1. 04 Jul, 2018 1 commit
  2. 11 Jun, 2018 6 commits
  3. 06 Jun, 2018 1 commit
  4. 05 Jun, 2018 1 commit
  5. 04 May, 2018 1 commit
  6. 26 Apr, 2018 1 commit
  7. 08 Apr, 2018 1 commit
  8. 08 Feb, 2018 2 commits
  9. 05 Feb, 2018 1 commit
  10. 27 Jan, 2018 1 commit
  11. 25 Jan, 2018 2 commits
  12. 23 Jan, 2018 2 commits
  13. 20 Jan, 2018 1 commit
  14. 10 Jan, 2018 1 commit
  15. 21 Dec, 2017 1 commit
  16. 05 Dec, 2017 3 commits
  17. 02 Dec, 2017 2 commits
  18. 03 Oct, 2017 1 commit
  19. 05 Sep, 2017 1 commit
  20. 10 Aug, 2017 1 commit
  21. 03 Aug, 2017 2 commits
    • Daniel Salzman's avatar
      b02164e9
    • Mark Karpilovskij's avatar
      libknot/packet: compression algorithm improved · ab3b6e9a
      Mark Karpilovskij authored
      The previous compression algorithm does not compress everything it can
      in cases where there are domain names in the data section of a RR, e.g.
      when the answer contains
      
      bar.example.com  CNAME  foo.example.com
      foo.example.com  A      192.0.0.2
      
      and foo.example.com was not encountered previously, then the second RR
      leaves the 'foo' part uncompressed.
      
      The improvement resolves some of these cases by comparing the owner of a new RRset to be written
      with the last written dname instead of QNAME. Also, the effectivity was slightly increased
      according to benchmarks.
      ab3b6e9a
  22. 31 Jul, 2017 1 commit
  23. 05 Apr, 2017 1 commit
    • Daniel Kahn Gillmor's avatar
      Implement sensible default EDNS(0) padding policy. · 2dd9f406
      Daniel Kahn Gillmor authored
      At NDSS 2017's DNS privacy workshop, I presented an empirical study of
      DNS padding policies:
      
      https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3
      
      The slide deck is here:
      https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf
      
      The resulting recommendation from the research is that a simple
      padding policy is relatively cheap and still protective of metadata
      when DNS traffic is encrypted:
      
       * queries should be padded to a multiple of 128 octets
       * responses should be padded to a multiple of 468 octets
      
      Since future research could propose even better policies, and future
      DNS traffic characteristics might evolve, I've implemented this
      recommendation as a new function in libknot:
      knot_edns_default_padding_size()
      
      This changeset also modifies kdig to use this padding policy by
      default when doing queries over TLS, and defines +padding (with no
      argument) as a kdig option that forces the use of the default padding
      policy.
      
      With this changeset, any libknot user who wants to use "a sensible DNS
      padding policy" can just rely on the library; this means that if a
      better padding policy is determined in the future, it can be
      distributed to all users by upgrading libknot.
      2dd9f406
  24. 20 Mar, 2017 1 commit
  25. 13 Mar, 2017 1 commit
  26. 25 Feb, 2017 1 commit
  27. 20 Feb, 2017 1 commit
  28. 06 Feb, 2017 1 commit