Opened 10 years ago

Last modified 8 years ago

#5454 enhancement new

— at Add EDNS0 and DNSSEC behaviorVersion 2

Reported by: Bob Novas Owned by: Bob Novas
Priority: normal Milestone:
Component: names Keywords:
Cc: Thijs Triemstra Branch:
Author: Bob Novas

Description (last modified by Thijs Triemstra)

This patch, applied to twisted 11.1.0 in addition to but AFTER the patch in #5453, will add EDNS0 and DNSSEC behavior. EDNS0 behavior includes the ability to specify EDNS0 version (currently only version 0 is defined), the ability to set the DNSSEC OK flag which requests a security aware resolver to respond with DNSSEC records, and the ability to specify a maximum UDP Packet length that the path between this stub resolver and the recursive resolver can handle. This value can be as large as 65535, though smaller values, such as 1492 for WAN or 4096 for LAN or 8192 for local (e.g., 127.0.0.1) are more relevant. DNSSEC behavior includes the ability to receive and decode all the DNSSEC record types, and the ability to decode the AD (Authentic Data) flag. This means that with this patch, twisted.names client resolver can function as a security-aware non-validating stub resolver. In conjunction with a validating recursive resolver such as provided locally (e.g., 127.0.0.1) by dnssec-trigger (http://nlnetlabs.nl/projects/dnssec-trigger/) or by any comcast resolver, this allows a python client to determine if a name is secure.

Change History (4)

Changed 10 years ago by Bob Novas

adds EDNS0 and DNSSEC behavior to twisted (requires 5453)

comment:1 Changed 10 years ago by Jean-Paul Calderone

Keywords: review added; REVIEW removed

comment:2 Changed 10 years ago by Thijs Triemstra

Cc: Thijs Triemstra added
Description: modified (diff)
Keywords: review removed
Owner: set to Bob Novas

Thanks for the patch BobNovas. Unfortunately it seems something went wrong during the upload of the patch, possibly due to the filename (space between add and edns0). Could you upload a new version of the patch (with a better filename)?

Changed 10 years ago by Bob Novas

Attachment: AddEDNS0andDNSSEC5454.patch added

patch for ticket 5454

Note: See TracTickets for help on using tickets.