aboutsummaryrefslogtreecommitdiffstats
path: root/net/resolvers
Commit message (Collapse)AuthorAgeFilesLines
* net.resolvers.basic: Record hostname coming from secure SRV recordsKim Alvefur2022-12-221-0/+2
| | | | Will be useful even later...
* net.resolvers.service: Record DNSSEC security status of SRV recordsKim Alvefur2022-12-221-0/+3
| | | | Will be useful later.
* net.resolvers.service: Fix reporting of Bogus DNSSEC resultsKim Alvefur2022-12-211-3/+6
| | | | | | | | | The order of checks led to Bogus results being reported with a generic "unable to resolve service". This had no practical effects as such results are simply empty and the process would stop there. Tested by attempting to establish s2s with dnssec-bogus.sg and observing the error reply.
* Revert unintentionally committed parts of 12bd40b8e105Kim Alvefur2022-12-211-8/+3
|
* mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits AdvertisementKim Alvefur2022-10-201-3/+8
| | | | Thanks MattJ
* net.resolvers.basic: Add opt-out argument for DNSSEC security statusKim Alvefur2022-08-021-3/+5
| | | | | | | This makes explicit which lookups can accept an unsigned response. Insecure (unsigned, as before DNSSEC) A and AAAA records can be used as security would come from TLS, but an insecure TLSA record is worthless.
* compat: Remove handling of Lua 5.1 location of 'unpack' functionKim Alvefur2022-07-111-1/+1
|
* net.resolvers.basic: Fix incorrect field name (thanks CI)Matthew Wild2022-03-181-1/+1
|
* net.resolvers.basic: Indicate to callback if we have more targets availableMatthew Wild2022-03-181-1/+1
|
* net.resolvers.basic: Alternate IP address family targets, per RFC 8305Matthew Wild2022-03-181-2/+10
|
* net.resolvers.basic: Refactor to remove code duplicationMatthew Wild2022-03-181-80/+72
| | | | ...and prepare for Happy Eyeballs
* net.resolvers.service: Honour record 'weight' when picking SRV targetsMatthew Wild2022-03-171-13/+68
| | | | #NotHappyEyeballs
* net.resolvers.chain: A resolver for combining other resolversKim Alvefur2022-01-211-0/+38
| | | | Say if you wanted to try both _xmpp and _xmpps services
* net.resolvers: Report DNSSEC validation errors instead of NoErrorKim Alvefur2021-12-282-3/+13
| | | | Thanks Martin bringing this case to attention
* net.resolvers: Report when hostname fails IDNAKim Alvefur2021-12-072-2/+2
| | | | | Not a particularly user-friendly error message, but better than "unable to resolve service" and having no clue where it came from.
* net.connect: Propagate last error message from resolversKim Alvefur2021-11-122-3/+26
| | | | | | | | Previously it would only say "unable to resolve server" for all DNS problems. While "NoError in A lookup" might not make much sense to users, it should help in debugging more than the previous generic error. Friendlier errors will be future work.
* net.resolvers.service: Only do DANE with secure SRV recordsKim Alvefur2021-07-181-0/+4
| | | | | | If this seems backwards, that' because it is but the API isn't really designed to easily pass along details from each resolution step onto the next.
* Revert 926d53af9a7a: Restore DANE supportKim Alvefur2021-07-181-4/+5
| | | | | Previous commit adds a workaround, so this doesn't mutate global state anymore, only per-connection 'extra' state as originally intended.
* net.resolvers.basic: Fix completion condition when IPv6 is disabledKim Alvefur2021-03-151-0/+2
| | | | | | | | | | Fixes mistake introduced in 5a71f14ab77c that made it so this ready() newer got called and thus it would be stuck waiting for it. Looks like the kind of thing that could have been introduced by a merge or rebase. Thanks MattJ
* net.resolvers.basic: Disable DANE for now, completely brokenKim Alvefur2021-03-031-5/+4
| | | | | Turns out 'extra' is, at least for mod_s2s, the same table for *all* connections.
* net.resolvers.basic: Don't enable DANE with zero TLSA recordsKim Alvefur2021-03-031-1/+1
| | | | Turns out it doesn't work with zero.
* net.connect: Add DANE supportKim Alvefur2021-03-021-1/+26
| | | | | | Disabled DANE by default, since it needs extra steps to be useful. The built-in DNS stub resolver does not support DNSSEC so having DANE enabled by default only leads to an extra wasted DNS request.
