These strings are domain names, so we should lowercase them before
using them.
Also add some tests for Tsig generation and verification.
(/ht ldns release).
TCP wasn't returning rrt info anymore, fix this. Also add
an issue_test.go where fixes for specific issues can be put.
Pull the rtt for udp message up into the function where we now
also set the rrt for tcp (for symmetry).
dfferent remove and inserts. The old code did a reset of the ANSWER and
AUTHORITY section each time a rrset was added.
Made a slight optimalisation that the first time an rrset is added, we
take it length as the initial size. Helps for the one-time add cases.
Added test to prevent regressions.
Using the ListenAndServe with network as "tcp-tls" will cause an error, as the
certificates weren't informed. To solve that we created the function
ListenAndServeTLS that will configure a DNS server listening TCP and handling
requests on incoming TLS connections.
See #297
We should allow the server to receive requests of an encrypted connection. This
is proposed on the document draft-ietf-dprive-dns-over-tls [1].
Now it is possible to initialize the DNS server to listen with TLS using
"tcp-tls" value in network parameter of ListenAndServe function, or passing a
listener initialized with tls.Listen to ActivateAndServe.
There's also an option in Server type to change the TLS confirguration, to
inform the certificates that are going to be used, or to change any other
desired option of tls.Config.
See #297
[1] http://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-02
We are removing the TLS atributte from Client type. Now if you want to enable
DNS over TLS you should use the value "tcp-tls", "tcp4-tls" or "tcp6-tls" in
Net attribute.
See #297
After some thoughts, I realized that the fallback should be made by who is
using the client, as it will need to change the port (from 853 to 53). This
would also remove from the library the complexity of storing the recursive
nameservers that aren't working well with TLS (draft-ietf-dprive-dns-over-tls,
section 3.1).
See #297
After some thoughts, I realized that the fallback should be made by who is
using the client, as it will need to change the port (from 853 to 53). This
would also remove from the library the complexity of storing the recursive
nameservers that aren't working well with TLS (draft-ietf-dprive-dns-over-tls,
section 3.1).
Resolves#297
As tlc.Conn is just a TCP connection after the handshake, we will modify the
TCP functions to work with an io.Reader/io.Writer parameter instead of a
net.TCPConn so we can reuse them.
See #297
When starting a TLS connection in some environments, we usually disabled some
certificates checks to allow tests with self-signed certificates. To disable
this checks we need to change some TLS parameters when starting a connection,
and for that we need to inject this parameters in the API.
Now the Client will also have an attribute for the TLS configuration
parameters. For future refactories, we could change the TLS attribute from bool
to a struct that would store the "Enable" flag and the configuration.
See #297
We should allow the client to send requests to a recursive DNS server using a
encrypted connection. This is proposed on the document
draft-ietf-dprive-dns-over-tls [1].
For now we didn't allow the API user to change the TLS configuration (using
defaults). We also need to add the intelligence to fallback to normal DNS when
the TLS connection fails (as described in the draft).
See #297
[1] http://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-02