* When returning NS for delegation point, we sign any DS Record or if not
found we generate a NSEC proving absence of DS. This follow behaviour
describe in rfc4035 (Section 3.1.4)
* DS request at apex behave as before.
* Fix edge case of requesting NSEC which prove that NSEC does not exist.
Signed-off-by: Jeremiejig <me@jeremiejig.fr>
Uppercase all these test errors as well. And extend the presubmit to
check for these in the future. Also do a slightly smarter grep to only
get t.<something>. as (because dump regexp) this also grep over non test
files.
* plugin/dnssec: add per server metrics
final plugin.
Fixes#1696#1492#1189
* Move cache cap into handler so we can access the server label
* Remove cache-capacity from it entirely
* plugin/dnssec: filter bitmap also for NXDOMAIN responses
We change nxdomain to nodata, so at the point when we receive the
reply it can be nxdomain or nodata. In both cases we should filter the
nsec bitmap.
Change the code and add explicit tests for this.
* More tests
* plugin/dnssec: implement shotgun from CloudFlare
Put a whole bunch of types in the NSEC bitmap and remove the one that's
being asked for.
Add more records for queries to the apex, SOA, DNSKEY, MX.
* Rename middleware to plugin
first pass; mostly used 'sed', few spots where I manually changed
text.
This still builds a coredns binary.
* fmt error
* Rename AddMiddleware to AddPlugin
* Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
Renamed from middleware/dnssec/black_lies_test.go (Browse further)
