| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
We'll utilize this for cache, so this will be an easy way for GC
to access the mmapped_* symbols.
In lib/ we usually prefix symbols by kr_ but I don't think it's worth
the hassle in this case, as mmapped_ seems like a good enough prefix.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
At least the normal non-root hints.
We needed extended API for this functionality, and C API is simpler
for this, thanks to LuaJIT FFI.
However, this required moving code from the separate module.
The moved code is not changed in any way in this commit.
I considered it bad to keep such core code outside the main daemon+lib,
as it's not big. Now LuaJIT FFI forced me to clean this up.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Typical use cases should work now, briefly tested:
- forwarding all to a resolver
- forwarding a subtree downgraded to insecure (to resolver or auth)
- forwarding a subtree to auth without changing DNSSEC chain (atypical)
In some places we need to repeat kr_make_query()
The issue is that some of its inputs (e.g. STUB/FORWARD, zone cut)
are now not known at the beginning of PRODUCE yet.
Also, checking that QNAME matches is useless on a cached reply.
|
| |
|
|
|
|
|
|
|
| |
I know that moving code makes e.g. blaming harder,
but this was a really long file now.
This commit _only_ moves code, except for nits:
- minor pieces moved into an -impl.h shared by both resolve*.c
There a couple functions changed to non-static or static inline.
- order is preserved, for now at least
|
| |
|
|
|
|
|
|
|
| |
Two main use cases are actual RPZ file
and also the /local-data/records string (plain RRsets).
The RPZ semantics isn't very close to the specs,
but I believe the practical usability is already better
than our old RPZ implementation, thanks to following CNAMEs.
|
| |
|
|
|
|
| |
Picked up old work, rebase-squashed after many months;
then fixed up a little as needed in this newer version.
(and later many minor fixes got squashed in)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Design discussion: #447
Code discussion: !1030
|
| | |
|
| |
|
|
| |
Resolvers must answer queries even if the shared cache overflown during query processing.
|
| |
|
|
|
|
|
|
|
| |
When signer name isn't a prefix of owner, the signature does not make
sense and it's no use trying to use that signer name in any way.
We generally don't force queries on every level of the path,
so this signer confusion could "introduce SERVFAILs" if we
skip over a transition to insecure.
|
| |
|
|
|
|
| |
New Deckard repo without conflicting iter_refused.rpl test
does not contain libswrap and libfaketime anymore
so I had to remove hacks in build system for these.
|
| |
|
|
|
| |
These files did not have GNU GPL v3 boilderplate in them so
I've added machine readable tag with appropriate license.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
