upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-02-11 06:43:20 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
19363 commits 149 branches 208 tags 64 MiB
Commit graph

27 commits

Author SHA1 Message Date
Jan Doskočil
b3e2a5916f
tests: longer lasting RRSIGs to prevent test breakage by expiration 2024-08-19 13:42:24 +02:00
Jan Doskočil
24288b60a6
dnssec: superfluous NSEC semantic test case 2024-07-11 16:46:56 +02:00
Daniel Salzman
b2cba0a723 semchecks: extend SOA presence checks 2024-03-27 08:40:33 +01:00
Libor Peltan
4647ac1f5d dnssec/validation: fix validation of two CSKs 2024-02-27 16:40:13 +01:00
Daniel Salzman
66ab02cc13 dnssec/validation: add limit on non-matching keys with a duplicate keytag 2024-02-27 13:04:04 +01:00
Daniel Salzman
999d404c01 semchecks: check SHA-1 and GOST even if not supported by libdnssec or local policy 2023-11-23 20:55:53 +01:00
Daniel Salzman
14dbad9c2b semchecks: remove check for DS at non-delegation point 
It showed that having DS without NS can be convenient for private zones
with DNSSEC:
"Tuomo Soini: Anybody from internet gets NXDOMAIN because public dns servers
 don't know anything about internal zone."

This partially reverts:
 b0da0e1182
 f7b0793f07
 2023-10-04 11:03:31 +02:00
Daniel Salzman
f7b0793f07 tests: add tests for DS at apex or at non-delegation point 2022-11-16 15:39:08 +01:00
Libor Peltan
fa828c5da7 sematic-checks: use verification routines from dnssec-verify 2022-05-27 14:35:19 +02:00
Josh Soref
43db89b880 spelling 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-11-24 12:55:47 +01:00
Libor Peltan
4e44f8134d kzonecheck/NSEC3: correctly check opt-outed empty-non-terminals 2021-02-10 12:50:32 +01:00
Libor Peltan
0dbe595e51 semcheck: align NSEC3 TTL check to new requirements 
see also !1219
 2021-02-05 12:14:25 +01:00
Libor Peltan
1798161e87 test/semcheck: dont use SHA1 for DS anymore 2020-11-03 10:41:46 +01:00
Libor Peltan
7bca3032ca kzonecheck: clarify if the dnssec-checks shall be done 2020-10-26 11:54:56 +01:00
Libor Peltan
9fa7b39ddf tests: semcheck avoid obsolete algorithm in some test cases 
this does not fix the tests completely
it just makes the tests pass on new gnutls
which denies any old algorithms whatsoever
 2020-10-08 20:45:35 +02:00
Daniel Salzman
db8b9c0ac9 semantic check: improve glue check if covered by wildcard 2019-08-23 17:10:29 +02:00
Libor Peltan
fbd132114b semantic check: don't require a glue which is under another delegation 2019-08-22 16:55:01 +02:00
Libor Peltan
e39993e08f semcheck: check glue even if it shall be in zone not below the delegation 2019-08-22 16:47:36 +02:00
Daniel Salzman
49058e2295 semchecks: fix in apex glue check, extend and unify tests 2019-02-20 21:09:37 +01:00
Mark Karpilovskij
ccc470ec47 zone: DNAME semantic check according to RFC 6672 2019-01-30 13:57:02 +01:00
Daniel Salzman
eb5af5aeb6 semchecks: adapt to multiple CDS/CDNSKEY feature 2019-01-17 14:23:23 +01:00
Daniel Salzman
25dcdd7485 Revert "add GOST algorithm support" 
Nowadays the DNS comunity is not interested in GOST. Also this change is not
compatible (see https://gitlab.com/gnutls/gnutls/merge_requests/755).

This reverts commit da5615556c.
 2019-01-07 14:00:41 +01:00
Vladimír Čunát
da5615556c
add GOST algorithm support 
The other `#ifdef HAVE_*` were moved in switches,
so that they don't rely on being the last before `default:`

The tests needed fixing up cases of using GOST as invalid values.
 2018-08-30 15:04:36 +02:00
Daniel Salzman
fedacab111 tests: fix omitted NSEC3 chain in some semantic tests 2018-06-12 16:19:08 +02:00
Daniel Salzman
4a76305b37 tests: move zscanner tests and libtap + improvements 2018-03-09 13:20:31 +01:00
Daniel Salzman
853f1a8b04 dnssec: move dnssec tests to common tests 2018-03-08 21:27:33 +01:00
Daniel Salzman
f51e96e115 tests: move knot tests to separate directory 2018-03-08 16:58:42 +01:00