New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support DNSSEC + DANE #20

Closed
wants to merge 3 commits into
base: master
from

Conversation

Projects
None yet
3 participants
@nmav
Copy link

nmav commented Sep 5, 2014

This series of patches adds support for DNSSEC + parsing of DANE structures.

Changes:
To add support for sending a query that will set the flags needed by dnssec I had to add the new ares_create_query2().

These patches do add raw DNSSEC support and DANE. They do not add support for reading the trusted dnssec servers (done as separate pull requests).

@bagder

This comment has been minimized.

Copy link
Member

bagder commented Feb 11, 2016

Are you still interested in seeing this merged? If so, please rebase this set and we can get the ball going.

nmav added some commits Jun 12, 2014

Added the flag ARES_FLAG_REQUIRE_DNSSEC
That flag ensures that if DNSSEC is not used in the reply, and
the AD bit is not set, then the query will fail with ARES_ENODNSSEC.
Added support for sending a DNSSEC query.
That adds the ARES_FLAG_DNSSEC flag, which enables
the extensions needed for the server to send a DNSSEC
reply.
Added support for parsing TLSA RRs
This adds ares_parse_tlsa_reply().

@nmav nmav force-pushed the nmav:dnssec branch from 89afd49 to 851e46e Feb 17, 2016

@nmav

This comment has been minimized.

Copy link

nmav commented Feb 17, 2016

Done.

@foxx

This comment has been minimized.

Copy link

foxx commented Nov 2, 2016

Any word on whether this will be merged soon?

@bagder

This comment has been minimized.

Copy link
Member

bagder commented Nov 2, 2016

Does it work good for you? Getting feedback or comments on work helps us assess them. Right now it also seems to conflict so that would be neat to see fixed.

@foxx

This comment has been minimized.

Copy link

foxx commented Nov 2, 2016

Sadly my knowledge of DNSSEC is extremely limited so I wouldn't be able to speak with any authority on whether it's functioning as needed. There seems to be significantly less code for DNSSEC related functionality in comparison with ldns, but again my lack of DNSSEC understanding makes it difficult to determine if this would be a problem or not. Sorry :/

@nmav

This comment has been minimized.

Copy link

nmav commented Feb 28, 2017

No longer interested in pursuing that.

@nmav nmav closed this Feb 28, 2017

@tniessen tniessen referenced this pull request Aug 9, 2017

Closed

dns: Add DNSSEC support #14475

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment