Releases: getdnsapi/getdns
getdns-0.3.3 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.3.3.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.3.3.tar.gz.asc |
| sha256 | 8a02da5779c3da8d9a7973662ddb5cf19825c2689b48cbc604c536014cca1046 |
Dear All,
We have a fast-track single bugfix release of getdns: version 0.3.3.
The native DNSSEC validation, which is part of getdns since version 0.3.0, failed to validate direct CNAME queries. This affected direct CNAME queries only. Queries that have CNAME redirections included are not affected. Also the (default) RECURSING resolution mode is not affected, except when used in combination with the dnssec_return_validation_chain extension.
When a query is done for a valid CNAME in either STUB resolution mode or with the dnssec_return_validation_chain extension, with getdns version 0.3.0, 0.3.1 or 0.3.2, the returned dnssec_status will be GETDNS_DNSSEC_BOGUS always.
This release has this issue resolved. A patch for getdns version 0.3.0, 0.3.1 and 0.3.2 is provided here: https://getdnsapi.net/patches/dnssec-cname-query-validation.patch
Because of the smallness of the change, we've decided to bypass a release candidate and do the release immediately.
ChangeLog
* Fix clearing upstream events on shutdown
* Fix dnssec validation of direct CNAME queries.
Thanks Simson L. Garfinkel.
* Fix get_api_information():version_string also for release candidates
getdns-0.3.2 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.3.2.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.3.2.tar.gz.asc |
| sha256 | 6944b0d9fd3fd33ee2fcd8e2dc123a3097ac95255092b4a3b8ee36400f85dba7 |
Dear All,
We have a bugfix release of getdns: version 0.3.2. The most prominent fix is fallback handling of statefull transports.
Besides bugfixes, we have two new configure options. With --enable-stub-only getdns will be compiled without libunbound. You can then only use getdns in stub resolution mode and this is also the default resolution mode.
The--with-getdns_query option will build and install the getdns_query tool that is part of the getdns test suite, but might have use cases outside that setting too
ChangeLog
* Fix returned upstreams list by getdns_context_get_api_information()
* Fix some autoconf issues when srcdir != builddir
* Fix remove build date from manpage version for reproducable builds
* Fix transport fallback issues plus transport fallback unit test script
* Fix string bindata's need not contain trailing zero byte
* --enable-stub-only configure option for stub only operation.
Stub mode will be the default. Removes the dependency on libunbound
* --with-getdns_query compiles and installs the getdns_query tool too
* Fix assert on context destruction from a callback in stub mode too
* Use a thread instead of a process for running the unbound event loop
getdns-0.3.1 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.3.1.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.3.1.tar.gz.asc |
| sha256 | 58fd791187d5fd158ba7db1b5f29d4b0274583447f405577c758c7c7751e8883 |
Dear All,
We have an emergency release, version 0.3.1 of getdns. This release fixes a single bug which will cause getdns to hang on querying RR types with repeating rdata fields.
The previous release contained a fix that would allow for empty rdata fields. This happens with the "type bitmap" rdata field with NSEC3 RRs on empty non terminals. Parsing that properly is essential for sound DNSSEC validation. Unfortunately the fix introduced a new bug, which allowed repeating rdata fields to be empty too. Parsing such RR types would lead to an infinite list of empty rdata fields. This emergency release has this fixed.
We apologize our current test suite did not catch this problem. We will address this by extending our test coverage for all supported RR types before next release.
We urgently advise to update the previous version to v0.3.1 immediately.
ChangeLog
* Fix repeating rdata fields
getdns-0.3.0 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.3.0.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.3.0.tar.gz.asc |
| sha256 | b81df685bac9ce1b110199859400f15de2d5d7f377a16d5d194b389d526f3f3c |
Dear All,
I am pleased to announce the special IETF93 edition release: version 0.3.0 of our getdns API implementation.
Besides bugfixes and DNS parameter updates, this release follows the July 2015 version of the API specification, which has a new function to set a list of transports: getdns_context_set_dns_transport_list().
