Releases: getdnsapi/getdns
getdns-1.7.3 quickfix release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.7.3.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.7.3.tar.gz.asc |
| sha256 | f1404ca250f02e37a118aa00cf0ec2cbe11896e060c6d369c6761baea7d55a2c |
Dear all,
We have a new 1.7.3 quickfix release of getdns.
Version 1.7.2. contained a version of Stubby that had a bug preventing it to start on systems using systemd.
The version 0.4.3 of Stubby included in this version has this resolved.
Compared to version 1.7.0 and Stubby version 0.4.0 this is mostly a bugfix release with most prominently a fix for a crash that occured when looking up and DNSSEC validating certain RR types.
This release has a Stubby version 0.4.3 included.
We wanted to have this out of the way first before adding new stuff (like DoH).
Happy holidays eveyone!
Photo by Goochie Poochie Grooming
ChangeLog
* 2022-12-22: Version 1.7.3
* PR #532: Increase CMake required version 3.5 -> 3.20, because we
need cmake_path for Absolute paths in pkg-config (See Issue #517)
Thanks Gabriel Ganne
* Updated to Stubby 0.4.3 quickfix release
* 2022-08-19: Version 1.7.2
* Stubby updated to 0.4.2 quickfix release
* 2022-08-19: Version 1.7.1
* Always send the `dot` ALPN when using DoT
* Strengthen version determination for Libidn2 during cmake processing
(thanks jpbion).
* Fix for issue in UDP stream selection in case of timeouts.
Thanks Shikha Sharma
* Fix using asterisk in ipstr for any address. Thanks uzlonewolf.
* Issue stubby#295: rdata not correctly written for validation for
certain RR type. Also, set default built type to RelWithDebInfo and
expose CFLAGS via GETDNS_BUILD_CFLAGS define and via
getdns_context_get_api_information()
* Issue #524: Bug fixes from submodules' upstream?
Thanks Johnnyslee
* Issue #517: Allow Absolute path CMAKE_INSTALL_{INCLUDE,LIB}DIR in
pkg-config files. Thanks Alex Shpilkin
* Issue #512: Update README.md to show correct PGP key location.
Thanks Katze Prior.
Stubby ChangeLog
* Fix Issue #330 and PR#324: PrivateUsers=false needed in systemd
stubby.service file for stubby to start.
Thanks Archcan and Petr Menšík
* PR #323: Reduce log messages when interface is offline.
Thanks Russ Bubley and Andre Heider
* 2022-08-19: version 0.4.2
* Fix Issue #320: Stubby doesn't start without "log_level"
entry. Thanks Johnny S. Lee
* 2022-08-19: Version 0.4.1
* Several updates to the servers in the config file:
* sinodun.dnsovertls*.com servers are removed and will be
decommissioned in the near future. This leaves only the
getdnsapi.net server as the default.
A recommendation is made that users choose additional servers
from the list available.
* Additional Quad9 servers added (thanks pataquets).
* LDN servers removed as the service is now stopped.
* Tidy up of remaining server data.
* Change `comment` lines on Uncensored server data to more clearly
be comments (not valid YAML)
* Fix and improve descriptions of default values
* getdnsapi.net DoT servers liston on port 443 now too
* Fixes for parsing of quoted key values for `tls-ca-file`,
`tls-curves-list` and `resolvconf`
* Add Dockerfile into `contrib` - thanks to pataquets.
* Strengthen version checking for LibIDN2 during the cmake step so
LibIDN2 version 2.3.3 can be properly found (thanks jpbion).
* Updated systemd/stubby.service file. Thanks Bruno Pagani
* log level configurable in config file with log_level setting
Command line setting (with -v or -l) overrules the config file
setting
getdns-1.7.2 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.7.2.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.7.2.tar.gz.asc |
| sha256 | db89fd2a940000e03ecf48d0232b4532e5f0602e80b592be406fd57ad76fdd17 |
Dear all,
We have a new 1.7.2 quickfix release of getdns.
Version 1.7.1. contained a version of Stubby that would fail to start with config files missing the new log_level setting.
The version 0.4.2 of Stubby included in this version has this resolved.
Compared to version 1.7.0 and Stubby version 0.4.0 this is mostly a bugfix release with most prominently a fix for a crash that occured when looking up and DNSSEC validating certain RR types.
This release has a Stubby version 0.4.2 included with updated upstreams servers in the example stubby.yml config file.
NOTE! The dnsovertls*.sinodun.com servers will retire later this month so we strongly encourage you to update the config file with the new default upstream servers and choose (uncomment) some additional servers from the list available.
The getdnsapi.net server is the only default resolver left and is a single point of failure in your setup if no other resolvers are chosen.
Photo CC BY-SA 3.0 by BKP via Wikimedia Commons
ChangeLog
* Stubby updated to 0.4.2 quickfix release
* 2022-08-19: Version 1.7.1
* Always send the `dot` ALPN when using DoT
* Strengthen version determination for Libidn2 during cmake processing
(thanks jpbion).
* Fix for issue in UDP stream selection in case of timeouts.
Thanks Shikha Sharma
* Fix using asterisk in ipstr for any address. Thanks uzlonewolf.
* Issue stubby#295: rdata not correctly written for validation for
certain RR type. Also, set default built type to RelWithDebInfo and
expose CFLAGS via GETDNS_BUILD_CFLAGS define and via
getdns_context_get_api_information()
* Issue #524: Bug fixes from submodules' upstream?
Thanks Johnnyslee
* Issue #517: Allow Absolute path CMAKE_INSTALL_{INCLUDE,LIB}DIR in
pkg-config files. Thanks Alex Shpilkin
* Issue #512: Update README.md to show correct PGP key location.
Thanks Katze Prior.
Stubby ChangeLog
* Fix Issue #320: Stubby doesn't start without "log_level"
entry. Thanks Johnny S. Lee
* 2022-08-19: Version 0.4.1
* Several updates to the servers in the config file:
* sinodun.dnsovertls*.com servers are removed and will be
decommissioned in the near future. This leaves only the
getdnsapi.net server as the default.
A recommendation is made that users choose additional servers
from the list available.
* Additional Quad9 servers added (thanks pataquets).
* LDN servers removed as the service is now stopped.
* Tidy up of remaining server data.
* Change `comment` lines on Uncensored server data to more clearly
be comments (not valid YAML)
* Fix and improve descriptions of default values
* getdnsapi.net DoT servers liston on port 443 now too
* Fixes for parsing of quoted key values for `tls-ca-file`,
`tls-curves-list` and `resolvconf`
* Add Dockerfile into `contrib` - thanks to pataquets.
* Strengthen version checking for LibIDN2 during the cmake step so
LibIDN2 version 2.3.3 can be properly found (thanks jpbion).
* Updated systemd/stubby.service file. Thanks Bruno Pagani
* log level configurable in config file with log_level setting
Command line setting (with -v or -l) overrules the config file
setting
getdns-1.7.0 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.7.0.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.7.0.tar.gz.asc |
| sha256 | ea8713ce5e077ac76b1418ceb6afd25e6d4e39e9600f6f5e81d3a3a13a60f652 |
Dear all,
It's alive! We finally have a new 1.7.0 release of getdns. Sorry that this has taken so long. We promise that a next release will not take this long again. In fact, from now on we are committing ourselves to do new releases at least every three months. You can hold us to that!
This release has Stubby version 0.4.0 included with updated upstream servers in the example stubby.yml config file.
Warning! We will retire the dnsovertls*.sinodun.com servers later this year. The current example stubby.yml config file has dnsovertls.sinonodun.com and dnsovertls1.sinodun.com as default DNS-over-TLS upstreams (next to getdnsapi.net), but they will be excluded from the config in the next release. We are considering other options as the default upstream servers and we welcome feedback and input from you in this github issue.
With the introduction of CMake as our new build system a few bugs have crept in. This getdns release has those corrected. Most notably:
- TLS1.3 cipher suites can now be configured again, either at context level with the
getdns_context_set_tls_ciphersuites()function, or at upstream level by specifying atls_ciphersuitesentry. - The eventloop extension libraries have their old names again:
libgetdns_ext_event,libgetdns_ext_evandlibgetdns_ext_uv.
Besides these (and some other) bugfixes, this release has work included to improve user experience when falling back to other transports or upstreams after failure:
- Limiting the time a TLS Handshake may take to 4/5th of the query timeout.
- Setting of the number of milliseconds send data may remain unacknowledged by the peer in a TCP connection (when supported by the OS) with the
getdns_context_set_tcp_send_timeout().
