resolver: IPv6 support and DNSSec - Githubissues

mirage / ocaml-dns

OCaml implementation of the DNS protocol

BSD 2-Clause "Simplified" License

105 stars 43 forks source link

resolver: IPv6 support and DNSSec #290

Closed hannesm closed 2 years ago

hannesm commented 2 years ago

[x] DS records should be requested at delegation point (not auth servers)
[x] DS records caching (if ttl < NS ttl, they'll never be re-requested -- and zone is treat as no dnssec)
[x] AD bit in reply
[ ] ANY query
[ ] reply with servfail for non-validating queries

later:

"aggressive caching" of negative queries
CD bit in request
DS for root zone may time out (after 68 years), there should be a path to update without code update (same for NS of . --> maybe use an (optional) zone file and parse that?)

hannesm commented 2 years ago

I squashed and force-pushed. When CI is happy, fine to merge. We can think of a strategy for ANY at a later point :)