* Merge 0.11->trunkMatthew Wild2020-07-101-1/+2
|\
| * net.resolvers.basic: Default conn_type to 'tcp' consistently if unspecified ↵Matthew Wild2020-07-101-1/+2
| | | | | | | | | | | | (thanks marc0s) Fixes a traceback when passed an IP address with no conn_type.
* | net.resolvers: Remove FIXMEs obsoleted by switch to libunboundKim Alvefur2020-06-252-5/+0
| |
* | net.connect: Remove TODO about use_ipv4/6 done in 3bfb20be844cKim Alvefur2020-06-221-1/+0
| |
* | net.resolvers.service: Fix resolving of targets with multiple IPsKim Alvefur2020-02-161-5/+8
| | | | | | | | | | Each basic resolver was only used once and not kept around to try any IP addresses but the first one found.
* | net.resolvers.basic: Fix continuing if IPv6 or Legacy IP is disabledKim Alvefur2020-01-261-0/+4
| | | | | | | | | | The code expects ready() to be called twice, but with IPv4 or v6 disabled it would only be called once.
* | net.resolvers.basic: Obey extra.use_ipv4/use_ipv6Matthew Wild2020-01-251-2/+2
| |
* | net.resolvers.basic: Obey use_ipv4/use_ipv6Matthew Wild2020-01-251-14/+19
| |
* | net.connect: Mention RFC 6724 regressionKim Alvefur2019-12-071-0/+1
| | | | | | | | | | Default Address Selection algorithm is not applied, resulting in a strong bias towards IPv4.
* | net.connect: Add some TODOs and FIXMEsKim Alvefur2019-12-072-0/+7
| | | | | | | | And mention issue numbers: #1246, #1428 and #1429
* | Merge 0.11->trunkKim Alvefur2019-11-241-0/+2
|\|
| * net.resolvers.basic: Normalise IP literals, ensures net.server is happyKim Alvefur2019-11-241-0/+2
| |
* | net.resolvers.service: Pass IP literals directly to basic resolverKim Alvefur2019-11-241-0/+9
| | | | | | | | | | | | IP literals will not work with SRV records anyways. Fixes s2s with IP literals.
* | Merge 0.11->trunkKim Alvefur2019-11-241-11/+17
|\|
| * net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) (fixes #1459)Kim Alvefur2019-11-241-0/+3
| |
| * net.resolvers.basic: Move IP literal check to constructorKim Alvefur2019-11-241-11/+14
| | | | | | | | | | This is to prepare for fixing #1459. An IPv6 literal in [ ] brackets does not pass IDNA and resolving it fails there.
* | Merge 0.11->trunkKim Alvefur2019-11-082-0/+2
|\|
| * net.resolvers: Fix traceback from hostname failing IDNAKim Alvefur2019-11-082-0/+2
| | | | | | | | Related to #1426
* | Merge 0.11->trunkKim Alvefur2019-11-022-2/+14
|\|
| * net.resolvers: Abort on hostnames not passing IDNA validationKim Alvefur2019-11-022-0/+10
| | | | | | | | | | | | Prevents error on trying to use nil. Needs better error reporting in the future.
| * net.resolvers: Apply IDNA conversion to ascii for DNS lookups (fixes #1426)Kim Alvefur2019-11-022-2/+4
| |
* | net.resolvers.service: Fix DNS fallbackKim Alvefur2019-08-171-1/+5
| |
* | various: Don't rely on _G.unpack existingKim Alvefur2018-12-083-0/+3
|/
* net.resolvers.basic: Suffix IPv4 TCP socket types with '4' to match eg 'tcp6'Kim Alvefur2018-10-121-2/+2
|
* net.resolvers.service: Sort SRV records in correct directionKim Alvefur2018-09-301-1/+1
|
* net.resolvers.service: Fix sorting SRV recordKim Alvefur2018-09-301-1/+1
|
* net.resolvers.service: Rename internal variable since net.connect uses it ↵Kim Alvefur2018-09-291-4/+4
| | | | for __tostring
* net.resolvers.service: Add support for fallback to bare domain and default portKim Alvefur2018-09-291-0/+3
| | | | The default port must be configured separately to enable this behavior