FYI
-- / daniel.haxx.se ---------- Forwarded message ---------- Date: Thu, 12 Jun 2014 16:20:34 From: Nikos Mavrogiannopoulos <notifications_at_github.com> Reply-To: bagder/c-ares <reply+i-35587983-3ab6a348a157f1b134f8daf44a2d44ecc510ad1c-177011_at_reply.gith ub.com> To: bagder/c-ares <c-ares_at_noreply.github.com> Subject: [c-ares] Draft support DNSSEC + DANE (#16) This series of patches adds support for DNSSEC + parsing of DANE structures. This is a draft pull request mostly intended for comments. Open issues: 1. To add support for sending a query that will set the flags needed by dnssec I had to add ares_create_query2(). Maybe there can be a clever way to avoid introducing another create query function, but I couldn't think of any. 2. How to determine the servers to use when dnssec is requested. Currently it uses an extension of resolv.conf (the trusted-nameserver line), as proposed in: https://www.sourceware.org/ml/libc-alpha/2014-06/msg00307.html 3. I'm not so experienced with DNS and its terminology. A review by someone who is more familiar may help. You can merge this Pull Request by running: git pull https://github.com/nmav/c-ares master Or you can view, comment on it, or merge it online at: https://github.com/bagder/c-ares/pull/16 -- Commit Summary -- * Added support for sending a DNSSEC query. * Added the flag ARES_FLAG_REQUIRE_DNSSEC * Added support for parsing TLSA RRs * When the ARES_FLAG_DNSSEC is specified, use the nameservers that are tagged as trusted. -- File Changes -- M Makefile.inc (2) M ares.h (22) M ares_create_query.c (11) M ares_data.c (17) M ares_data.h (2) M ares_dns.h (2) M ares_init.c (121) A ares_parse_tlsa_reply.3 (86) A ares_parse_tlsa_reply.c (186) M ares_process.c (10) M ares_query.c (5) M ares_strerror.c (3) -- Patch Links -- https://github.com/bagder/c-ares/pull/16.patch https://github.com/bagder/c-ares/pull/16.diff --- Reply to this email directly or view it on GitHub: https://github.com/bagder/c-ares/pull/16Received on 2014-06-12