Skip to content

Support DNSSEC + DANE #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nmav wants to merge 3 commits into from
Closed

Support DNSSEC + DANE #20

nmav wants to merge 3 commits into from

Conversation

@nmav
Copy link

@nmav nmav commented Sep 5, 2014

This series of patches adds support for DNSSEC + parsing of DANE structures.

Changes:
To add support for sending a query that will set the flags needed by dnssec I had to add the new ares_create_query2().

These patches do add raw DNSSEC support and DANE. They do not add support for reading the trusted dnssec servers (done as separate pull requests).

@bagder
Copy link
Member

bagder commented Feb 11, 2016

Are you still interested in seeing this merged? If so, please rebase this set and we can get the ball going.

Nikos Mavrogiannopoulos added 3 commits February 17, 2016 15:33
Added support for sending a DNSSEC query.
d873694 
That adds the ARES_FLAG_DNSSEC flag, which enables
the extensions needed for the server to send a DNSSEC
reply.
Added the flag ARES_FLAG_REQUIRE_DNSSEC
016f74f 
That flag ensures that if DNSSEC is not used in the reply, and
the AD bit is not set, then the query will fail with ARES_ENODNSSEC.
Added support for parsing TLSA RRs
851e46e 
This adds ares_parse_tlsa_reply().
@nmav
Copy link
Author

nmav commented Feb 17, 2016

Done.

@foxx
Copy link

foxx commented Nov 2, 2016

Any word on whether this will be merged soon?

@bagder
Copy link
Member

bagder commented Nov 2, 2016

Does it work good for you? Getting feedback or comments on work helps us assess them. Right now it also seems to conflict so that would be neat to see fixed.

@foxx
Copy link

foxx commented Nov 2, 2016
edited
Loading

Sadly my knowledge of DNSSEC is extremely limited so I wouldn't be able to speak with any authority on whether it's functioning as needed. There seems to be significantly less code for DNSSEC related functionality in comparison with ldns, but again my lack of DNSSEC understanding makes it difficult to determine if this would be a problem or not. Sorry :/

@nmav
Copy link
Author

nmav commented Feb 28, 2017

No longer interested in pursuing that.

@nmav nmav closed this Feb 28, 2017
@tniessen tniessen mentioned this pull request Aug 9, 2017
Closed
@eriklax eriklax mentioned this pull request Apr 12, 2019
Closed
@Snawoot Snawoot mentioned this pull request Jul 4, 2020
Open
This was referenced Nov 5, 2025
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nmav @bagder @foxx