Contributed by maciejsszmigiero Thanks Maciej!
Also, people that had problems with truncated packets or too large packets from Stubby, may have less issues because smaller responses are returned thanks to the name-compression contribution from amialkow. Thanks Andy!
Photo still from Frankenstein (1931 film)
ChangeLog
* 2021-06-04: Version 1.7.0
* Make TLS Handshake timeout max 4/5th of timeout for the query,
just like connection setup timeout was, so fallback transport
have a chance too when TCP connection setup is less well
detectable (as with TCP_FASTOPEN on MacOS).
* Issue #466: Memory leak with retrying queries (for examples
with search paths). Thanks doublez13.
* Issue #480: Handling of strptime when Cross compiling with CMake.
A new option to FORCE_COMPAT_STRPTIME (default disabled) will
(when disabled) make cmake assume the target platform has a POSIX
compatible strptime when cross-compiling.
* Setting of the number of milliseconds send data may remain
unacknowledged by the peer in a TCP connection (when supported
by the OS) with getdns_context_set_tcp_send_timeout()
Thanks maciejsszmigiero.
* Issue #497: Fix typo in CMAKE included files, so Stubby can use
TLS v1.3 with chipersuites options ON. Thanks har-riz.
* Basic name compression on server replied messages. Thanks amialkow!
This alleviates (but might not completely resolve) issues #495 and
#320 .
* Eventloop extensions back to the old names libgetdns_ext_event,
libgetdns_ext_ev and libgetdns_ext_uv.
* Compilation warning fixes. Thanks Andreas!
Stubby ChangeLog
* 2021-06-04: Version 0.4.0
* We announce the intention to remove the dnsovertls*.sinodun.com
servers from the default resolver list in the next release,
see https://github.com/getdnsapi/stubby/issues/286 for details.
* Add ability to run Stubby as a full Windows service
* Update IPs for dot1.applied-privacy.net
* Remove the secure.eu entries in the stubby config file
* Bugfix: Make `run_in_foreground = 1` the default again
* Support yaml config files that do not use quotes
First release candidate for getdns-1.7.0
First release candidate for getdns-1.7.0
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.7.0-rc.1.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.7.0-rc.1.tar.gz.asc |
| sha256 | 0468253d8aa702e08d78fee34835aa07c4b6a1c433b9fa9b0f54318729c35367 |
Dear all,
We finally have a first candidate for a new 1.7.0 release of getdns. Sorry that this has taken so long. We promise that a next release will not take this long again. In fact, from now on we are committing ourselves to do new releases at least every three months. You can hold us to that!
This release has a Stubby version 0.4.0-rc.1 included with updated upstreams servers in the example stubby.yml config file.
Warning! We will retire the dnsovertls*.sinodun.com servers later this year. The current example stubby.yml config file has dnsovertls.sinonodun.com and dnsovertls1.sinodun.com as default DNS-over-TLS upstreams (next to getdnsapi.net), but they will be excluded from the config in the next release. We are considering other options as the default upstream servers and we welcome feedback and input from you in this github issue.
With the introduction of CMake as our new build system a few bugs have crept in. This getdns release has those corrected. Most notably:
- TLS1.3 cipher suites can now be configured again, either at context level with the
getdns_context_set_tls_ciphersuites()function, or at upstream level by specifying atls_ciphersuitesentry. - The eventloop extension libraries have their old names again:
libgetdns_ext_event,libgetdns_ext_evandlibgetdns_ext_uv.
Besides these (and some other) bugfixes, this release has work included to improve user experience when falling back to other transports or upstreams after failure:
- Limiting the time a TLS Handshake may take to 4/5th of the query timeout.
- Setting of the number of milliseconds send data may remain unacknowledged by the peer in a TCP connection (when supported by the OS) with the
getdns_context_set_tcp_send_timeout(). Contributed by maciejsszmigiero Thanks Maciej!
Also, people that had problems with truncated packets or too large packets from Stubby, may have less issues because smaller responses are returned thanks to the name-compression contribution from amialkow. Thanks Andy!
Please review these release candidates carefully, if all is well, the actual release will follow Friday the 4th of June.
Photo still from Frankenstein (1931 film)
ChangeLog
* 2021-06-??: Version 1.7.0
* Make TLS Handshake timeout max 4/5th of timeout for the query,
just like connection setup timeout was, so fallback transport
have a chance too when TCP connection setup is less well
detectable (as with TCP_FASTOPEN on MacOS).
