upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-02-03 18:49:28 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
19363 commits 142 branches 208 tags 63 MiB
Commit graph

79 commits

Author SHA1 Message Date
Libor Peltan
1c8518a337 tests: compatibility with new Bind9 2024-11-25 10:15:45 +01:00
Libor Peltan
d6c68c9d41 nameserver: add check for \0 bytes in QNAME labels and respond it as NXDOMAIN ... 
if it doens't exactly match a node owner.
 2024-11-15 08:07:25 +01:00
Daniel Salzman
3808bf265d nameserver: add explicit check for root's DS queries 2024-10-29 14:36:43 +01:00
Libor Peltan
323f215e58 nameserver: avoid wildcard-expansion-by-compression trick on DNAME... 
...as in that case the DNAME node owner differs from original qname
 2023-09-19 11:22:55 +02:00
Libor Peltan
1e6d6b04af tests/flags: add NULL record with empty rdata (just for fun) 2023-08-22 15:56:35 +02:00
David Vašek
72042f9717 tests-extra: add a missing python shebang and some missing separating lines 2023-06-10 08:34:29 +02:00
Libor Peltan
b6835cc8cb tests: fix fail with slow semcheck of DNSSEC with valgrind 2022-06-08 19:56:41 +02:00
Daniel Salzman
577ef42a5e tests-extra: update and fix (reserved DS algorithm) test basic/delegation_tc on Ubuntu 22.04 2022-04-20 11:21:26 +02:00
Josh Soref
43db89b880 spelling 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-11-24 12:55:47 +01:00
Libor Peltan
60632709ed nameserver: dont put additionals induced by additionals 2021-09-30 13:26:50 +02:00
Libor Peltan
1a22a8a4a0 bugfix: fix answering with opt-outed NSEC3 on empty-non-terminal 2021-08-31 09:18:10 +02:00
Daniel Salzman
e57e99fe7e nameserver: correct owner of answered CNAME from wildcard expansion 
fixes #715
 2021-05-25 17:21:03 +02:00
Libor Peltan
7679980d9e tests: deal with Bind bug 2021-05-20 14:03:15 +02:00
Libor Peltan
c16d1f094e tests: basic/query compare also with NSEC and NSEC3 2021-05-20 14:03:15 +02:00
Daniel Salzman
1f98f8dc18 nameserver: decrease maximum CNAME/DNAME chain length from 20 to 5 
The reason for this change is to reduce possible amplification attacks and
other negative effects of long processing loops.

