First beta release for getdns-1.0.0
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead: |
|
---|---|
tarball | https://getdnsapi.net/dist/getdns-1.0.0b1.tar.gz |
pgp sig | https://getdnsapi.net/dist/getdns-1.0.0b1.tar.gz.asc |
sha256 | 01ca30b4642762e268e2b7b48ff6835212bfc99e0a6f79b57e0fc801f30e776a |
Dear All,
I am very pleased to announce that we have a beta release for version 1.0.0 of getdns
We are now 100% spec complete. The last remaining function from the specification, getdns_context_set_follow_redirects()
, is functional with this release. This release also contains the following improvements and non-spec features:
-
A
dnssec_return_all_statuses
extensionUse this extension if you want to know about DNSSEC status, but you don't want the DNSSEC protection. When this extension is set, all replies will always be included in the response dict, regardless their dnssec status.
When used on its own or in combination with justdnssec_return_status
, it will return BOGUS replies, but those replies will have"dnssec_status": GETDNS_DNSSEC_BOGUS
. The response dict"status"
will beGETDNS_RESPSTATUS_GOOD
then.
When used on in combination withdnssec_return_only_secure,
it will return BOGUS and INSECURE replies (shown in their"dnssec_status"
). The response dict"status"
can be any of the status that thednssec_return_only_secure
extenstion returns, soGETDNS_RESPSTATUS_GOOD
when at least one reply was secure,GETDNS_RESPSTATUS_NO_SECURE_ANSWERS
when all replies were insecure, orGETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS
when all replies were bogus. -
Conversion functions for DNS messages.
With these the unit tests could be adapted so they are not dependent on ldns anymore
-
GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST
default suffix handlingThis makes suffix handling more like what is conventional with system stub behaviour. Suffixes are appended to a name before trying it without suffixes, but only if the name consists of a single label.
-
MS Windows version in 100% working order
- The default event loop, that is also used for synchronous calls, has been renewed. With it, TCP and TLS transports are now also possible on MS Windows.
- The event loop extension (custom or not) will now also be used in recursive lookups (libunbound >= 1.5.9 is needed for this). Because of this it is now also possible to do recursive requests in MS Windows.
- The MS Windows native certificate store will be used with TLS transport and also suffixes are initialized as the system stub is.
Besides these new features and improvements, a few bugs have been fixed. For a complete overview see the ChangeLog below.
We would kindly ask you to review and try out this bete release thoroughly. The 1.0.0 release will follow as soon as we are confident we haven't missed anything and it is ready for production
ChangeLog
* openssl 1.1.0 support
* GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix handling
* getdns_context_set_follow_redirects()
* Read suffix list from registry on Windows
* A dnssec_return_all_statuses extension
* Set root servers without temporary file (libunbound >= 1.5.8 needed)
* Eliminate unit test's ldns dependency
* pkts wireformat <-> getdns_dict <-> string
conversion functions
* Eliminate all side effects when doing sync requests
(libunbound >= 1.5.9 needed)
* Bugfix: Load gost algorithm if digest is seen before key algorithm
Thanks Jelte Janssen
* Bugfix: Respect DNSSEC skew.
* Offline dnssec validation for any given point in time
* Correct return value in documentation for getdns_pretty_print_dict().
Thanks Linus Nordberg
* Bugfix: Don't treat "domain" or "search" as a nameserver.
Thanks Linus Nordberg
* Use the default CA trust store on Windows (for DNS over TLS).
* Propagate eventloop to unbound when unbound has pluggable event loops
(libunbound >= 1.5.9 needed)
* Replace mini_event extension by default_eventloop
* Bugfix: Segfault on NULL pin
* Bugfix: Correct output of get_api_settings
* Bugfix: Memory leak with getdns_get_api_information()
Thanks Robert Groenenberg.