* Issue #466: Memory leak with retrying queries (for examples
with search paths). Thanks doublez13.
* Issue #480: Handling of strptime when Cross compiling with CMake.
A new option to FORCE_COMPAT_STRPTIME (default disabled) will
(when disabled) make cmake assume the target platform has a POSIX
compatible strptime when cross-compiling.
* Setting of the number of milliseconds send data may remain
unacknowledged by the peer in a TCP connection (when supported
by the OS) with getdns_context_set_tcp_send_timeout()
Thanks maciejsszmigiero.
* Issue #497: Fix typo in CMAKE included files, so Stubby can use
TLS v1.3 with chipersuites options ON. Thanks har-riz.
* Basic name compression on server replied messages. Thanks amialkow!
This alleviates (but might not completely resolve) issues #495 and
#320 .
* Eventloop extensions back to the old names libgetdns_ext_event,
libgetdns_ext_ev and libgetdns_ext_uv.
Stubby ChangeLog
* 2021-06-??: Version 0.4.0
* We announce the intention to remove the dnsovertls*.sinodun.com
servers from the default resolver list in the next release,
see https://github.com/getdnsapi/stubby/issues/286 for details.
* Add ability to run Stubby as a full Windows service
* Update IPs for dot1.applied-privacy.net
* Remove the secure.eu entries in the stubby config file
* Bugfix: Make `run_in_foreground = 1` the default again
* Support yaml config files that do not use quotes
getdns-1.6.0 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.6.0.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.6.0.tar.gz.asc |
| sha256 | 40e5737471a3902ba8304b0fd63aa7c95802f66ebbc6eae53c487c8e8a380f4a |
Dear all,
I am pleased to announce the new, CMake, bugfix and maintenance release, version 1.6.0 of getdns.
Mayor change from previous release is that the autotools based build system has been replaced with a CMake build system.
The motivation for this change is to have Windows be a first class build platform for getdns thereby increasing the ease of use of the getdns library in Windows applications. getdns and stubby can now be built using a native Windows build toolchain, ideally via the Visual Studio project. This work will also facilitate developing a User Interface for Stubby on Windows.
For those unfamiliar with CMake we have put together a CMake Quick Start Guide on how to build getdns with the new build system.
Another change in the build system is that the eventloop support libraries (for libevent2, libev and libuv) will now automatically be build when those libraries are detected.
Besides the build system changes, this release has also some bug fixes, amongst which:
-
Better TLS connection setup timeout handling, which makes getdns and stubby work better with DoT servers that are slow on initial connection (because they might be under attack).
-
Correct handling of UDP Payload size by getdns servers (i.e. listeners)
This release has a Stubby version 0.3.0included, also modified for the CMake build tools and updated with a few fixes.
Photo by [贝莉儿 DANIST]
ChangeLog
* 2020-02-28: Version 1.6.0
* Issues #457, #458, #461: New symbols with libnettle >= 3.4.
Thanks hanvinke & kometchtech for testing & reporting.
* Issue #432: answer_ipv4_address and answer_ipv6_address in reply
and response dicts.
* Issue #430: Record and guard UDP max payload size with servers.
* Issue #407: Run only offline-tests option with:
src/test/tpkg/run-offline-only.sh (only with git checkouts).
* Issue #175: Include the packet the stub resolver sent to the
upstream the call_reporting dict. Thanks Tom Pusateri
* Issue #169: Build eventloop support libraries if event libraries
are available. Thanks Tom Pusateri
* 2019-12-20: Version 1.6.0-beta.1
* Migration of build system to cmake. Build now works on Ubuntu,
Windows 10 and macOS.
Some notes on minor differences in the new cmake build:
* OpenSSL 1.0.2 or higher is now required
* libunbound 1.5.9 is now required
* Only libidn2 2.0.0 and later is supported (not libidn)
* Windows uses ENABLE_STUB_ONLY=ON as the default
* Unit and regression tests work on Linux/macOS
(but not Windows yet)
Stubby ChangeLog
* 2020-02-28: Version 0.3.0
* Correct the applied-privacy.net details and remove ibksturm server in stubby.yml.example.
