-
Notifications
You must be signed in to change notification settings - Fork 43
DNSSec (RFC 4034 et al) support #251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
|
This is a surprisingly small PR for such a big feature! Nice work. |
now rebased onto the main branch |
ec7ad45
to
1b185d3
Compare
4a0c43a
to
bf476c1
Compare
(likely incomplete) leftovers:
new RFCs supported (more?)
|
some cname stuff is there, but EDIT: now getting a more complete reply, unclear what to do about it... defered to later. |
|
now the tests are working, maybe need to re-review the code, merge it, and get back to the resolver implementation (+client) |
…rsig is sufficient
ok, after a round of code review and implementing the tests from 5155 (nsec3):
the next question is about API:
but I also think this PR is already large enough - and should be merged once the three tasks above are satisfied (and we convinced ourselves that the code validates correctly). //cc @reynir |
TODO: research whether the rrsig signer_name should be verified somewhere? |
This hardcodes the DNAME type number in the check. Ideally, DNAME would be part of the pure DNS module.
rebased, squashed and merged manually. |
This is work in progress, some bits and pieces are still missing (such as NSEC RR, canonicalization of Domain_name.t and RRSet). Feedback welcome.