mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-24 21:34:08 +03:00
resolved: update RFCs list and TODO list
This commit is contained in:
parent
412577e3c8
commit
afc58cc2fb
@ -13,14 +13,14 @@ Y https://tools.ietf.org/html/rfc1123 → Requirements for Internet Hosts -- App
|
||||
Y https://tools.ietf.org/html/rfc1536 → Common DNS Implementation Errors and Suggested Fixes
|
||||
Y https://tools.ietf.org/html/rfc1876 → A Means for Expressing Location Information in the Domain Name System
|
||||
Y https://tools.ietf.org/html/rfc2181 → Clarifications to the DNS Specification
|
||||
https://tools.ietf.org/html/rfc2308 → Negative Caching of DNS Queries (DNS NCACHE)
|
||||
Y https://tools.ietf.org/html/rfc2308 → Negative Caching of DNS Queries (DNS NCACHE)
|
||||
Y https://tools.ietf.org/html/rfc2782 → A DNS RR for specifying the location of services (DNS SRV)
|
||||
D https://tools.ietf.org/html/rfc3492 → Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)
|
||||
Y https://tools.ietf.org/html/rfc3596 → DNS Extensions to Support IP Version 6
|
||||
Y https://tools.ietf.org/html/rfc3597 → Handling of Unknown DNS Resource Record (RR) Types
|
||||
https://tools.ietf.org/html/rfc4033 → DNS Security Introduction and Requirements
|
||||
https://tools.ietf.org/html/rfc4034 → Resource Records for the DNS Security Extensions
|
||||
https://tools.ietf.org/html/rfc4035 → Protocol Modifications for the DNS Security Extensions
|
||||
Y https://tools.ietf.org/html/rfc4033 → DNS Security Introduction and Requirements
|
||||
Y https://tools.ietf.org/html/rfc4034 → Resource Records for the DNS Security Extensions
|
||||
Y https://tools.ietf.org/html/rfc4035 → Protocol Modifications for the DNS Security Extensions
|
||||
! https://tools.ietf.org/html/rfc4183 → A Suggested Scheme for DNS Resolution of Networks and Gateways
|
||||
Y https://tools.ietf.org/html/rfc4255 → Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
|
||||
Y https://tools.ietf.org/html/rfc4343 → Domain Name System (DNS) Case Insensitivity Clarification
|
||||
@ -31,26 +31,26 @@ Y https://tools.ietf.org/html/rfc4509 → Use of SHA-256 in DNSSEC Delegation Si
|
||||
~ https://tools.ietf.org/html/rfc4697 → Observed DNS Resolution Misbehavior
|
||||
Y https://tools.ietf.org/html/rfc4795 → Link-Local Multicast Name Resolution (LLMNR)
|
||||
Y https://tools.ietf.org/html/rfc5011 → Automated Updates of DNS Security (DNSSEC) Trust Anchors
|
||||
https://tools.ietf.org/html/rfc5155 → DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
|
||||
Y https://tools.ietf.org/html/rfc5155 → DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
|
||||
Y https://tools.ietf.org/html/rfc5452 → Measures for Making DNS More Resilient against Forged Answers
|
||||
Y https://tools.ietf.org/html/rfc5702 → Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC
|
||||
Y https://tools.ietf.org/html/rfc5890 → Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework
|
||||
Y https://tools.ietf.org/html/rfc5891 → Internationalized Domain Names in Applications (IDNA): Protocol
|
||||
Y https://tools.ietf.org/html/rfc5966 → DNS Transport over TCP - Implementation Requirements
|
||||
Y https://tools.ietf.org/html/rfc6303 → Locally Served DNS Zones
|
||||
https://tools.ietf.org/html/rfc6604 → xNAME RCODE and Status Bits Clarification
|
||||
Y https://tools.ietf.org/html/rfc6604 → xNAME RCODE and Status Bits Clarification
|
||||
Y https://tools.ietf.org/html/rfc6605 → Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC
|
||||
https://tools.ietf.org/html/rfc6672 → DNAME Redirection in the DNS
|
||||
! https://tools.ietf.org/html/rfc6731 → Improved Recursive DNS Server Selection for Multi-Interfaced Nodes
|
||||
Y https://tools.ietf.org/html/rfc6761 → Special-Use Domain Names
|
||||
https://tools.ietf.org/html/rfc6762 → Multicast DNS
|
||||
https://tools.ietf.org/html/rfc6763 → DNS-Based Service Discovery
|
||||
https://tools.ietf.org/html/rfc6781 → DNSSEC Operational Practices, Version 2
|
||||
https://tools.ietf.org/html/rfc6840 → Clarifications and Implementation Notes for DNS Security (DNSSEC)
|
||||
~ https://tools.ietf.org/html/rfc6781 → DNSSEC Operational Practices, Version 2
|
||||
Y https://tools.ietf.org/html/rfc6840 → Clarifications and Implementation Notes for DNS Security (DNSSEC)
|
||||
Y https://tools.ietf.org/html/rfc6891 → Extension Mechanisms for DNS (EDNS(0))
|
||||
Y https://tools.ietf.org/html/rfc6944 → Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status
|
||||
Y https://tools.ietf.org/html/rfc6975 → Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC)
|
||||
https://tools.ietf.org/html/rfc7129 → Authenticated Denial of Existence in the DNS
|
||||
Y https://tools.ietf.org/html/rfc7129 → Authenticated Denial of Existence in the DNS
|
||||
Y https://tools.ietf.org/html/rfc7646 → Definition and Use of DNSSEC Negative Trust Anchors
|
||||
~ https://tools.ietf.org/html/rfc7719 → DNS Terminology
|
||||
|
||||
|
@ -35,17 +35,14 @@
|
||||
*
|
||||
* TODO:
|
||||
*
|
||||
* - wildcard zones compatibility (NSEC/NSEC3 wildcard check is missing)
|
||||
* - multi-label zone compatibility
|
||||
* - cname/dname compatibility
|
||||
* - nxdomain on qname
|
||||
* - bus calls to override DNSEC setting per interface
|
||||
* - log all DNSSEC downgrades
|
||||
* - log all RRs that failed validation
|
||||
* - enable by default
|
||||
*
|
||||
* - RFC 4035, Section 5.3.4 (When receiving a positive wildcard reply, use NSEC to ensure it actually really applies)
|
||||
* - RFC 6840, Section 4.1 (ensure we don't get fed a glue NSEC from the parent zone)
|
||||
* - RFC 6840, Section 4.3 (check for CNAME on NSEC too)
|
||||
* - Allow clients to request DNSSEC even if DNSSEC is off
|
||||
* - find public DNAME test domain
|
||||
* - make sure when getting an NXDOMAIN response through CNAME, we still process the first CNAMEs in the packet
|
||||
* - flush cache when DNSSEC setting changes
|
||||
* */
|
||||
|
||||
#define VERIFY_RRS_MAX 256
|
||||
|
Loading…
Reference in New Issue
Block a user