* Include AppArmor profile (thanks CameronNemo)
* Add `contrib` contributors to the README
* Let scheduled task run idefinately on Windows (thanks triatic)
* Add `Restart=on-failure` to the systemd.service file (thanks appliedprivacy)
* 2019-12-20: Version 0.3.0-beta.1
* Migration of build system to cmake.
First cmake release candidate
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.6.0-rc.1.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.6.0-rc.1.tar.gz.asc |
| sha256 | d6075515059289319ec269608badb9abc98ddce55520e54ea0bdd696f95d8883 |
Dear all,
We have a first candidate for the 1.6.0 release of getdns.
Mayor change from previous release is that the autotools based build system has been replaced with a CMake build system.
The motivation for this change is to have Windows be a first class build platform for getdns thereby increasing the ease of use of the getdns library in Windows applications. getdns and stubby can now be built using a native Windows build toolchain, ideally via the Visual Studio project. This work will also facilitate developing a User Interface for Stubby on Windows.
For those unfamiliar with CMake we have put together a CMake Quick Start Guide on how to build getdns with the new build system.
Another change in the build system is that the eventloop support libraries (for libevent2, libev and libuv) will now automatically be build when those libraries are detected.
Besides the build system changes, this release has also some bug fixes, amongst which:
-
Better TLS connection setup timeout handling, which makes getdns and stubby work better with DoT servers that are slow on initial connection (because they might be under attack).
-
Correct handling of UDP Payload size by getdns servers (i.e. listeners)
This release has a Stubby version 0.3.0-rc.1 included, also modified for the CMake build tools and updated with a few fixes.
Please review these release candidates carefully, if all is well, the actual release will follow Friday the 28th of February.
Photo by Randy Fath
ChangeLog
* 2020-02-??: Version 1.6.0
* Issue #432: answer_ipv4_address and answer_ipv6_address in reply
and response dicts.
* Issue #430: Record and guard UDP max payload size with servers.
* Issue #407: Run only offline-tests option with:
src/test/tpkg/run-offline-only.sh (only with git checkouts).
* Issue #175: Include the packet the stub resolver sent to the
upstream the call_reporting dict. Thanks Tom Pusateri
* Issue #169: Build eventloop support libraries if event libraries
are available. Thanks Tom Pusateri
* 2019-12-20: Version 1.6.0-beta.1
* Migration of build system to cmake. Build now works on Ubuntu,
Windows 10 and macOS.
Some notes on minor differences in the new cmake build:
* OpenSSL 1.0.2 or higher is now required
* libunbound 1.5.9 is now required
* Only libidn2 2.0.0 and later is supported (not libidn)
* Windows uses ENABLE_STUB_ONLY=ON as the default
* Unit and regression tests work on Linux/macOS
(but not Windows yet)
Stubby ChangeLog
* 2020-01-16: Version 0.3.0rc1
* Correct the applied-privacy.net details and remove ibksturm server in stubby.yml.example.
* Include AppArmor profile (thanks CameronNemo)
* Add `contrib` contributors to the README
* Let scheduled task run idefinately on Windows (thanks triatic)
* Add `Restart=on-failure` to the systemd.service file (thanks appliedprivacy)
* 2019-12-20: Version 0.3.0-beta.1
* Migration of build system to cmake.
First cmake beta release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.6.0-beta.1.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.6.0-beta.1.tar.gz.asc |
| sha256 | d0b65193178bf902705b4dfc94780267fa3d14801da1b11a74f08422f9e324da |
Dear all,
We have a first beta release of getdns in which the traditional autotools based build system has been replaced with a CMake build system.
- This release has only the build system replaced and has no other features or bugfixes.
- The purpose of this release is to give package maintainers the opportunity to test and adopt the build recipes for the packages to fit our new build system.
- Once this has settled and we have had sufficient feedback to continue doing future releases with the CMake build system we will move to a release candidate for 1.6.0.
The motivation for this change to have Windows be a first class build platform for getdns thereby increasing the ease of use of the getdns library in Windows applications. getdns and stubby can now be built using a native Windows build toolchain, ideally via the Visual Studio project. This work will also facilitate developing a User Interface for Stubby on Windows.
For those unfamiliar with CMake we have put together a CMake Quick Start Guide on how to build getdns with the new build system.
This release has a Stubby version 0.3.0-beta.1 included, also modified for the CMake build tools.
