picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/resolve
History
Lennart Poettering d33b6cf343 resolved: try to detect fritz.box-style private DNS zones, and downgrade to non-DNSSEC mode for them 
This adds logic to detect cases like the Fritz!Box routers which serve
a private DNS domain "fritz.box" under the TLD "box" that does not
exist in the root servers. If this is detected DNSSEC validation is
turned off for this private domain, thus improving compatibility with
such private DNS zones.

This should be fairly secure as we first rely on the proof that .box
does not exist before this logic is applied. Nevertheless the logic is
only enabled for DNSSEC=allow-downgrade mode.

This logic does not work for routers that set up a full DNS zone directly
under a non-existing TLD, as in that case we cannot prove
that the domain is truly non-existing according to the root servers.
2016-01-05 22:13:56 +01:00
..
.gitignore resolve: add more record types and convert to gperf table 2014-08-03 22:02:32 -04:00
dns-type.c resolved: split out a new dns_type_may_redirect() call 2015-12-26 19:09:09 +01:00
dns-type.h resolved: split out a new dns_type_may_redirect() call 2015-12-26 19:09:09 +01:00
Makefile resolved: add daemon to manage resolv.conf 2014-05-19 18:14:56 +02:00
org.freedesktop.resolve1.conf resolved: add legacy dbus service and policy files 2014-07-16 03:41:39 +02:00
org.freedesktop.resolve1.service resolved: add legacy dbus service and policy files 2014-07-16 03:41:39 +02:00
resolved-bus.c resolved: explicitly handle case when the trust anchor is empty 2016-01-04 22:42:10 +01:00
resolved-bus.h resolved: rename resolved.h to resolved-manager.h 2014-08-01 16:14:59 +02:00
resolved-conf.c resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-conf.h resolved,networkd: unify ResolveSupport enum 2016-01-05 17:30:51 +01:00
resolved-def.h resolved: add packet header details for mDNS 2015-12-08 16:41:45 +01:00
resolved-dns-answer.c resolved: partially implement RFC5011 Trust Anchor support 2016-01-04 22:42:10 +01:00
resolved-dns-answer.h resolved: partially implement RFC5011 Trust Anchor support 2016-01-04 22:42:10 +01:00
resolved-dns-cache.c resolved: when caching negative responses, honour NSEC/NSEC3 TTLs 2016-01-05 01:35:28 +01:00
resolved-dns-cache.h resolved: when caching negative responses, honour NSEC/NSEC3 TTLs 2016-01-05 01:35:28 +01:00
resolved-dns-dnssec.c update DNSSEC TODO 2016-01-05 20:10:31 +01:00
resolved-dns-dnssec.h resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-dns-packet.c resolved: fix serialization of the root domain 2016-01-02 22:16:16 +01:00
resolved-dns-packet.h resolved: parse EDNS0 rcode extension bits 2015-12-29 21:42:09 +01:00
resolved-dns-query.c resolved: never use data from failed transactions 2015-12-26 19:09:10 +01:00
resolved-dns-query.h resolved: propagate the DNSSEC result from the transaction to the query and the the bus client 2015-12-18 20:09:30 +01:00
resolved-dns-question.c resolved: cache - do negative caching only on the canonical name 2015-12-10 17:04:42 +01:00
resolved-dns-question.h resolved: make sure DNS_ANSWER_FOREACH() can be nested 2015-12-02 20:43:11 +01:00
resolved-dns-rr.c resolved: add negative trust anchro support, and add trust anchor configuration files 2016-01-03 12:59:26 +01:00
resolved-dns-rr.h resolved: fix DNSSEC canonical ordering logic 2016-01-04 20:27:45 +01:00
resolved-dns-scope.c resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-dns-scope.h resolved: rework OPT RR generation logic 2015-12-27 01:41:40 +01:00
resolved-dns-search-domain.c dns-domain: simplify dns_name_is_root() and dns_name_is_single_label() 2015-11-25 22:00:07 +01:00
resolved-dns-search-domain.h resolved: fully support DNS search domains 2015-11-25 21:59:16 +01:00
resolved-dns-server.c resolved: use CLAMP() intsead of MIN(MAX()) 2015-12-29 21:42:10 +01:00
resolved-dns-server.h resolved: rename "features" variables to "feature_level" 2015-12-27 01:41:40 +01:00
resolved-dns-stream.c resolved: don't set TCP_NODELAY twice for TCP sockets 2015-12-26 19:09:10 +01:00
resolved-dns-stream.h remove unused includes 2015-02-23 23:53:42 +01:00
resolved-dns-transaction.c resolved: try to detect fritz.box-style private DNS zones, and downgrade to non-DNSSEC mode for them 2016-01-05 22:13:56 +01:00
resolved-dns-transaction.h resolved: when caching negative responses, honour NSEC/NSEC3 TTLs 2016-01-05 01:35:28 +01:00
resolved-dns-trust-anchor.c resolved: when dumping trust anchor contents, clarify when it is empty 2016-01-05 20:27:29 +01:00
resolved-dns-trust-anchor.h resolved: partially implement RFC5011 Trust Anchor support 2016-01-04 22:42:10 +01:00
resolved-dns-zone.c resolved: internalize string buffer of dns_resource_record_to_string() 2015-12-26 19:09:10 +01:00
resolved-dns-zone.h resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled 2015-12-10 11:35:52 +01:00
resolved-gperf.gperf resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-link.c resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-link.h resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-llmnr.c resolved,networkd: unify ResolveSupport enum 2016-01-05 17:30:51 +01:00
resolved-llmnr.h resolved: use a #define for LLMNR port 2015-07-13 11:28:29 -04:00
resolved-manager.c resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-manager.h resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-mdns.c resolved,networkd: unify ResolveSupport enum 2016-01-05 17:30:51 +01:00
resolved-mdns.h resolved: add infrastructure for mDNS related sockets 2015-12-08 16:37:40 +01:00
resolved-resolv-conf.c resolved: flush the global DNS cache if /etc/resolv.conf is touched 2015-11-27 00:46:51 +01:00
resolved-resolv-conf.h resolved: split out all code dealing with /etc/resolv.conf into its own .c file 2015-11-25 21:58:37 +01:00
resolved.c resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved.conf.in resolved: make MulticastDNS support configurable in resolved.conf 2016-01-05 17:41:41 +01:00
RFCs update RFCs 2016-01-04 22:42:10 +01:00
test-dnssec.c resolved: partially implement RFC5011 Trust Anchor support 2016-01-04 22:42:10 +01:00