1. 18 Apr, 2016 1 commit
    • Marek Vavrusa's avatar
      daemon: mode(strict|normal|permissive) · e61c48ef
      Marek Vavrusa authored
      the daemon has now three modes of strictness
      checking from strict to permissive.
      it reflects the tradeoff between resolving the
      query in as few steps as possible and security
      for insecure zones
      e61c48ef
  2. 15 Apr, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/iterate: QUERY_PERMISSIVE mode · dc300136
      Marek Vavrusa authored
      in permissive mode, resolver is free to use
      (but not cache) non-mandatory glue records even
      if they're not resolvable. this is great as a 
      workaround for broken child-side zones, but
      not great for security of, well, insecure
      delegations. it's off by default.
      dc300136
  3. 14 Apr, 2016 2 commits
  4. 20 Jan, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/iterate: ignore out-of-bailiwick NSs for positive answers · 18e2771b
      Marek Vavrusa authored
      there are broken resolution chains where a zone cut is advertised,
      but it doesn't exist and the final NS answers from its parent's
      zone cut, which is an attempt to escape bailiwick
      
      example:
      
      resolving A ab.cd.ef
      NS ef responds:
       - ab.cd.ef NS X ; adverises ab.cd.ef zone cut
      X responds:
       - A ab.cd.ef A 1.2.3.4
       - cd.ef NS X ; escapes previously advertised cut
      
      on the other hand, it is important to fail early for referrals as
      it signifies a lame answer
      18e2771b
  5. 19 Jan, 2016 1 commit
    • Marek Vavrusa's avatar
      lib/iterate: ignore out-of-bailiwick NSs for positive answers · 2800e375
      Marek Vavrusa authored
      there are broken resolution chains where a zone cut is advertised,
      but it doesn't exist and the final NS answers from its parent's
      zone cut, which is an attempt to escape bailiwick
      
      example:
      
      resolving A ab.cd.ef
      NS ef responds:
       - ab.cd.ef NS X ; adverises ab.cd.ef zone cut
      X responds:
       - A ab.cd.ef A 1.2.3.4
       - cd.ef NS X ; escapes previously advertised cut
      
      on the other hand, it is important to fail early for referrals as
      it signifies a lame answer
      2800e375
  6. 17 Dec, 2015 1 commit
  7. 11 Dec, 2015 1 commit
  8. 25 Nov, 2015 1 commit
    • Marek Vavruša's avatar
      build: amalgamated build support with AMALG=1 · af4254d1
      Marek Vavruša authored
      amalgamated build concatenates all files into a single .c file to
      allow compiler see all symbols and produce possibly smaller code.
      for binary distributions this is what you want, as it's faster but
      may consume more memory during compilation.
      it however cannot do incremental builds.
      af4254d1
  9. 19 Nov, 2015 1 commit
  10. 13 Nov, 2015 1 commit
  11. 03 Nov, 2015 1 commit
  12. 28 Oct, 2015 1 commit
  13. 27 Oct, 2015 1 commit
  14. 22 Oct, 2015 1 commit
  15. 14 Oct, 2015 1 commit
  16. 13 Oct, 2015 2 commits
  17. 11 Oct, 2015 2 commits
  18. 09 Oct, 2015 1 commit
  19. 04 Oct, 2015 2 commits
  20. 30 Sep, 2015 1 commit
  21. 24 Sep, 2015 3 commits
  22. 22 Sep, 2015 3 commits
  23. 21 Sep, 2015 2 commits
  24. 19 Sep, 2015 1 commit
  25. 15 Sep, 2015 1 commit
  26. 04 Aug, 2015 1 commit
    • Marek Vavruša's avatar
      lib/zonecut: filter private addresses from internet · c2035b1f
      Marek Vavruša authored
      zonecut should be able to hold these for testing reasons (like private
      root or zone cut), but it should filter out data from the internet
      a new flag: QUERY_ALLOW_LOCAL allows for being more permissive, and
      letting name server query local or private address ranges
      c2035b1f
  27. 03 Aug, 2015 2 commits
  28. 30 Jul, 2015 1 commit
  29. 14 Jul, 2015 1 commit
  30. 08 Jul, 2015 1 commit