upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-05-28 04:02:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
20257 commits 146 branches 210 tags 63 MiB
Commit graph

1043 commits

Author SHA1 Message Date
David Vašek
eedf5167f2 tests-extra: dnssec/purge_keys -- remove all concurrent accesses to SoftHSM2 
Contrary the SoftHSM2 specification, it seems that SoftHSM2 doesn't work well
when it's token is accessed two or more times in parallel.
 2026-05-20 09:10:38 +02:00
David Vašek
8cb4369bf1 tests-extra: add a new test dnssec/purge_keys 2026-05-20 09:10:38 +02:00
David Vašek
e0f3550139 tests-extra: in keystores, allow to list the keys the keystore holds 2026-05-20 09:10:38 +02:00
Daniel Salzman
aca94c6085 tests-extra: add keystore.has_key() methods 2026-05-20 09:10:38 +02:00
David Vašek
c511a35e43 kaspdb: add a configurable trash-key lifetime option 2026-05-20 09:10:38 +02:00
David Vašek
f0cc1706e2 purge: start using keys purge 2026-05-20 09:10:38 +02:00
Bron Gondwana
2946fe16f2 mod-alias: synthesise ALIAS records from locally-served targets 
Add the `mod-alias` query module which synthesises answers for ALIAS
records (type 65401) at query time by looking up the ALIAS target in
the server's zone database and copying the target's records into the
response with the original query name as the owner.

The module hooks at KNOTD_STAGE_PREANSWER and is attached at zone
scope (typically via a template).  Behaviour:

  * Fires for A/AAAA queries, any others passed through to the
    standard resolver.
  * ALIAS is additive: direct rrsets on the alias node are merged
    with the synthesised target rrsets.
  * Multiple ALIAS rdata on a node are followed and their results
    merged.
  * TTL = min(alias_ttl, all contributing source TTLs).
  * Targets not served by a zone in this server are ignored;
    external resolution is out of scope.
  * Synthesised records are not signed; pair with mod-onlinesign
    if signed answers are required.

The integration test runs in two random modes per invocation
(plain and DNSSEC-via-mod-onlinesign) so both code paths are
exercised over time.

Co-authored-by: Daniel Salzman <daniel.salzman@nic.cz>
 2026-05-10 23:36:27 -04:00
Libor Peltan
5de6f107c1 DELEG: conf knob to enforce/override DELEG-awareness... 
...manually, e.g. even for unsigned zones
 2026-05-06 12:14:06 +02:00
Libor Peltan
eb97f3aa31 dnssec/DELEG: conf knob in policy triggers ADT 2026-05-06 12:14:06 +02:00
Libor Peltan
756dcce25e DNSKEY: implemented ADT bit signalling DELEG-awareness 2026-05-06 12:14:06 +02:00
Libor Peltan
9b7b149b75 nameserver+signer: implemented DELEG-un/aware answering 2026-05-06 12:14:06 +02:00
Libor Peltan
f4fd884ae5 libknot: support for DELEG+DELEGPARAM rrtypes, SIDE-EFFECT: 
invalid commas and quotes in any domain names in zone files are
no longer reported as "invalid domain name character" but as
"owner is invalid" or "invalid record data" etc
 2026-05-06 12:14:06 +02:00
Daniel Salzman
29445907d5 tests-extra: make QUIC detection more universal 2026-04-30 09:57:00 +02:00
Libor Peltan
89121cb36f tests: support for calling kdig and its validation 2026-04-16 12:20:09 +02:00
Libor Peltan
97c5328ff1 tests: workaround for Bind9 bug #5824 2026-04-01 14:18:33 +02:00
Jan Hák
69784550cf knotd: add module for EDNS error reporting, RFC 9567 2026-03-31 17:32:16 +02:00
Libor Peltan
23372fb4a6 zonefile+ctl+redis: prevent malformed RRs in generic format 2026-03-31 12:33:14 +02:00
Daniel Salzman
df4815fb6c libknot/descriptor: add minimum rdata sizes where appropriate 2026-03-30 16:46:02 +02:00
Libor Peltan
856c881340 tests: extended RR lower-casing test 2026-03-30 16:44:37 +02:00
Libor Peltan
0a4767af3a zonefile-load + ctl/zone-set: canonicalize only generic... 
...as non-generic textual format is canonicalized already in
zscanner
 2026-03-30 16:06:55 +02:00
Libor Peltan
ee336e373b zone/load/difference-no-serial: enforce serial policy already upon initial zonefile load 2026-03-27 14:58:25 +01:00
Libor Peltan
e9d57c12f4 tests: Bind9 in OfflineKSK: detection if available and new enough 2026-03-18 18:04:02 +01:00
Libor Peltan
e14a364cbc tests: offlineKSK interoperability with Bind9 2026-03-18 18:04:02 +01:00
Jan Hák
64f888c401 scripts: add script to resolve ALIASes in Redis backed zone 2026-03-06 14:30:04 +01:00
Daniel Salzman
7bf148c8bb tests-extra: add zone reload checks to catalog/generate_reconf 2026-02-24 12:53:04 +01:00
Daniel Salzman
7eb0ebe70a zonedb-load: fix updates of generated catalogs upon reload, overall improvements 2026-02-24 12:53:04 +01:00
Libor Peltan
a12808a46d redis/commit: store incrementally only when continuous SOA serials (like for journal) 2026-02-05 14:28:38 +01:00
Daniel Salzman
146d90c03b ctl: avoid unrecoverable situation after semcheck error from conf-commit 2026-02-03 17:26:41 +01:00
Daniel Salzman
e378de7c77 server: force zone reload from database if RDB_EVENT_ZONE 2026-01-13 17:25:05 +01:00
Libor Peltan
657eda9464 zone/events: dont send NOTIFY before server starts answering 2026-01-05 10:48:35 +01:00
Daniel Salzman
5fce005d97 tests-extra: stabilize test zone/external_vldt 2026-01-04 17:01:40 +01:00
Libor Peltan
02b4e4e765 tests: fix and improvement of ZSK roll test 2025-12-29 15:08:48 +01:00
Libor Peltan
a59276c107 Merge branch 'server_reconfig' into 'master' 
Zone db listen reconfiguration

