dnsmasq

Pi-Hole/dnsmasq

Fork 0

mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00

Commit Graph

Author	SHA1	Message	Date
Petr Menšík	2024f97297	Support hash function from nettle (only) Unlike COPTS=-DHAVE_DNSSEC, allow usage of just sha256 function from nettle, but keep DNSSEC disabled at build time. Skips use of internal hash implementation without support for validation built-in.	2020-12-16 15:49:03 +00:00
Simon Kelley	2d765867c5	Use SHA-256 to provide security against DNS cache poisoning. Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CERT VU#434904.	2020-12-16 15:49:02 +00:00

Author

SHA1

Message

Date

Petr Menšík

2024f97297

Support hash function from nettle (only)

Unlike COPTS=-DHAVE_DNSSEC, allow usage of just sha256 function from
nettle, but keep DNSSEC disabled at build time. Skips use of internal
hash implementation without support for validation built-in.

2020-12-16 15:49:03 +00:00

Simon Kelley

2d765867c5

Use SHA-256 to provide security against DNS cache poisoning.

Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.

2020-12-16 15:49:02 +00:00

2 Commits