upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-02-03 18:49:28 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
19363 commits 142 branches 208 tags 63 MiB
Commit graph

51 commits

Author SHA1 Message Date
Libor Peltan
e4aa69fe67 tests: add XoT (XFR over TLS) interop with Bind9 2024-10-23 13:42:43 +02:00
Libor Peltan
323f215e58 nameserver: avoid wildcard-expansion-by-compression trick on DNAME... 
...as in that case the DNAME node owner differs from original qname
 2023-09-19 11:22:55 +02:00
Libor Peltan
1e6d6b04af tests/flags: add NULL record with empty rdata (just for fun) 2023-08-22 15:56:35 +02:00
Daniel Salzman
e0da1872ec tests-extra: update valgrind suppressions for Ubuntu 22.04 2022-05-12 09:44:42 +02:00
Libor Peltan
0add240070 tests: make flags. zone readable by bind 2021-10-01 10:44:15 +02:00
Libor Peltan
60632709ed nameserver: dont put additionals induced by additionals 2021-09-30 13:26:50 +02:00
Libor Peltan
1a22a8a4a0 bugfix: fix answering with opt-outed NSEC3 on empty-non-terminal 2021-08-31 09:18:10 +02:00
Daniel Salzman
9d401712c0 tests-extra: remove explicit TTLs from records.zone to solve different processing Knot/Bind 2021-06-23 07:31:24 +02:00
Daniel Salzman
e57e99fe7e nameserver: correct owner of answered CNAME from wildcard expansion 
fixes #715
 2021-05-25 17:21:03 +02:00
Libor Peltan
fa5b745402 tests/catalog: recover from kill between update and zonedb_reload 2021-03-26 12:07:32 +01:00
Daniel Salzman
1f98f8dc18 nameserver: decrease maximum CNAME/DNAME chain length from 20 to 5 
The reason for this change is to reduce possible amplification attacks and
other negative effects of long processing loops.

Also most resolvers don't accept multiple jumps without requerying, so this
change should be harmless.
 2021-03-05 08:50:06 +01:00
Libor Peltan
06a319cab0 nameserver: allow applying one DNAME repeatedly (e.g. DNAME loop) 2021-03-05 08:50:06 +01:00
Libor Peltan
16a4d29578 nameserver: don't follow DNAME under delegation (NONAUTH node) 2021-01-14 13:33:18 +01:00
Libor Peltan
12f56116c1 nameserver: don't follow CNAME under delegation (NONAUTH node) 2021-01-14 12:57:55 +01:00
Daniel Salzman
599c4a9dbb tests-extra: fix DNAME loop test case in basic/query 2020-12-21 14:47:58 +01:00
Libor Peltan
33324965ca DNAME: synthesized CNAME might be perfect answer to CNAME query 2020-11-20 09:26:45 +01:00
Libor Peltan
ba77821d66 bugfix: NXDOMAIN authority SOA has TTL limited by minimum-ttl field 
See https://tools.ietf.org/html/rfc2308#section-3
 2020-02-29 20:10:41 +01:00
Libor Peltan
af0025424a nameserver: limit processing depth of C/DNAME chain 2019-11-26 13:12:40 +01:00
Libor Peltan
b4eaafe62d dnssec: implemented parallel signing of zone 2019-01-09 17:19:41 +01:00
Daniel Salzman
066cc4c7ed tests-extra: update README and valgrind suppression file 2018-04-25 13:34:23 +02:00
Daniel Salzman
2f92f5894d internet: solve DS query bellow a delegation point as a delegation 2017-11-18 20:30:02 +01:00
Vítězslav Kříž
102c7f4f83 tests-extra: valgrind suppression for call_rcu 2017-03-08 18:16:20 +01:00
Daniel Salzman
9c42c1442c tests-extra: update EDNS payload tests 2017-01-29 12:23:02 +01:00
Daniel Salzman
59d110fc4f internet: skip empty non-terminal parents during delegation lookup 2016-10-25 14:20:58 +02:00
Daniel Salzman
05d1507b93 tests-extra: enable URI and CAA samples in the records zone 2016-04-22 15:47:30 +02:00
Daniel Salzman
3eb7278c12 libknot: add URI and CAA record types support 2016-04-18 10:55:47 +02:00
Daniel Salzman
8ad34a410f tests-extra: add NSEC Name error case - wildcard NSEC with delegation boundary 2015-08-24 15:59:21 +02:00
Jan Vcelak
e44e6b499e tests-extra: fix query for a CNAME below NS 2015-07-09 15:40:35 +02:00
Lubos Slovak
76e84fc247 tests-extra: CNAME loop + fixed basic/query test. 
- Test response with a long CNAME loop.
- Some queries in basic/query test did not have the zone name
  appended, resulting in bogus answers (REFUSED). Not visible,
  because the responses are only compared to ones from Bind.