CC BY 2.0: the Cmake team
ChangeLog
* 2019-12-20: Version 1.6.0-beta.1
* Migration of build system to cmake. Build now works on Ubuntu,
Windows 10 and macOS.
Some notes on minor differences in the new cmake build:
* OpenSSL 1.0.2 or higher is now required
* libunbound 1.5.9 is now required
* Only libidn2 2.0.0 and later is supported (not libidn)
* Windows uses ENABLE_STUB_ONLY=ON as the default
* Unit and regression tests work on Linux/macOS
(but not Windows yet)
Stubby ChangeLog
* 2019-12-20: Version 0.3.0-beta.1
* Migration of build system to cmake.
getdns-1.5.2 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.5.2.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.5.2.tar.gz.asc |
| sha256 | 1826a6a221ea9e9301f2c1f5d25f6f5588e841f08b967645bf50c53b970694c0 |
Dear all,
I am pleased to announce the new GnuTLS, bugfix and maintenance release, version 1.5.2 of getdns.
This release has experimental support for GnuTLS >= 3.5.0 as replacement for OpenSSL.
To enabled, use the --with-gnutls option at configure time.
Note that getdns needs the gnutls-dane library too (which is used for SPKI authentication of DNS-over-TLS upstreams).
DNSSEC validation will use the cryptographic functions from libnettle (the cryptographic library also used by GnuTLS).
When build with GnuTLS, getdns will still be linked with libcrypto (from OpenSSL) for S/MIME verification of the root-anchors.xml file with Zero configuration DNSSEC.
It is our intention to replace that with something more GnuTLS native at some point in the future too, so that getdns can do without OpenSSL altogether.
Maintenance work included bringing TCP Fast Open up to par with current practice.
This means that at least on Linux 4.11+, getdns can connect TFO with TLS.
The most prominent bugfix is for DNSSEC scheduling which in some circumstances wrongly failed with insecure delegations of more than one label.
A few more issues are resolved with this release.
For a complete overview see the ChangeLog below.
This release has the 0.2.6 release of Stubby included, with updates to documentation and fixes for the Windows build.
Picture by Claus Schrammel
ChangeLog
* 2019-04-03: Version 1.5.2
* PR #424: Two small trust anchor fetcher fixes
Thanks Maciej S. Szmigiero
* Issue #422: Enable server side and update client side TCP Fast
Open implementation. Thanks Craig Andrews
* Issue #423: Fix insecure delegation detection while scheduling.
Thanks Charles Milette
* Issue #419: Escape backslashed when printing in JSON format.
Thanks boB Rudis
* Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
option to configure. libcrypto (from OpenSSL) still needed
for Zero configuration DNSSEC.
* DOA rr-type
* AMTRELAY rr-type
Stubby ChangeLog
* 2019-04-03: Version 0.2.6
* Windows: use appropriate system and user configuration directories.
* Windows: replace references to C:\Program Files with %PROGRAMFILES%.
* Windows: use location of stubby.bat to find stubby.exe and stubby.yml.
First release candidate for getdns-1.5.2
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.5.2-rc1.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.5.2-rc1.tar.gz.asc |
| sha256 | 41abaaee26c12c3d34e40a3b5396f4a41a6b6fec8d4a847b9ba2e128129f5f4c |
Dear all,
We have a first candidate for the upcoming 1.5.2 GnuTLS, bugfix and maintenance release of getdns.
This release has experimental support for GnuTLS >= 3.5.0 as replacement for OpenSSL.
To enabled, use the --with-gnutls option at configure time. Note that getdns needs the gnutls-dane library too (which is used for SPKI authentication of DNS-over-TLS upstreams). DNSSEC validation will use the cryptographic functions from libnettle (the cryptographic library also used by GnuTLS).
When build with GnuTLS, getdns will still be linked with libcrypto (from OpenSSL) for S/MIME verification of the root-anchors.xml file with Zero configuration DNSSEC. It is our intention to replace that with something more GnuTLS native at some point in the future too, so that getdns can do without OpenSSL altogether.
Maintenance work included bringing TCP Fast Open up to par with current practice. This means that at least on Linux 4.11+, getdns can connect TFO with TLS.
The most prominent bugfix is for DNSSEC scheduling which in some circumstances wrongly failed with insecure delegations of more than one label.
A few more issues are resolved with this release. For a complete overview see the ChangeLog below.