See merge request knot/knot-dns!1838
 2025-12-27 17:42:57 +01:00
Libor Peltan
40666cf57a tests/redis/reconfig: randomly change addr and/or instance 2025-12-27 09:48:19 +01:00
Daniel Salzman
d168af0b8b tests-extra: disable XDP in dnssec/ds_push 2025-12-26 18:02:42 +01:00
Daniel Salzman
b0bd75ef81 tests-extra: stabilize redis/basic 2025-12-25 20:02:18 +01:00
Daniel Salzman
b4ed0a260e server: purge global_redis_pool and reconnect events it zone-db-listen reconfigured 2025-12-25 13:33:38 +01:00
Daniel Salzman
a657f110b6 knotd: remove TCP Fast Open support 
This technology didn’t prove to be helpful.
 2025-12-16 14:36:18 +01:00
Jan Hák
f752c64094 tests-extra: add SoftHSM backend support 2025-12-12 15:32:49 +00:00
Libor Peltan
6bd86ea8a2 zonemd: on signer, verify only non-dnssec-related records 2025-12-09 10:32:06 +01:00
Libor Peltan
cd4a89a46a dnssec/DS-push: replan from timers if reconf'd during submission 2025-12-09 09:06:20 +01:00
Libor Peltan
324a186927 zone/include_from(flattening): delete whole subtree of glues and junk from parent 2025-12-07 21:35:17 +01:00
Daniel Salzman
ef96941354 zone: add missing checks for empty zone to flush 2025-12-04 09:40:16 +01:00
Libor Peltan
9571924561 tests: add case for interpret-generate feature 2025-12-03 17:54:58 +01:00
Daniel Salzman
107a865ece tests-extra: fix redis/basic 2025-11-27 16:17:27 +01:00
Jan Hák
a3f44a47e9 tests-extra: add support for multiple redis backends 2025-11-26 16:06:08 +01:00
Libor Peltan
3f9b634dab timers: implemented configurable periodic dump 2025-11-24 10:53:08 +01:00
Libor Peltan
a9243dc33b Merge branch 'acl_catalog' into 'master' 
Require 'query' ACL action for queries to catalog zone + improvements

See merge request knot/knot-dns!1823
 2025-10-31 11:13:35 +01:00
David Vašek
efef4c7663 tests-extra: ixfr/master_pin2 -- align the servers at the start 
Notice:
Both masters send their NOTIFY's to the slave. The slave makes
refresh from the last master which it received NOTIFY from
- it's the current state of Knot DNS design. If a NOTIFY
for lower serial arrives close enough after the previous NOTIFY
for a higher serial from another master, before the slave made
refresh from the first master, the first NOTIFY "knowledge" gets
"overwritten" by the second one with lower serial, resulting
in refresh from the lagging behind master and a rare test failure.
 2025-10-31 10:57:27 +01:00
Libor Peltan
9e6e4a453c tests-extra: ixfr/master_pin -- provide the servers enough time 
Especially needed with valgrind.
 2025-10-31 10:57:27 +01:00