summaryrefslogtreecommitdiff
path: root/src/resolve/dns-type.h
Commit message (Collapse)AuthorAgeFilesLines
* resolved: explicitly refuse zone transfers using the bus APILennart Poettering2016-06-211-0/+1
|
* tree-wide: place #pragma once at the same place everywhereLennart Poettering2016-02-201-2/+2
| | | | | | Usually, we place the #pragma once before the copyright blurb in header files, but in a few cases we didn't. Move those around, so that we do the same thing everywhere.
* test-resolve-tables: verify that dns type/class length is within limitsZbigniew Jędrzejewski-Szmek2016-02-161-2/+2
| | | | | DNS_TYPE_STRING_MAX causes a problem with the table autogeneration code, change to _DNS_TYPE_STRING_MAX.
* Use provided buffer in dns_resource_key_to_stringZbigniew Jędrzejewski-Szmek2016-02-161-0/+3
| | | | | | | | | | | | | | | | | | When the buffer is allocated on the stack we do not have to check for failure everywhere. This is especially useful in debug statements, because we can put dns_resource_key_to_string() call in the debug statement, and we do not need a seperate if (log_level >= LOG_DEBUG) for the conversion. dns_resource_key_to_string() is changed not to provide any whitespace padding. Most callers were stripping the whitespace with strstrip(), and it did not look to well anyway. systemd-resolve output is not column aligned anymore. The result of the conversion is not stored in DnsTransaction object anymore. It is used only for debugging, so it seems fine to generate it when needed. Various debug statements are extended to provide more information.
* resolve: print a noisy warning if we show crypto keys that could not be ↵Lennart Poettering2016-02-161-0/+1
| | | | | | | authenticated Doing DNS retrieval on non-authenticated crypt keys is useless, hence warn loudly about it.
* Merge pull request #2589 from keszybz/resolve-tool-2Lennart Poettering2016-02-131-0/+3
|\ | | | | Better support of OPENPGPKEY, CAA, TLSA packets and tests
| * resolve: always align flags to 8th column and print CAA flagsZbigniew Jędrzejewski-Szmek2016-02-121-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Left-over unknown flags are printed numerically. Otherwise, it wouldn't be known what bits are remaining without knowning what the known bits are. A test case is added to verify the flag printing code: ============== src/resolve/test-data/fake-caa.pkts ============== google.com. IN CAA 0 issue "symantec.com" google.com. IN CAA 128 issue "symantec.com" -- Flags: critical google.com. IN CAA 129 issue "symantec.com" -- Flags: critical 1 google.com. IN CAA 22 issue "symantec.com" -- Flags: 22
* | tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
|/ | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* resolve-host: allow specifying type as TYPEnnZbigniew Jędrzejewski-Szmek2016-01-291-0/+1
| | | | | This mirrors the behaviour of host and makes the conversion to and from string symmetrical.
* resolved: convert TLSA fields to stringZbigniew Jędrzejewski-Szmek2016-01-281-0/+9
| | | | | | | | Example output: _443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= -- Cert. usage: CA constraint -- Selector: Full Certificate -- Matching type: SHA-256
* resolved: OPENPGPKEY recordsZbigniew Jędrzejewski-Szmek2016-01-281-0/+1
|
* resolved: move dns_type_to_af() to dns-type.cLennart Poettering2016-01-251-0/+1
|
* resolved: some RR types may appear only or not at all in a zone apexLennart Poettering2016-01-171-0/+1
| | | | | | Add extra checks when validating with RRSIGs. This follows recommendations from: http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/NotesOnDNSSSEC.htm
* resolved: refuse validating wildcard RRs for SOA, NSEC3, DNAMELennart Poettering2016-01-131-0/+1
|
* resolved: refuse doing queries for known-obsolete RR typesLennart Poettering2016-01-111-0/+1
| | | | | Given how fragile DNS servers are with some DNS types, and given that we really should avoid confusing them with known-weird lookups, refuse doing lookups for known-obsolete RR types.
* resolved: don't attempt to send queries for DNSSEC RR types to servers not ↵Lennart Poettering2016-01-111-0/+1
| | | | | | | | | | | supporting them If we already degraded the feature level below DO don't bother with sending requests for DS, DNSKEY, RRSIG, NSEC, NSEC3 or NSEC3PARAM RRs. After all, we cannot do DNSSEC validation then anyway, and we better not press a legacy server like this with such modern concepts. This also has the benefit that when we try to validate a response we received using DNSSEC, and we detect a limited server support level while doing so, all further auxiliary DNSSEC queries will fail right-away.
* resolved: split out a new dns_type_may_redirect() callLennart Poettering2015-12-261-0/+1
| | | | Let's abstract which RRs shall honour CNAMEs, and which ones should not.
* resolved: make use of dns_{class|type}_is_{pseudo|valid_rr}() everywhereLennart Poettering2015-12-181-7/+8
|
* resolved: move DNS class utilities to dns-type.c and add more helpersLennart Poettering2015-12-181-0/+14
| | | | | | | | | | | | Let's make DNS class helpers more like DNS type helpers, let's move them from resolved-dns-rr.[ch] into dns-type.[ch]. This also adds two new calls dns_class_is_pseudo() and dns_class_is_valid_rr() which operate similar to dns_type_is_pseudo() and dns_type_is_valid_rr() but for classes instead of types. This should hopefully make handling of DNS classes and DNS types more alike.
* resolved: generalize DNS RR type validity checksLennart Poettering2015-12-111-1/+4
| | | | | Check the validity of RR types as we parse or receive data from IPC clients, and use the same code for all of them.
* resolved: fix parameter type of dns_type_is_pseudo()Lennart Poettering2015-12-101-1/+1
| | | | DNS RR types are uint16_t after all, treat them as such.
* resolved: rr - ignore pseudo types in NSEC(3) bitmapsTom Gundersen2015-07-231-0/+1
|
* resolve-host: make arg_type an intZbigniew Jędrzejewski-Szmek2014-08-031-4/+2
| | | | We are using it also to store _DNS_TYPE_INVALID, so it should be signed.
* resolve: add more record types and convert to gperf tableZbigniew Jędrzejewski-Szmek2014-08-031-0/+122
We are unlikely to evert support most of them, but we can at least display the types properly. The list is taken from the IANA list. The table of number->name mappings is converted to a switch statement. gcc does a nice job of optimizing lookup (when optimization is enabled). systemd-resolve-host -t is now case insensitive.
View Lorry Controller Status