If only one transport value is specified, it will be the only transport used. Should it not be available, basic resolution will fail. Fallback transport options are specified by including multiple values in the list. The values are GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP, GETDNS_TRANSPORT_TLS, or GETDNS_TRANSPORT_STARTTLS. The default is a list containing GETDNS_TRANSPORT_UDP then GETDNS_TRANSPORT_TCP.
Connections for transport options TCP, TLS and STARTTLS will now always be kept open and multiple queries will be pipelined over them. We have a new API function, getdns_context_set_idle_timeout(), with which you can specify how long a connection is kept open when there are no pending queries. The default is 0 milliseconds.
Besides the transports list, this release has improved DNSSEC support. Before, with stub resolution, libunbound was still used (in forwarding mode) when one of the DNSSEC extensions was set. This release has native stub DNSSEC validation on board, so all DNSSEC extensions can now be combined with all features available with stub resolution mode, such as the new transport options, cookies and fine grained control over EDNS0 options.
In the process to realise native stub validation, both the dnssec_return_validation_chain extension and the getdns_validate_dnssec() function have been thoroughly improved.
Before the dnssec_return_validation_chain extension only returned the chain of DS/DNSKEY's starting at the signers name of signatures. Now, the extension will return support records needed to assess all DNSSEC statuses. For example, it will also include the proof of non-existance of a parent DS for INSECURE answers. But also for BOGUS answers, just like with all DNSSEC statuses, everything needed to reassess that DNSSEC status will be included.
The dnssec_return_validation_chain extension will now also try to return a single RRSIG RR per RRset; The one that was used to validate that RRset. This to maximally assist in reassessing the DNSSEC status with the "validation_chain" as support records.
The latest improved behaviour can be viewed live on the "Do a query" page of our website: https://getdnsapi.net/query.html
Complementary to this improvement, the getdns_validate_dnssec() function can now also assess DNSSEC status for RRsets without signatures and even empty replies when given such "validation_chain" as the support_records. The function can now also validate complete replies, taking into account everything that affects the validation process, such as (but not limited to) NSEC3 opt-out evaluation and handling of by DNAME synthesized CNAMEs.
ChangeLog
* Unit test for spurious execute bits. Thanks Paul Wouters.
* Added new transport list options in API. The option is now an ordered
list of GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP,
GETDNS_TRANSPORT_TLS, GETDNS_TRANSPORT_STARTTLS.
* Added new context setting for idle_timeout
* CSYNC RR type
* EDNS0 COOKIE option code set to 10
* dnssec_return_validation_chain for negative and insecure responses.
* dnssec_return_validation_chain return a single RRSIG on each RRSET
(whenever possible)
* getdns_validate_dnssec() accept replies from the replies_tree
* getdns_validate_dnssec() asses negative and insecure responses.
* Native stub dnssec validation
* Implemented getdns_context_set_dnssec_trust_anchors()
* Switch freely between stub and recursive mode
* getdns_query -k shows default trust anchors
* functions and defines to get library and API versions in string
and numeric values: getdns_get_version(), getdns_get_version_number(),
getdns_get_api_version() and getdns_get_api_version_number()
getdns-0.2.0 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.2.0.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.2.0.tar.gz.asc |
| sha256 | 3909ed34dbd416f150178535d2b7eeac7a9f241ee3191ddc084eb0bc7c365a86 |
Dear all,
I am pleased to announce version 0.2.0 of our getdns API implementation.
This release has its intermediate version bumped to indicate that we consider the native stub operation, introduced in version 0.1.6, to be in a mature state.
Besides bug fixes, the DNS over TLS transport option, introduced in the previous version, has been fully incorporated in the native stub module and is now truly asynchronous in all its phases; including the TCP and the TLS handshake.
In addition, a new transport option is introduced with this release: GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN
A list of servers supporting TLS on port 1021 and STARTTLS on port 53 for testing purposes is available on the sinodun portal
ChangeLog
* Fix libversion numbering: Thanks Daniel Kahn Gillmor
* run_once method for the libevent extension
* autoreconf -fi on FreeBSD always, because of newer libtool version
suitable for FreeBSD installs too. Thanks Robert Edmonds
* True asynchronous processing of the new TLS transport options
* GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN
transport option.
* Manpage fixes: Thanks Anthony Kirby
getdns-0.1.8 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.1.8.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.1.8.tar.gz.asc |
| sha256 | bdd672e59a59070941f853b350ac57a17e9cf6a79c8ed0024d82c77dda703879 |
Dear all,
We have a special The Next Web 2015 Hack Battle feature release of our getdns API implementation
This release adds a single feature: DNS over TLS on port 1021.
The feature is offered through two values for use with the getdns_context_set_dns_transport() function: GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN and GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN.
Coming Wednesday and Thursday, the 22th and 23rd of April, the getdns API will be one of the API's available to use in a Hack Battle at The Next Web Conference in Amsterdam.
With this feature release we wish to facilitate and inspire the participants of the Hack Batle with this privacy enhanced way to use the DNS.
Note however that this implementation of DNS over TLS is very much a happy path implementation;
The new transports only work in stub mode.
It is not yet possible to change the port for TLS communication and the TLS handshake currently blocks other outstanding callbacks.
A release that will resolve these issues will follow shortly.
All other transports remain fully asynchronous with no blocking.
Also note that the transport options in the API are under review and are likely to be modified to provide greater flexibility in the near future.
Because of the relative smallness and isolation of the new feature, we deemed it safe to do an immediate release.
ChangeLog
* The GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN and
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN
DNS over TLS transport options.
getdns-0.1.7 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.1.7.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.1.7.tar.gz.asc |
| sha256 | 72f03bf5d0892b7b0c3093df5c30e694ad21202ea36e122efda9ec56b424b37b |
Dear all,
We have a new release, version 0.1.7 of our getdns API implementation.
This release contains bug fixes.
A notable fix is that getdns_address() now schedules AAAA query before the A query.
They were and are queried for simultaneously, but before, the request for the A was put on the wire before the request for the AAAA.
Now this order is flipped.
Besides bug fixes, this release contains the results of a rework shortening the path from wire format to the response dictionary, dramatically decreasing the number of memory allocations and deallocations with each request.
The release also has some improvement functions that are not part of the official API (yet), such as:
-
getter functions for all the context properties
(the API has only setter functions for these properties)
-
output to JSON printer functions:
-
snprintfstyle printer functions:getdns_pretty_snprint_dict(),getdns_pretty_snprint_list(),
getdns_snprint_json_dict() andgetdns_snprint_json_list() -
a function to register a context update callback function including a user defined argument:
-
better method to get the associated text with an getdns error or response code:
These new non-API functions are all documented in doxygen style comments in the getdns_extra.h header file.
Besides these improvement functions, the release also includes a draft implementation of the section 6 and 7 version of draft-ietf-dnsop-cookies-01.txt.
This implementation is compatible with (uses the same opcode as) bind's 9.10's implementation.
You need to specify the --enable-draft-edns-cookies option to compile with this feature.
Using it involves setting a "edns_cookies" extension.
ChangeLog
* Individual getter functions for context settings
* Fix: --with-current-date function to make build deterministically
reproducible (i.e. the GETDNS_COMPILATION_COMMENT define from
getdns.h contains a date value). Thanks Ondřej Surý
* Fix: Include m4 dir in distribution tarball
* Fix: Link build requirements in tests too. Thanks Ondřej Surý
* Fix: Remove executable flags on source files. Thanks Paul Wouters
* Fix: Return "just_address_answers" only when queried for addresses
* Eliminate ldns intermediate wireformat parsing
* The CSYNC RR type
* Fix: canonical_name in response dict returns the canonical name
found after following all CNAMEs
* Implementation of the section 6 and 7 version of
draft-ietf-dnsop-cookies-01.txt for stub resolution. Enable with the
--enable-draft-edns-cookies option to configure. Use it by setting the
edns_cookies extension to GETDNS_EXTENSION_TRUE.
* Pretty printing of lists with:
char *getdns_pretty_print_list(getdns_list *list)
* Output to json format with:
char * getdns_print_json_dict(const getdns_dict *some_dict, int pretty);
char * getdns_print_json_list(const getdns_list *some_list, int pretty);
* snprintf style versions of the dict, list and json print functions.
* Better random number generation with OpenBSD's arc4random
* Let getdns_address schedule the AAAA query first. This results in AAAA
being the first in the just_address_answers sections of the response dict.
* New context update callback function to also return a user given argument
along with the context and which item was changed.
Thanks Scott Hollenbeck.
* Demotivate use of getdns_strerror and expose getdns_get_errorstr_by_id.
Thanks Scott Hollenbeck.
* A getter for context update callback, to allow for chaining update
callbacks.
getdns-0.1.6 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.1.6.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.1.6.tar.gz.asc |
| sha256 | 2024d1a2e68f752b5b197adf6fbd537fc1484d6def33c6122921e3838008a038 |
We have a new release, version 0.1.6 of our getdns API implementation.
This implementation follows the "January 2015" version of the API specification which can be found here: https://getdnsapi.net/spec/
This release is a bug fix and clean up release only.
Several build problems of different nature and for different systems have been resolved.
Most notably the compile failure on OS X introduced in the 0.1.5 release.
The unit tests can now be built and run on OS X too.
It is now possible to build against all the event libraries on FreeBSD, however because of symbol leakage not all combinations are possible.
The general rule is that if libunbound is built with libevent, then getdns may be built with libevent and libuv.
When libunbound is built without libevent, then getdns may be built with libev and libuv.
Furthermore, the manual pages have been updated to be in a format that pleases Debian's Lintian.
Besides this we have a new look for our website: https://getdnsapi.net/
The new look has been built with the bootstrap framework to create "responsive" pages that are suitable to be viewed on many different devices with many different and smaller screen sizes.
ChangeLog
* Fix: linking against libev on FreeBSD
* Fix: Let configure report problem on FreeBSD when configuring with
libevent and libunbound <= 1.4.22 is not compiled with libevent.
* Fix: Build on Mac OS-X
* Fix: Lintian errors in manpages
* Better libcheck detection
* Better portability with UNIX systems
getdns-0.1.5 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.1.5.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.1.5.tar.gz.asc |
| sha256 | e85d414913008f2a89c0099c8ba29d674abb26828d1d710e42cee9304455461b |
Dear all,
We have a new release, version 0.1.5 of our getdns API implementation.
This release includes the features from the API that affect hop-by-hop communication and apply to stub resolution mode.
The "add_opt_parameters" extension from section 3.3 of the spec and all getdns_context_set_edns_* functions from section 8.8 are now implemented.
The GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN transport mode is also implemented with this release.
IPv6 link-local with scope_id upstreams are now supported, both in /etc/resolv.conf as via getdns_context_set_upstream_recursive_servers().
In addition, TCP Fast open is available as an optional feature (linux only). This mechanism enables data exchange during TCP's initial handshake and in doing so it decreases application network latency by one full round-trip time.
To enable these features we have done a major internal rework.
Before, we used libunbound for both stub and recursive mode, but to get the amount of control needed for the hop-by-hop communication features we had to implement stub resolution independently.
For this task we also needed to review and refine our extensible event loop mechanism so it is able to handle events for multiple simultaneous connections.
(This was handled internally by libunbound before)
As a consequence, this release is binary incompatible with respect to the extensible event loop mechanism.
The getdns_context_fd() function that facilitated asynchronous processing based on select is no longer available.
Instead, getdns_context_run() should be used to perform blocking asynchronous processing.
The getdns_context_process_async() and getdns_context_get_num_pending_requests() functions remain for asynchronous processing in non-blocking fashion.
Besides our own three event loop extensions shipped alongside the library (for libevent, libev and libuv) we are aware of only one software package affected by this: the nodejs bindings.
A new release of the nodejs bindings fitting this release will follow shortly.
The internal rework has many improvements as a consequence.
Many implementation details that previously had specific code paths for the different modus operandi (i.e. sync/recursive, sync/stub, async/recursive and async stub) could be merged, resulting in a more consistent and easier to maintain code base.
Consequences can already be seen in the simultaneous querying for IPv4 and IPv6 addresses and the more consistent handling of name spaces, plus the possibility to alter name space evaluation order even after a context has been used to sent out a query.
Note that stub resolution will still use libunbound if any of the DNSSEC extensions are into play.
Performing stub validation independently from libunbound is on the road map for the next release.
Besides these features, many bugs have been fixed with this release.
ChangeLog
* Unit tests for transport settings
* Fix: adhere to set maximum UDP payload size
* API change: when no maximum UDP payload size is set, outgoing
values will adhere to the suggestions in RFC 6891 and may follow
a scheme that uses multiple values to maximize receptivity.
* Stub mode use 1232 maximum UDP payload size when connecting to an
IPv6 upstreams and 1432 with an IPv4 upstream.
* Evaluate namespaces (or not) on a per query basis
* GETDNS_NAMESPACE_LOCALNAMES namespace now gives just_address_answers
only and does not mimic a DNS packet answer anymore
* The add_opt_parameters extension
* IPv6 scope_id support with link-local addresses. Both with parsing
/etc/resolv.conf and by providing them explicitly via
getdns_context_set_upstream_recursive_servers
* Query for A and AAAA simultaneously with return_both_v4_and_v6
* GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN DNS transport
* Fix: Answers without RRs in query secion (i.e. REFUSED)
* Fix: Return empty response dict on timeout in async mode too
* Move spec examples to spec subdirectory
* Fix issue#76: Setting UDP Payload size below 512 should not error
* Fix: Include OPT RR in response dict always (even without options)
* TCP Fast open support (linux only).
Enable with the --enable-tcp-fastopen configure option
* Bump library version because of binary API change
getdns-0.1.4 release
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
|---|---|
| tarball | https://getdnsapi.net/dist/getdns-0.1.4.tar.gz |
| pgp sig | https://getdnsapi.net/dist/getdns-0.1.4.tar.gz.asc |
| sha256 | 0ee7ce7042487d017b04143a1c3e59fe69366e15a796ad4804822f5d48d33263 |
Dear all,
I am pleased to announce version 0.1.4 of our getdns API implementation.
This is primarily a bugfix release.
ChangeLog
* Synchronous resolves now respect timeout setting,
* On timeout *_sync functions now return GETDNS_RETURN_GOOD and a
response dict with "status" GETDNS_RESPSTATUS_ALL_TIMEOUT>
* Fix issue#50: getdns_dict_remove_name returns GETDNS_RETURN_GOOD on
success.
* Fix Issue#54: set_ub_dns_transport() not working
* Fix Issue#49: Typo in documentation (thanks Stephane Bortzmeyer)
* getdns_context_set_limit_outstanding_queries(),
getdns_context_set_dnssec_allowed_skew() and
getdns_context_set_edns_maximum_udp_payload_size() now working
* <rr>_unknown rdata field for unknown or unsupported RR types
* Temporarily disable timeout unit test 3 because of
unpredictable results
* Spec updated to version 0.507
* Renamed "resolver_type" to "resolution_type" in dict returned from
getdns_context_get_api_information()
* Added GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS return code for with the
dnssec_return_only_secure extension
* Added support for CDS and CDNSKEY RR types, but needs ldns > 1.6.17
to be able to parse the wire format
(not released yet at time of writing)
* Added OPENPGPKEY RR type, but no rdata fields implementation yet
* Updated spec to version 0.508 (September 2014)
* Also chase NSEC and NSEC3 RRSIGs with dnssec_return_validation_chain