Also most resolvers don't accept multiple jumps without requerying, so this
change should be harmless.
 2021-03-05 08:50:06 +01:00
Libor Peltan
06a319cab0 nameserver: allow applying one DNAME repeatedly (e.g. DNAME loop) 2021-03-05 08:50:06 +01:00
Libor Peltan
16a4d29578 nameserver: don't follow DNAME under delegation (NONAUTH node) 2021-01-14 13:33:18 +01:00
Libor Peltan
12f56116c1 nameserver: don't follow CNAME under delegation (NONAUTH node) 2021-01-14 12:57:55 +01:00
Daniel Salzman
599c4a9dbb tests-extra: fix DNAME loop test case in basic/query 2020-12-21 14:47:58 +01:00
Libor Peltan
33324965ca DNAME: synthesized CNAME might be perfect answer to CNAME query 2020-11-20 09:26:45 +01:00
Libor Peltan
40385080a5 ANY over TCP returns one random RRSet not all 2020-05-12 15:38:57 +02:00
Libor Peltan
197314d451 ANY: when UDP, always answer with one RRSet 2020-05-01 20:14:03 +02:00
Libor Peltan
ba77821d66 bugfix: NXDOMAIN authority SOA has TTL limited by minimum-ttl field 
See https://tools.ietf.org/html/rfc2308#section-3
 2020-02-29 20:10:41 +01:00
Daniel Salzman
3831d74ffa tests-extra: unify zone file for cname-follow 2019-11-26 13:12:40 +01:00
Libor Peltan
af0025424a nameserver: limit processing depth of C/DNAME chain 2019-11-26 13:12:40 +01:00
Daniel Salzman
3c836b2106 tests-extra: move tcp-reuseport to basic/nsec(3) 2019-10-07 15:38:13 +02:00
Daniel Salzman
a8d816f1f7 tests-extra: enable tcp-reusport in basic/query test, which consists of basic queries only 2019-10-06 12:23:39 +02:00
Daniel Salzman
042b6f03e4 tests-extra: use ECDSAP256SHA256 as default key alg + fix basic/nsec3 after EDNS buff size decrease 2019-09-23 11:22:51 +02:00
Daniel Salzman
2f92f5894d internet: solve DS query bellow a delegation point as a delegation 2017-11-18 20:30:02 +01:00
Daniel Salzman
c2073265c7 Remove obsolete RRL configuration support 2017-10-29 14:53:34 +01:00
Libor Peltan
2b5b4f6679 tests-extra: dname cname too long 2017-03-02 10:47:55 +01:00
Daniel Salzman
3f950e1d3f process_query: don't preserve CD flag 2016-10-31 16:00:21 +01:00
Daniel Salzman
59d110fc4f internet: skip empty non-terminal parents during delegation lookup 2016-10-25 14:20:58 +02:00
Daniel Salzman
42623b07b9 internet: add optional glue for child zone if authoritative answer + refactoring 2016-10-05 17:59:43 +02:00
Daniel Salzman
fa85543516 Merge branch 'zero-flag' into 'master' 
issue #476: fixed zero flag not being zeroed + added test

See merge request !580
 2016-08-22 14:12:04 +02:00
Filip Siroky
78608c6c3a issue #476: fixed zero flag not being zeroed + added test 2016-08-22 13:54:24 +02:00
Daniel Salzman
0442345ef7 tests-extra: fix basic/rrl with valgrind by disabling DO flag in queries 2016-08-09 10:02:32 +02:00
Jan Vcelak
70bfc21c80 NSEC tests: no wildcard match because empty non-terminal exists 2016-08-02 13:58:14 +02:00
Jan Vcelak
dc5f387d45 tests: extend delegation tests with mixed set of servers 2016-06-27 16:40:43 +02:00
Jan Vcelak
97a0415f4c server: finish packet processing if RRSIGs won't fit the packet 
For mandatory signature, we could stop processing the packet if the
buffer is too small. The response will have the TC flag anyway.

For optional signature, we can stop the processing as well. Because the
optional records are inserted into the additional section at last.
 2016-05-18 13:51:52 +02:00
Jan Vcelak
db318be31e tests: add update script to resign the test zone 2016-05-18 13:45:45 +02:00
Jan Vcelak
97160d4605 tests: constant delegation name across one TC test batch 2016-05-18 13:39:18 +02:00
Jan Vcelak
798cda24e0 tests: TC flag setting in large delegations 
refs #459
 2016-05-17 19:49:29 +02:00
Jan Vcelak
f355a27494 tests-extra: rewrite RRL tests, cover all options 2016-04-11 22:59:17 +02:00
Daniel Salzman
8ad34a410f tests-extra: add NSEC Name error case - wildcard NSEC with delegation boundary 2015-08-24 15:59:21 +02:00
Daniel Salzman
f5c685d879 rrl: fix TC bit setting 2015-07-21 16:01:35 +02:00
Jan Vcelak
340ab89c37 tests-extra: add tests for CNAME following 2015-07-13 12:48:04 +02:00
Jan Vcelak
0986cfb7e7 review fix: typo 2015-07-13 10:09:16 +02:00
Jan Vcelak
7f985098f9 tests-extra: add tests for Additional section content lookup 2015-07-10 17:17:04 +02:00
Jan Vcelak
f7b891eb28 tests-extra: disable workaround for a BIND bug in NSEC3 proofs 2015-07-09 15:40:35 +02:00