| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
ported the d-bus implementation of service resolve to varlink
extended TEST-75-RESOLVED to cover this use-case
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
knot v3.2 and later does this by default. knot v3.1 still has the default set to
10, but it also introduced a warning that the default will be changed to 0 in
later versions, so it effectively complains about its own default, which then
fails the config check. Let's just set the value explicitly to zero to avoid
that.
~# knotc --version
knotc (Knot DNS), version 3.1.6
~# grep nsec3-iterations test/knot-data/knot.conf || echo nope
nope
~# knotc -c /build/test/knot-data/knot.conf conf-check
warning: config, policy[auto_rollover_nsec3].nsec3-iterations defaults to 10, since version 3.2 the default becomes 0
Configuration is valid
Follow-up to 0652cf8e7b.
|
| |
|
|
|
|
| |
In Knot 3.2 the nsec3-iterations default was changed to 0 and Knot now
issues a warning if the value is > 0. Let's just use the default value,
since it's not something that's important for our tests.
|
| |\
| |
| | |
resolved: support RFC 9460 SVCB and HTTPS records
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce a _very_ simple DNS server using our internal DNS-related
code, that responds to queries with specifically crafted packets, to
cover scenarios that are difficult to reproduce with well-behaving DNS
servers.
Also, hide the test DNS server behind Knot using the dnsproxy module, so
we don't have to switch DNS servers during tests.
|
| | |
| |
| |
| |
| |
| |
| | |
Even though systemd-resolved doesn't support zone transfers (AXFR/IXFR),
it should still just refuse such requests without choking on them.
See: https://github.com/systemd/systemd/pull/30809#issuecomment-1880102804
|
| |/ |
|
| |
|
|
|
|
|
| |
serve stale feature to keep the DNS resource records beyond TTL to return them as stale records in case of upstream server is not reachable or returns negative response.
SD_RESOLVED_NO_STALE flag has been added to disable serving stale records via dbus.
added serve stale test cases to TEST-75-RESOLVED
Fixes: #21815
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
(s) is just ugly with a vibe of DOS. In most cases just using the normal plural
form is more natural and gramatically correct.
There are some log_debug() statements left, and texts in foreign licenses or
headers. Those are not touched on purpose.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* The new varlink interface exposes a method to subscribe to DNS
resolutions on the system. The socket permissions are open for owner and
group only.
* Notifications are sent to subscriber(s), if any, after successful
resolution of A and AAAA records.
This feature could be used by applications for auditing/logging services
downstream of the resolver. It could also be used to asynchronously
update the firewall. For example, a system that has a tightly configured
firewall could open up connections selectively to known good hosts based
on a known allow-list of hostnames. Of course, updating the firewall
asynchronously will require other design considerations (such as
queueing packets in the user space while a verdict is made).
See also:
https://lists.freedesktop.org/archives/systemd-devel/2022-August/048202.html
https://lists.freedesktop.org/archives/systemd-devel/2022-February/047441.html
|
|
|
Resolves: #19599
|
