Support DNSSEC + DANE #20

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
3 participants
@nmav

nmav commented Sep 5, 2014

This series of patches adds support for DNSSEC + parsing of DANE structures.

Changes:
To add support for sending a query that will set the flags needed by dnssec I had to add the new ares_create_query2().

These patches do add raw DNSSEC support and DANE. They do not add support for reading the trusted dnssec servers (done as separate pull requests).

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Feb 11, 2016

Member

Are you still interested in seeing this merged? If so, please rebase this set and we can get the ball going.

Member

bagder commented Feb 11, 2016

Are you still interested in seeing this merged? If so, please rebase this set and we can get the ball going.

nmav added some commits Jun 12, 2014

Added the flag ARES_FLAG_REQUIRE_DNSSEC
That flag ensures that if DNSSEC is not used in the reply, and
the AD bit is not set, then the query will fail with ARES_ENODNSSEC.
Added support for sending a DNSSEC query.
That adds the ARES_FLAG_DNSSEC flag, which enables
the extensions needed for the server to send a DNSSEC
reply.
Added support for parsing TLSA RRs
This adds ares_parse_tlsa_reply().
@nmav

This comment has been minimized.

Show comment
Hide comment

nmav commented Feb 17, 2016

Done.

@foxx

This comment has been minimized.

Show comment
Hide comment
@foxx

foxx Nov 2, 2016

Any word on whether this will be merged soon?

foxx commented Nov 2, 2016

Any word on whether this will be merged soon?

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Nov 2, 2016

Member

Does it work good for you? Getting feedback or comments on work helps us assess them. Right now it also seems to conflict so that would be neat to see fixed.

Member

bagder commented Nov 2, 2016

Does it work good for you? Getting feedback or comments on work helps us assess them. Right now it also seems to conflict so that would be neat to see fixed.

@foxx

This comment has been minimized.

Show comment
Hide comment
@foxx

foxx Nov 2, 2016

Sadly my knowledge of DNSSEC is extremely limited so I wouldn't be able to speak with any authority on whether it's functioning as needed. There seems to be significantly less code for DNSSEC related functionality in comparison with ldns, but again my lack of DNSSEC understanding makes it difficult to determine if this would be a problem or not. Sorry :/

foxx commented Nov 2, 2016

Sadly my knowledge of DNSSEC is extremely limited so I wouldn't be able to speak with any authority on whether it's functioning as needed. There seems to be significantly less code for DNSSEC related functionality in comparison with ldns, but again my lack of DNSSEC understanding makes it difficult to determine if this would be a problem or not. Sorry :/

@nmav

This comment has been minimized.

Show comment
Hide comment
@nmav

nmav Feb 28, 2017

No longer interested in pursuing that.

nmav commented Feb 28, 2017

No longer interested in pursuing that.

@nmav nmav closed this Feb 28, 2017

@tniessen tniessen referenced this pull request in nodejs/node Aug 9, 2017

Closed

dns: Add DNSSEC support #14475

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment