getdns-1.2.1 release

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.2.1.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.2.1.tar.gz.asc
sha256	3ed37135b4aa447160fa68205b8552477b6829da48eb63943994c6193e1d891d

Dear all,

We have a new bugfix release version 1.2.1 of getdns.

This release includes bugfixes, robustness and stability improvements only.
For a more detailed description of all changes see the ChangeLog section below.

The version of Stubby included with this release has been updated to 0.1.5.
The ChangeLog entries up from the version of Stubby included in the previous release (0.1.3) are included the Stubby ChangeLog section below.

ChangeLog

* 2017-11-11: Version 1.2.1
  * Stubby v0.1.5 included
  * Handle more I/O error cases.  Also, when an I/O error does occur,
    never stop listening (with servers), and
    never exit (when running the built-in event loop).
  * Bugfix: Tolerate unsigned and unused RRsets in the authority
    section.  Fixes DNSSEC with BIND upstream.
  * Bugfix: DNSSEC validation without support records
  * Bugfix: Validation of full recursive DNSKEY lookups
  * Bugfix: Retry to validate full recursion BOGUS replies with zero
    configuration DNSSEC only when DNSSEC was actually requested
  * Bugfix #348: Fix a linking issue in stubby when libbsd is present
    Thanks Remi Gacogne
  * More robust scheduling; Eliminating a segfault with long running
    applications.
  * Miscellaneous Windows portability fixes from Jim Hague.
  * Fix Makefile dependencies for parallel install.
    Thanks ilovezfs

Stubby ChangeLog

* 2017-11-03: Version 0.1.5
  * Add Windows installer package. Installer available at dnsprivacy.org
  * Fix to systemd file names (thanks ArchangeGabriel)
  * Add SPKI for Uncensored DNS (thanks woopstar)
  * Fix installation of stubby.yml file (thanks ArchangeGabriel)
  * Fix detection of platform for standalone build
  * Fix location of pid file installation
  * Update the stubby.yml file to contain details of all available servers.
    Only a small subset are enabled by default.

* 2017-10-20: Version 0.1.4
  * '-i' option of stubby no longer tries to bind to the listen addresses so
    it can be run without requiring root privileges. Makes it easier to validate
    the configuration file syntax. 
  * Fix incorrect IP addresses for some servers in the config file. Add note that
    IPv6 addresses ending in :: are not supported (must use ::0). Also add 
    example of using a specific port in a listen address.
  * Fixes for Windows support

First release candidate for getdns-1.2.1

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.2.1-rc1.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.2.1-rc1.tar.gz.asc
sha256	c6ac3a7a401020da4c513a75aee2da2ae8e9511bec3a599654dee72000cd3f71

Dear all,

We have a first release candidate for the upcoming 1.2.1 bugfix release of getdns.

This release includes bugfixes, robustness and stability improvements only.
For a more detailed description of all changes see the ChangeLog section below.

The version of Stubby included with this release has been updated to 0.1.5.
The ChangeLog entries up from the version of Stubby included in the previous release (0.1.3) are included the Stubby ChangeLog section below.

Please review this release candidate carefully, if all is well, the actual release will follow Friday the 10th of November.

ChangeLog

* 2017-11-??: Version 1.2.1
  * Handle more I/O error cases.  Also, when an I/O error does occur,
    never stop listening (with servers), and
    never exit (when running the built-in event loop).
  * Bugfix: Tolerate unsigned and unused RRsets in the authority
    section.  Fixes DNSSEC with BIND upstream.
  * Bugfix: DNSSEC validation without support records
  * Bugfix: Validation of full recursive DNSKEY lookups
  * Bugfix: Retry to validate full recursion BOGUS replies with zero
    configuration DNSSEC only when DNSSEC was actually requested
  * Bugfix #348: Fix a linking issue in stubby when libbsd is present
    Thanks Remi Gacogne
  * More robust scheduling; Eliminating a segfault with long running
    applications.
  * Miscellaneous Windows portability fixes from Jim Hague.
  * Fix Makefile dependencies for parallel install.
    Thanks ilovezfs

Stubby ChangeLog

* 2017-11-03: Version 0.1.5
  * Add Windows installer package. Installer available at dnsprivacy.org
  * Fix to systemd file names (thanks ArchangeGabriel)
  * Add SPKI for Uncensored DNS (thanks woopstar)
  * Fix installation of stubby.yml file (thanks ArchangeGabriel)
  * Fix detection of platform for standalone build
  * Fix location of pid file installation
  * Update the stubby.yml file to contain details of all available servers.
    Only a small subset are enabled by default.

* 2017-10-20: Version 0.1.4
  * '-i' option of stubby no longer tries to bind to the listen addresses so
    it can be run without requiring root privileges. Makes it easier to validate
    the configuration file syntax. 
  * Fix incorrect IP addresses for some servers in the config file. Add note that
    IPv6 addresses ending in :: are not supported (must use ::0). Also add 
    example of using a specific port in a listen address.
  * Fixes for Windows support

getdns-1.2.0 release

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.2.0.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.2.0.tar.gz.asc
sha256	06e6494b5d8b9404f439d5a98a3ab8f1f4b3557fb7aa3db005b021a6289b4229

Dear all,

We have a new feature release version 1.2.0 of getdns.

This release contains two new features:

• Built-in DNSSEC trust-anchor management:
  Zero configuration DNSSEC
• Better TLS upstream failure management, more resilient to transient connectivity loss and laptop "sleeps" etc.

and

• An updated version of Stubby (0.1.3) with YAML configuration files.

Zero configuration DNSSEC

Until now, we've assumed an external system component (like unbound-anchor) to do the trust-anchor management for getdns, but this is not optimal.
Ideally applications that want to use DNSSEC validation, for example to perform DANE, would want to be able to rely on an application library to deliver DNSSEC, without requiring additional system configuration.
This release includes a form of built-in trust-anchor management modelled on RFC7958, that is suitable for a resolver library which can not assume reliable up-time and which we have named: Zero configuration DNSSEC.

With Zero configuration DNSSEC, the "root-anchors.xml" file (from http://data.iana.org/root-anchors/root-anchors.xml) will be verified by validating the S/MIME signatures (stored separately in "root-anchors.p7s") with the ICANN Root Certificate Authority.

Trust anchors from "root-anchors.xml" will be used only when the accompanying "root-anchors.p7s" matches and validates and when either:

• There were no other trust anchors provided, either by the default trust anchor file (likely either /etc/unbound/getdns-root.key or /usr/local/etc/unbound/getdns-root.key), or set explicitly by the application with the getdns_context_set_dnssec_trust_anchors() function, or
• The available trust anchors (from the default location or set explicitly by the application) caused the root DNSKEY RRset to fail validation.

The "root-anchors.xml" and "root-anchors.p7s" files will be tried to read from a location for storing library specific data: ${HOME}/.getdns/ on Unix like systems (Linux, BSD's, MacOS) and %AppData%\getdns on Windows.

When trust anchors from "root-anchors.xml" are used, the root DNSKEY is also tracked (for changes) and a copy of it is stored in a "root.key" file in the library specific data directory.

A (new) version of "root-anchors.xml" and "root-anchors.p7s" will be retrieved from data.iana.org, when either:

• The library specific data directory is (creatable and) writeable by the current user, but the "root-anchors.xml" or "root-anchors.p7s" files were absent, or
• There is a new root DNSKEY RRset (or signature) and it contains keys with ID's which were not in "root-anchors.xml".

Zero configuration DNSSEC assumes DNSSEC with the ICANN root trust-anchors and is configured to use the ICANN defaults defined in RFC7958, but all default parameters can be adapted to fit alternate DNS(SEC) roots, with:

• getdns_context_set_trust_anchors_url()
• getdns_context_set_trust_anchors_verify_CA()
• getdns_context_set_trust_anchors_verify_email()
• getdns_context_set_appdata_dir()

Better TLS upstream failure management

RFC7858 suggested a back-off period of one hour on failing TLS upstreams.
However this is not a resilient and practical demeanor in practice when short-term network outages or connection loss caused, for example, by laptops going to sleep.

This release introduces a new TLS upstream failure management scheme in which the back-off time is incremented gradually from 1 second up, and doubled each retry with a maximum set by the getdns_context_set_tls_backoff_time() function.
Also, back-off time is ignored when there are no more responding TLS upstreams and the upstream with the least amount of retries will be used for retrying first.

Stubby will be much more resilient against short term outages and connection losses with this scheme.

YAML configuration files for Stubby

This release comes with an updated version of Stubby (version 0.1.3) with the new improvement to read configuration files in YAML format.

Previously Stubby would read configuration files in the JSON like format that is understood by getdns.
However, the necessity to deal with opening and closing brackets and the lack of comments make it unsuitable for human consumption.
YAML is much better readable and most importantly: can be annotated with comments and is as such a good fit for configuration files.

Stubby configuration files are now specified in YAML format by default.
JSON format can still be used if it is given on the command line with the -C flag.

Don't forget that the --with-stubby option needs to be used with configure when you want to build Stubby alongside the library.
When build with Stubby, there is an additional dependency on libyaml for the stubby binary only.

Also note that the primary location for Stubby has moved to the dnsprivacy.org website.

ChangeLog

* Bugfix of rc1: authentication of first query with TLS
    Thanks Travis Burtrum
  * A function to set the location for library specific data,
    like trust-anchors: getdns_context_set_appdata().
  * Zero configuration DNSSEC - build upon the scheme
    described in RFC7958.  The URL from which to fetch
    the trust anchor, the verification CA and email
    can be set with the new getdns_context_set_trust_anchor_url(),
    getdns_context_set_trust_anchor_verify_CA() and
    getdns_context_set_trust_anchor_verify_email() functions.
    The default values are to fetch from IANA and to validate
    with the ICANN CA.
  * Update of Stubby with yaml configuration file and
    logging from a certain severity support.
  * Fix tpkg exit status on test failure. Thanks Jim Hague.
  * Refined logging levels for upstream statistics
  * Reuse (best behaving) backed-off TLS upstreams when non are usable.
  * Let TLS upstreams back-off a incremental amount of time.
    Back-off time starts with 1 second and is doubled each failure, but
    will not exceed the time given by getdns_context_set_tls_backoff_time()
  * Make TLS upstream management more resilient to temporary outages
    (like laptop sleeps)

getdns-1.1.3 release

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.1.3.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.1.3.tar.gz.asc
sha256	1a75f3264936c6f9a9d57cd98df912f62fb1a0b1d4dc799065ded76987337ce1

Dear all,

We have a new bugfix release version 1.1.3 of getdns.

The brew formula for getdns and Stubby were conflicting because they both installed Stubby.
To resolve, we gave Stubby its own repository (https://github.com/getdnsapi/stubby) with getdns as a library dependency.

This release will allow for two complementary brew formulas.

1. One that installs the getdns library and the getdns_query tool with:
   bash brew install getdns
2. Another one that installs Stubby and (implicitly) the getdns library:
   bash brew install stubby

This release does include the new Stubby from its own repository too, but it is not build by default anymore.
To build Stubby together with the library you must configure it with the --with-stubby option.

Besides this organizational matter, we have a few fixes for high priority bugs in this release:

• When UDP upstreams were "temporarily" failing, the upstream selection process would crash when it would come back to the first specified UDP upstream after it initially failed.
• High-load multi-threading environments had an serviceability issue, because file descriptors were closed repeatedly when they were finished.
  As a result, a freshly obtained reused file descriptor by some thread could become unusable because it would be closed by another thread immediately.

A few more minor bugs have been addressed with this release too.
For a complete overview see the ChangeLog section below.

Picture of Dog at Home courtesy of Jolanta Penal

ChangeLog

* 2017-09-04: Version 1.1.3
  * Small bugfixes that came out of static analysis
  * No annotations with the output of getdns_query anymore,
    unless -V option is given to increase verbosity
    Thanks Ollivier Robert
  * getdns_query will now exit with failure status if replies are BOGUS
  * Bugfix: dnssec_return_validation_chain now also works when fallback
    to full recursion was needed with dnssec_roadblock_avoidance
  * More clear build instructions from Paul Hoffman.  Thanks.
  * Bugfix #320.1: Eliminate multiple closing of file descriptors
    Thanks Neil Cook
  * Bugfix #320.2: Array bounds bug in upstream_select
    Thanks Neil Cook
  * Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
    pages.  Thanks James Raftery
  * Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
    but does not have it implemented.  Thanks Joel Purra
  * Compile without Stubby by default.  Stubby now has a git repository
    of its own.  The new Stubby repository is added as a submodule.
    Stubby will still be build alongside getdns with the --with-stubby
    configure option.

First release candidate for getdns-1.1.3

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.1.3-rc1.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.1.3-rc1.tar.gz.asc
sha256	806d3dde53fbd8cbb46880774d97989878bfe77db4a3b8aeea46873203cf3daf

Dear all,

We have a release candidate for a bugfix release version 1.1.3 of getdns.

The brew formula for getdns and Stubby were conflicting because they both installed Stubby.
To resolve, we gave Stubby its own repository (https://github.com/getdnsapi/stubby) with getdns as a library dependency.

This release will allow for two complementary brew formulas.

1. One that installs the getdns library and the getdns_query tool with:
   bash brew install getdns
2. Another one that installs Stubby and (implicitly) the getdns library:
   bash brew install stubby

This release does include the new Stubby from its own repository too, but it is not build by default anymore.
To build Stubby together with the library you must configure it with the --with-stubby option.

Besides this organizational matter, we have a few fixes for high priority bugs in this release:

• When UDP upstreams were "temporarily" failing, the upstream selection process would crash when it would come back to the first specified UDP upstream after it initially failed.
• High-load multi-threading environments had an serviceability issue, because file descriptors were closed repeatedly when they were finished.
  As a result, a freshly obtained reused file descriptor by some thread could become unusable because it would be closed by another thread immediately.

A few more minor bugs have been addressed with this release too.
For a complete overview see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the actual release will follow Friday the 1st of September.

Picture of Dog with Stick courtesy of blog.dogtv.com

ChangeLog

* 2017-0?-??: Version 1.1.3
  * No annotations with the output of getdns_query anymore,
    unless -V option is given to increase verbosity
    Thanks Ollivier Robert
  * getdns_query will now exit with failure status if replies are BOGUS
  * Bugfix: dnssec_return_validation_chain now also works when fallback
    to full recursion was needed with dnssec_roadblock_avoidance
  * More clear build instructions from Paul Hoffman.  Thanks.
  * Bugfix #320.1: Eliminate multiple closing of file descriptors
    Thanks Neil Cook
  * Bugfix #320.2: Array bounds bug in upstream_select
    Thanks Neil Cook
  * Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
    pages.  Thanks James Raftery
  * Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
    but does not have it implemented.  Thanks Joel Purra
  * Compile without Stubby by default.  Stubby now has a git repository
    of its own.  The new Stubby repository is added as a submodule.
    Stubby will still be build alongside getdns with the --with-stubby
    configure option.

getdns-1.1.2 release

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.1.2.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.1.2.tar.gz.asc
sha256	685fbd493601c88c90b0bf3021ba0ee863e3297bf92f01b8bf1b3c6637c86ba5

Dear all,

We have a quickfix release version 1.1.2 of getdns.

The brew formula for Stubby installed and configured a version of the getdns library that would not fit other applications using getdns very well.
More specifically, libgetdns was configured to output statistics about upstreams.

To allow to display upstream statistics without the necessity for a specifically configured library, this release introduces a single new feature: the ability to register a callback function that will fire when certain subsystems have a log message of a certain severity.
Which subsystems will fire the callback can be specified with the registration function.
Currently this is only available for upstream statistics, but in the future the log messages for the other subsystems will be provided in a similar fashion.

Besides this single feature, we have a few bugfixes in this release.
The most prominent one fixing fallbacks on certain error conditions for stateful transports on MacOS.

For a more complete overview also see the ChangeLog section below.

ChangeLog

* 2017-07-03: Version 1.1.2
  * Bugfix for parallel make install
  * Bugfix to trigger event callbacks on socket errors
  * A getdns_context_set_logfunc() function with which one may
    register a callback log function for certain library subsystems
    at certain levels.  Currently this can only be used for
    upstream stastistics subsystem.

First release candidate for getdns-1.1.2

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.1.2-rc1.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.1.2-rc1.tar.gz.asc
sha256	6cee73b5d56806420870e0cd80938d054034792ab5107f058c9f062f4fdb310d

Dear all,

We have a release candidate for a quickfix release version 1.1.2 of getdns.

The brew formula for Stubby installed and configured a version of the getdns library that would not fit other applications using getdns very well.
More specifically, libgetdns was configured to output statistics about upstreams.

To allow to display upstream statistics without the necessity for a specifically configured library, this release introduces a single new feature: the ability to register a callback function that will fire when certain subsystems have a log message of a certain severity.
Which subsystems will fire the callback can be specified with the registration function.
Currently this is only available for upstream statistics, but in the future the log messages for the other subsystems will be provided in a similar fashion.

Besides this single feature, we have a few bugfixes in this release.
The most prominent one fixing fallbacks on certain error conditions for stateful transports on MacOS.

For a more complete overview also see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the actual release will follow Monday the 3th of July.

ChangeLog

* 2017-07-??: Version 1.1.2
  * Bugfix for parallel make install
  * Bugfix to trigger event callbacks on socket errors
  * A getdns_context_set_logfunc() function with which one may
    register a callback log function for certain library subsystems
    at certain levels.  Currently this can only be used for
    upstream stastistics subsystem.

getdns-1.1.1 release

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.1.1.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.1.1.tar.gz.asc
sha256	fa414c30d5f2d2b2453b5cec77362b4cc0f44d440be5893233748d82bd6a1a56

Dear all,

We are pleased to announce release 1.1.1 of our library implementation of the getdns API.

When working on the brew formula for Stubby, we discovered that the default configuration file, stubby.conf was missing from the distribution tarball.
This release is just to fix this omission and has no further big changes.

Besides the stubby.conf file, this release also includes a script that helps with setting up Stubby on a Mac, and guidance for integration with systemd.

Since our last release we have steadily improved and added unit tests, and significantly increased the code covered by them.
This has led to a few bugfixes which are also included with this release.

For a more complete overview also see the ChangeLog section below.

ChangeLog

* Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
  * Spelling fix s/receive/receive.  Thanks Andreas Schulze.
  * Added stubby-setdns-macos.sh script to support Homebrew formula
  * Include stubby.conf in the districution tarball
  * Bugfix #286 reschedule reused listening addresses
  * Bugfix #166 Allow parallel builds and unit-tests
  * NSAP-PTR, EID and NIMLOC, TALINK, AVC support
  * Bugfix of TA RR type
  * OPENPGPKEY and SMIMEA support
  * Bugfix TAG rdata type presentation format for CAA RR type
  * Bugfix Zero sized gateways with IPSECKEY gateway_type 0
  * Guidance for integration with systemd
  * Also check for memory leaks with advances server capabilities.
  * Bugfix convert IP string to IP dict with getdns_str2dict() directly.

First release candidate for getdns-1.1.1

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.1.1rc1.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.1.1rc1.tar.gz.asc
sha256	f63340b1d05410b875217c6abd7066586fc55a811db4ae90ffd01d2240e05e57

Dear all,

We have a release candidate for a quickfix release version 1.1.1 of getdns.

When working on the brew formula for Stubby, we discovered that the default configuration file, stubby.conf was missing from the distribution tarball.
This release is just to fix this omission and has no further big changes.

Besides the stubby.conf file, this release also includes a script that helps with setting up Stubby on a Mac, and guidance for integration with systemd.

Since our last release we have steadily improved and added unit tests, and significantly increased the code covered by them.
This has led to a few bugfixes which are also included with this release.

For a more complete overview also see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the actual release will follow Thursday the 15th of June.

ChangeLog

* 2017-06-??: Version 1.1.1
  * Added stubby-setdns-macos.sh script to support Homebrew formula
  * Include stubby.conf in the districution tarball
  * Bugfix #286 reschedule reused listening addresses
  * Bugfix #166 Allow parallel builds and unit-tests
  * NSAP-PTR, EID and NIMLOC, TALINK, AVC support
  * Bugfix of TA RR type
  * OPENPGPKEY and SMIMEA support
  * Bugfix TAG rdata type presentation format for CAA RR type
  * Bugfix Zero sized gateways with IPSECKEY gateway_type 0
  * Guidance for integration with systemd
  * Also check for memory leaks with advances server capabilities.
  * Bugfix convert IP string to IP dict with getdns_str2dict() directly.

getdns-1.1.0 release

	Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball	https://getdnsapi.net/dist/getdns-1.1.0.tar.gz
pgp sig	https://getdnsapi.net/dist/getdns-1.1.0.tar.gz.asc
sha256	aa47bca275b97f623dc6799cee97d3465fa46521d94bd9892e08e8d5d88f09c3

Dear all,

We are pleased to announce release 1.1.0 of our library implementation of the getdns API.

This version comes with the DNS Privacy stub resolver Stubby.
Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.
Stubby is in the early stages of development but is suitable for technical/advanced users.
A more generally user-friendly version is on the way!
More information about Stubby is here:

• https://getdnsapi.net/blog/dns-privacy-daemon-stubby/.

Stubby will be build by default and will be installed in the ${PREFIX}/bin directory.
Also the getdns_query test tool will be build and installed by default now.
If you want the library only, you can disable building and installation of those programs with the --without-stubby and --without-getdns_query options to configure.

getdns_query (and Stubby) have had functionality added which was not part of the original API specification, but which we think is useful for other applications as well.
This includes functions that have been added to deal with parsing and configuring getdns with a configuration file, and functions to serve DNS requests.

To handle configuration files, functions were added to convert strings to getdns native types, getdns_str2dict(), getdns_str2list(), getdns_str2bindata() and getdns_str2int(); A getdns_context can then be configured with a resulting getdns_dict with the new getdns_context_config() function.
This can reduce the amount of code needed to setup a context in a C program.

It also provides default values for extensions and allows the trust anchor and root hints files to be directly specified.
For example, the following piece of C code would configure the context to do DNSSEC roadblock avoidance (i.e. validate DNSSEC as stub, fallback to full recursive with hampering middleboxes), with alternative trust-anchor and root-hints.

if (GETDNS_RETURN_GOOD == getdns_str2dict(
    "{ dnssec_roadblock_avoidance: GETDNS_EXTENSION_TRUE"
    ", dns_root_servers: \"/etc/yeti/named.cache\""
    ", dnssec_trust_anchors: \"/etc/yeti/KSK.pub\""
    "}", &config_dict))
        getdns_context_config(context, config_dict);

More detailed (doxygen) documentation about the string to getdns data structure functions, and about configuring getdns_contexts with getdns_dicts is here:

• https://getdnsapi.net/doxygen/group__Ustring2getdns__data.html
• https://getdnsapi.net/functions/getdns_context_config.html

The getdns_context_set_listen_addresses() function, allows the user to register a request handler function and list of addresses that will be listened on when the eventloop is run.
The request handler function will be called when a DNS requests arrives, with the request in getdns reply dict format.
The request handler may construct a response to the request and eventually has to call getdns_reply() with that response to answer the request (or NULL to cancel).

I will try to provide and example blog post on the website for this functionality shortly.
For now, we have the doxygen documentation and the IETF97 hackathon project delaydns which was using this functionality:

• https://getdnsapi.net/doxygen/group__UServerFunctions.html
• https://github.com/IETF-Hackathon/delaydns

Besides these new functions, we have much improved and more stable and robust scheduling of requests:

• The default event loop, which is also used for synchronous requests, is now based on poll() instead of select() and does not inherit select()'s limits any more.
• The limit on number of outstanding queries, set with the getdns_context_limit_outstanding_queries() function, will now also be obeyed in stub mode.
  This was an ommision from the 1.0.0 release.
• getdns will now queue up requests that could not be scheduled because of resource limitations, to be rescheduled when resources become available again.

We now also have:

• a new modus for stub resolving in which queries are scheduled round robin over the upstreams.
  This can be enabled with the getdns_context_set_round_robin_upstreams() function.
• more fine grained control over how TLS upstreams are retried with the getdns_context_set_tls_backoff_time() and the getdns_context_set_tls_connection_retries() function.
• Much improved doxygen documentation. Have a look here: https://getdnsapi.net/doxygen/

Finally, we have a new draft MDNS-client implementation by Christian Huitema.
To enable it, use the --enable-draft-mdns-client option to configure.

Happy Easter!

ChangeLog

* 2017-04-13: Version 1.1.0
  * bugfix: Check size of tls_auth_name.
  * Improvements that came from Visual Studio static analysis
  * Fix to compile with libressl.  Thanks phicoh.
  * Spelling fixes.  Thanks Andreas Schulze.
  * bugfix: Reschedule request timeout when getting the DNSSEC chain.
  * getdns_context_unset_edns_maximum_udp_payload_size() to reset
    to default IPv4/IPv6 dependent edns max udp payload size.
  * Implement sensible default edns0 padding policy.  Thanks DKG.
  * Keep connections open with sync requests too.
  * Fix of event loops so they do not give up with naked timers with
    windows.  Thanks Christian Huitema.
  * Include peer certificate with DNS-over-TLS in combination with
    the return_call_reporting extension.
  * More fine grained control over TLS upstream retry and back off
    behaviour with getdns_context_set_tls_backoff_time() and
    getdns_context_set_tls_connection_retries().
  * New round robin over the available upstreams feaure.
    Enable with getdns_context_set_round_robin_upstreams()
  * Bugfix: Queue requests when no sockets available for outgoing queries.
  * Obey the outstanding query limit with STUB resolution mode too.
  * Updated stubby config file
  * Draft MDNS client implementation by Christian Huitema.
    Enable with --enable-draft-mdns-support to configure
  * bugfix: Let synchronous queries use fds > MAX_FDSETSIZE;
            By moving default eventloop from select to poll
    Thanks Neil Cook
  * bugfix: authentication failure for self signed cert + only pinset
  * bugfix: issue with session re-use making authentication appear to fail

* 2016-10-19: Version 1.1.0-a2
  * Improved TLS connection management
  * OpenSSL 1.1 support
  * Stubby, Server version of getdns_query that by default listens
    on 127.0.0.1 and ::1 and reads config from /etc/stubby.conf
    and $HOME/.stubby.conf

* 2016-07-14: Version 1.1.0a1
  * Conversion functions from text strings to getdns native types:
    getdns_str2dict(), getdns_str2list(), getdns_str2bindata() and
    getdns_str2int()
  * A getdns_context_config() function that configures a context
    with settings given in a getdns_dict
  * A a getdns_context_set_listen_addresses() function and companion
    getdns_reply() function to construct simple name servers.
  * Relocate getdns_query to src/tools and build by default
  * Enhancements to the logic used to select connection based upstream
    transports (TCP, TLS) to improve robustness and re-use of
    connections/upstreams.