getdns-1.5.2 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
---|---|
tarball | https://getdnsapi.net/dist/getdns-1.5.2.tar.gz |
pgp sig | https://getdnsapi.net/dist/getdns-1.5.2.tar.gz.asc |
sha256 | 1826a6a221ea9e9301f2c1f5d25f6f5588e841f08b967645bf50c53b970694c0 |
Dear all,
I am pleased to announce the new GnuTLS, bugfix and maintenance release, version 1.5.2 of getdns.
This release has experimental support for GnuTLS >= 3.5.0 as replacement for OpenSSL.
To enabled, use the --with-gnutls
option at configure
time.
Note that getdns needs the gnutls-dane library too (which is used for SPKI authentication of DNS-over-TLS upstreams).
DNSSEC validation will use the cryptographic functions from libnettle
(the cryptographic library also used by GnuTLS).
When build with GnuTLS, getdns will still be linked with libcrypto
(from OpenSSL) for S/MIME verification of the root-anchors.xml
file with Zero configuration DNSSEC.
It is our intention to replace that with something more GnuTLS native at some point in the future too, so that getdns can do without OpenSSL altogether.
Maintenance work included bringing TCP Fast Open up to par with current practice.
This means that at least on Linux 4.11+, getdns can connect TFO with TLS.
The most prominent bugfix is for DNSSEC scheduling which in some circumstances wrongly failed with insecure delegations of more than one label.
A few more issues are resolved with this release.
For a complete overview see the ChangeLog below.
This release has the 0.2.6 release of Stubby included, with updates to documentation and fixes for the Windows build.
Picture by Claus Schrammel
ChangeLog
* 2019-04-03: Version 1.5.2
* PR #424: Two small trust anchor fetcher fixes
Thanks Maciej S. Szmigiero
* Issue #422: Enable server side and update client side TCP Fast
Open implementation. Thanks Craig Andrews
* Issue #423: Fix insecure delegation detection while scheduling.
Thanks Charles Milette
* Issue #419: Escape backslashed when printing in JSON format.
Thanks boB Rudis
* Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
option to configure. libcrypto (from OpenSSL) still needed
for Zero configuration DNSSEC.
* DOA rr-type
* AMTRELAY rr-type
Stubby ChangeLog
* 2019-04-03: Version 0.2.6
* Windows: use appropriate system and user configuration directories.
* Windows: replace references to C:\Program Files with %PROGRAMFILES%.
* Windows: use location of stubby.bat to find stubby.exe and stubby.yml.