
fa35c16aca quic: remove already unused QUIC_ macros 
Fixes: bd75c1fe3 (tls: unification of TLS priority settings, 2024-04-26)
Signed-off-by: 谢致邦 (XIE Zhibang) <Yeking@Red54.com>
 2024-09-15 19:36:44 +02:00
Libor Peltan
ad0ea6e3a8 libknot/QUIC/DDNS: fix race when unblocking conn after sent DDNS reply 2024-09-13 13:42:58 +02:00
Libor Peltan
252c830894 libknot/TLS: unify flags for TLS and QUIC 2024-09-12 12:31:32 +02:00
Jan Včelák
314d0b1f10
libknot: add NXNAME meta type 2024-09-11 10:33:21 +02:00
Libor Peltan
39d982eb3c DoT: implemented TLS session resumption 2024-09-10 19:47:07 +02:00
Libor Peltan
4468af58dd ctl: implemented multi-threaded (mutexted) CTL handling 2024-09-01 18:35:17 +02:00
Jan Hák
635434b735 libknot: fix zero pointer dereference of TSIG 2024-08-27 18:51:48 +02:00
Jan Doskočil
fad9ce9f34 yparser: new time unit specifiers 
w = week
M = month
y = year
 2024-08-24 15:17:53 +02:00