feat(dnssec): new `pkg/dnssec` package #97

qdm12 · 2021-12-30T17:59:00Z

Iterative DNSSEC validation
Metrics: secure, insecure, bogus
Validate root zone with hardcoded DS record from IANA
Auto-update root zone DS record
Caching?
- Use custom caching or DNS request/response existing cache interface?
- Can DoT/DoH handlers only add to cache if DNSSEC validated (to check depending on strict mode)
Handle NSEC and/or NSEC3
Strict mode to reject insecure responses

qdm12 changed the base branch from master to v2.0.0-beta December 30, 2021 17:59

qdm12 force-pushed the dnssec branch 5 times, most recently from ae24a55 to c1ecde9 Compare January 2, 2022 15:15

qdm12 force-pushed the v2.0.0-beta branch from b2fcc90 to 6c3bec6 Compare January 2, 2022 15:16

qdm12 force-pushed the dnssec branch from c1ecde9 to 855f7a9 Compare January 2, 2022 15:16

qdm12 mentioned this pull request Jan 3, 2022

Feature: support serving over DNS over TLS #106

Open

qdm12 force-pushed the v2.0.0-beta branch 2 times, most recently from 38626de to 81f9533 Compare June 24, 2022 05:05

qdm12 force-pushed the v2.0.0-beta branch from c24203f to 7e4a2a2 Compare May 25, 2023 18:04

qdm12 force-pushed the v2.0.0-beta branch from 0715917 to 42276e5 Compare June 14, 2023 15:27

qdm12 force-pushed the dnssec branch from 855f7a9 to fbbb988 Compare July 12, 2023 14:56

qdm12 force-pushed the v2.0.0-beta branch from a9ee9ba to 1f69110 Compare August 7, 2023 16:34

qdm12 force-pushed the dnssec branch from fbbb988 to 2909f40 Compare August 10, 2023 12:24

qdm12 force-pushed the v2.0.0-beta branch 2 times, most recently from 562c7a2 to a6e7456 Compare August 10, 2023 12:45

qdm12 force-pushed the dnssec branch from 2909f40 to dc80277 Compare August 10, 2023 22:01

qdm12 force-pushed the v2.0.0-beta branch from b2f7d28 to 38380c0 Compare November 15, 2023 14:58

qdm12 force-pushed the v2.0.0-beta branch from 7d69b5f to 65ca23e Compare November 26, 2023 21:36

qdm12 force-pushed the dnssec branch 2 times, most recently from c779e27 to 46fc699 Compare December 1, 2023 08:30

qdm12 force-pushed the dnssec branch 3 times, most recently from 81296b4 to 01bd0df Compare January 3, 2024 20:22

qdm12 force-pushed the v2.0.0-beta branch from 51ea21d to 81a7223 Compare January 3, 2024 20:46

qdm12 force-pushed the dnssec branch from 01bd0df to 1aa9529 Compare January 12, 2024 09:07

qdm12 added 2 commits March 18, 2024 16:05

WIP

b05c402

WIP - toreviewatthend

c26a2ac

qdm12 added 4 commits March 18, 2024 16:07

register dnssec middleware if DNSSEC_VALIDATION=on

1efc82e

Simplify groupRRs signed and unsigned counting

8c55b1c

groupRRs: fix max RRsets value

4cad381

Remove TODO in testSwitchStatement

5111caa

qdm12 force-pushed the dnssec branch from ad6d490 to 5111caa Compare March 18, 2024 16:07

qdm12 mentioned this pull request Mar 21, 2024

Feature request: DNS over HTTPS in Go to replace Unbound qdm12/gluetun#137

Open

Provide feedback