This release has a release candidate for Stubby 0.2.6 included, with updates to documentation and fixes for the Windows build.
Please review these release candidates carefully, if all is well, the actual release will follow Friday the 22th of March.
Picture by Claus Schrammel
ChangeLog
* 2019-03-??: Version 1.5.2
* Issue #422: Enable server side and update client side TCP Fast
Open implementation. Thanks Craig Andrews
* Issue #423: Fix insecure delegation detection while scheduling.
Thanks Charles Milette
* Issue #419: Escape backslashed when printing in JSON format.
Thanks boB Rudis
* Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
option to configure. libcrypto (from OpenSSL) still needed
for Zero configuration DNSSEC.
* DOA rr-type
* AMTRELAY rr-type
Stubby ChangeLog
* 2019-02-xx: Version 0.2.6
* Windows: use appropriate system and user configuration directories.
* Windows: replace references to C:\Program Files with %PROGRAMFILES%.
* Windows: use location of stubby.bat to find stubby.exe and stubby.yml.
getdns-1.5.1 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-1.5.1.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-1.5.1.tar.gz.asc |
| sha256 | 5686e61100599c309ce03535f9899a5a3d94a82cc08d10718e2cd73ad3dc28af |
Dear all,
The previous release had a bug which prevented it from building on MacOS.
This release has (almost) only this single bug fixed.
Also, some new configurable properties for DNS-over-TLS were introduced in the previous release, but these properties were not exposed in stubby.yml.example.
This release includes Stubby 0.2.5, which does have example configuration for these properties in stubby.yml.example.
Google recently announced DNS-over-TLS support on the Google public DNS resolvers.
Example configuration entries for DNS-over-TLS with Google public DNS are added to stubby.yml.example too.
Photo from pxhere
ChangeLog
* 2019-01-11: Version 1.5.1
* PR #414: remove TLS13 ciphers from cipher_list, but
only when SSL_CTX_set_ciphersuites is available.
Thanks Bruno Pagani
* Issue #415: Filter out #defines etc. when creating
symbols file. Thanks Zero King
* 2018-12-21: Version 1.5.0
* RFE getdnsapi/stubby#121 log re-instantiating TLS
upstreams (because they reached tls_backoff_time) at
log level 4 (WARNING)
* GETDNS_RESPSTATUS_NO_NAME for NODATA answers too
* ZONEMD rr-type
* getdns_query queries for addresses when a query name
without a type is given.
* RFE #408: Fetching of trust anchors will be retried
after failure, after a certain backoff time. The time
can be configured with
getdns_context_set_trust_anchors_backoff_time().
* RFE #408: A "dnssec" extension that requires DNSSEC
verification. When this extension is set, Indeterminate
DNSSEC status will not be returned.
* Issue #410: Unspecified ownership of get_api_information()
* Fix for DNSSEC bug in finding most specific key when
trust anchor proves non-existance of one of the labels
along the authentication chain other than the non-
existance of a DS record on a zonecut.
* Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130:
Configurable minimum and maximum TLS versions with
getdns_context_set_tls_min_version() and
getdns_context_set_tls_max_version() functions and
tls_min_version and tls_max_version configuration parameters
for upstreams.
* Configurable TLS1.3 ciphersuites with the
getdns_context_set_tls_ciphersuites() function and
tls_ciphersuites config parameter for upstreams.
* Bugfix in upstream string configurations: tls_cipher_list and
tls_curve_list
* Bugfix finding signer for validating NSEC and NSEC3s, which
caused trouble with the partly tracing DNSSEC from the root
up, introduced in 1.4.2. Thanks Philip Homburg
Stubby ChangeLog
* 2019-01-11: Version 0.2.5
* RFE getdnsapi/getdns#408: Document trust_anchors_backoff_time
in stubby.yml.example. Thanks Jonathan Underwood
* RFE #148: Document tls_ciphersuites, tls_cipher_list, tls_min_version
and tls_max_version in stubby.yml.example. Thanks Jonathan Underwood
* RFE #149: Added Google Public DNS to stubby.yml.example.
Thanks Bruno Pagani
* 2018-12-21: Version 0.2.4
* DNSSEC required with dnssec extension in example config
* Removed the yeti servers from stubby.yml.example
* Added the Foundation RESTENA servers in stubby.yml.example
* Bugfix: only start Stubby when network is up
Thanks Bruno Pagani