TODO: Comparison with Bind should be replaced by checks for
      particular requirements for the response.
 2014-11-11 23:26:52 +01:00
Lubos Slovak
91c027be4b tests-extra: Different origin case in records zone 2014-09-17 14:11:06 +02:00
Lubos Slovak
1e67c70611 tests-extra: Duplicate RDATA differing only in case 2014-09-09 16:22:10 +02:00
Lubos Slovak
18dd340a7b tests-extra: DNSSEC + mixed cases in RDATA dnames 
- no_resign extended to test whether the zone will be resigned
  if only the case of RDATA dname changes.
- Added new DNSSEC test to sign zone with wierd records.
 2014-09-08 19:14:59 +02:00
Daniel Salzman
98038e8e43 tests-extra: extend records. zone with special domain names 2014-09-03 12:31:49 +02:00
Daniel Salzman
6e220fa5f5 dname: dump '#' char in \ddd notation to fix possible collision with '\#' hex rdata notation 2014-09-03 10:28:04 +02:00
Daniel Salzman
00dd2cbdb9 tests-extra: merge test zones cname-loop. and wild. into records. 2014-08-18 10:34:32 +02:00
Daniel Salzman
674f5d2ba4 tests-extra: extend wild. zone with upper-case records + generate random dnames 2014-08-05 17:42:20 +02:00
Daniel Salzman
b601c536ae tests-extra: extend xfr and ddns tests with empty record 2014-06-24 10:38:42 +02:00
Daniel Salzman
53a4cba803 tests-extra: extend records.zone with samples from RFCs 2014-06-18 12:21:25 +02:00
Jan Kadlec
a622526abc tests-extra: Cleaned up template zone 2014-06-17 19:45:20 +02:00
Daniel Salzman
5a574d1d83 tests-extra: add buggy NAPTR record to records.zone 2014-06-17 16:01:32 +02:00
Marek Vavrusa
a4b5df22a8 tests-extra: tests for proofs of expanded/unexpanded wildcards below dp 2014-02-25 15:36:24 +01:00
Lubos Slovak
1b438a7e2c Added some more test cases to basic tests. 2014-02-12 19:02:52 +01:00
Marek Vavrusa
5aafc31688 tests-extra: added NSEC/NSEC3 tests for wildcard expansions 
- new test for wildcard expansion leading to NXDOMAIN
- new test for wildcard expansion leading to NODATA
 2014-02-10 16:27:49 +01:00
Marek Vavrusa
5e74c14ba2 nameserver: fixed query to wildcard expansion -> apex 
Added test cases for this and previous commit.

Conflicts:
	src/libknot/nameserver/name-server.c
 2014-02-10 16:27:49 +01:00
Daniel Salzman
b6c4c4e77b func-tests: update and resign (extend expiration) root zone 2014-02-04 10:52:10 +01:00
Marek Vavrusa
2a73ac7973 AUTHORITY NS not added for CNAME loop or CNAME leading to out-of-zone 
data.

This conforms to RFC1034, 4.3.2/pt 3.a I think,
as the CNAME target would lead us out of available zones.
(We don't support answer from multiple local zones as of now.)
 2014-01-17 17:05:49 +01:00
Marek Vavrusa
4830b7ceaf Discover wildcard-covered additional records for affected nodes. 
This requires an additional passthrough of the adjusted nodes
and may pose a performance penalty in the future.
If that need arises, we could sort it out in a different way.
 2014-01-15 18:28:36 +01:00
Marek Vavrusa
7e33916830 CNAME loop over wildcard is checked after RR is added. 
This is to give requestor proof of the loop in single response.
Also added test for this case.
 2014-01-15 18:28:36 +01:00
Marek Vavrusa
017e663977 Some records may not have additionals. 
Added check + test case.
 2014-01-15 14:26:48 +01:00
Daniel Salzman
4ab28cb4db func-tests: change zone type from dict to list 2014-01-07 16:22:41 +01:00