[getdns-api] getdns 0.3.0 release candidate

[Mankin, Allison]

Fantastic 



> On Jul 10, 2015, at 06:06, Willem Toorop <willem at nlnetlabs.nl> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Dear All,
> 
> I am pleased to announce the special IETF93 edition release candidate
> for version 0.3.0 of our getdns API implementation.
> 
> Besides bugfixes and DNS parameter updates, this release follows the
> (yes to be published, but within the tarball) updated version of the
> API, which has a new function to set a list of transports:
> getdns_context_set_dns_transport_list().
> 
> If only one transport value is specified, it will be the only
> transport used.  Should it not be available, basic resolution will
> fail.  Fallback transport options are specified by including multiple
> values in the list.  The values are GETDNS_TRANSPORT_UDP,
> GETDNS_TRANSPORT_TCP, GETDNS_TRANSPORT_TLS, or
> GETDNS_TRANSPORT_STARTTLS. The default is a list containing
> GETDNS_TRANSPORT_UDP then GETDNS_TRANSPORT_TCP.
> 
> Also, for transport options TCP, TLS and STARTTLS, the connection will
> now always be tried to be kept open and multiple queries will be
> pipelined over it.  When there are no pending queries, the connection
> is not closed for a period of time that can be specified with the new
> API function: getdns_context_set_idle_timeout().
> 
> Besides these new transport options, the release has improved DNSSEC
> support.  Before, when using stub resolution mode, libunbound was
> still used (in forwarding mode) when one of the DNSSEC extensions was
> set.  This release has native stub DNSSEC validation on board, so all
> DNSSEC extensions can now be combined with all the other hob-by-hob
> communication features available with stub resolution mode, such as
> the new transport options, cookies and fine grained control over EDNS0
> options.
> 
> To realise native stub validation, both the
> dnssec_return_validation_chain extension and the
> getdns_validate_dnssec() function have been thoroughly improved.
> 
> Before the dnssec_return_validation_chain extension only returned the
> chain of DS/DNSKEY's starting at the signers name of the signatures in
> the answer and authority section of the request.  Now, the extension
> will also return the support records needed to asses the DNSSEC status
> of replies without signatures, and even for replies without any RR's
> at all.  Note that even an empty packet may be BOGUS or INSECURE
> depending on the proof of non-existence of the DS of the zone for the
> request of one of its parents.
> 
> Also, the dnssec_return_validation_chain extension will try to return
> a single RRSIG RR per RRset.  The one that it has used itself to asses
> the DNSSEC status of the RRset.  This to alleviate the eventual
> validation effort that will be done with the chain.
> 
> Note that the improved behaviour can be viewed live on the "Do a
> query" page of our website: https://getdnsapi.net/query.html
> 
> Complementary to this improvement, the getdns_validate_dnssec()
> function can now also asses DNSSEC status for RRsets without
> signatures and even empty replies when given such "validation_chain"
> as the support_records.  As the record_to_validate parameter, complete
> replies may now be given.  It will deal with everything needed to
> correctly asses DNSSEC status for a reply, such as (but not limited
> to) NSEC3 opt-out evaluation and handling of by DNAME synthesized CNAMEs.
> 
> Note that this is a release candidate.  It is distributed for you to
> review before we do an actual release.  Please review this candidate
> carefully.  If no issues arise the actual 0.3.0 release will follow
> over one week on the seventeenth of July 2015.
> 
> 
> link   : https://getdnsapi.net/dist/getdns-0.3.0rc1.tar.gz
> md5    : 27a1100d5d5d70c087b79109d1109ef3
> sha1   : d79db12590109c826f627417da1b480f67c3839c
> pgp sig: https://getdnsapi.net/dist/getdns-0.3.0rc1.tar.gz.asc
> 
> 
> ChangeLog
> =========
> * 2015-07-??: Version 0.3.0
>  * Unit test for spurious execute bits.  Thanks Paul Wouters.
>  * Added new transport list options in API. The option is now an
>    ordered list of GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP,
>    GETDNS_TRANSPORT_TLS, GETDNS_TRANSPORT_STARTTLS.
>  * Added new context setting for idle_timeout
>  * CSYNC RR type
>  * EDNS0 COOKIE option code set to 10
>  * dnssec_return_validation_chain for negative and insecure responses.
>  * dnssec_return_validation_chain return a single RRSIG on each RRSET
>    (whenever possible)
>  * getdns_validate_dnssec() accept replies from the replies_tree
>  * getdns_validate_dnssec() asses negative and insecure responses.
>  * Native stub dnssec validation
>  * Implemented getdns_context_set_dnssec_trust_anchors()
>  * Switch freely between stub and recursive mode
>  * getdns_query -k shows default trust anchors
>  * functions and defines to get library and API versions in string and
>    numeric values: getdns_get_version(), getdns_get_version_number(),
>    getdns_get_api_version() and getdns_get_api_version_number()
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBAgAGBQJVn5isAAoJEOX4+CEvd6SYN+QQAKQbzypjPpho4o+ywLn3+oz5
> D4ASJVK8nCEbQF5OSdHEjkIH28r9CrxaVH+2E/00VpiCgSe/TwGTMo2s+Tl3R+eK
> /OaYd82E2vS6LTHcINwi5ORVvuo0eIhINoTExjNPGiQW08HtKiLCg5plNR7aUU9n
> yoAK8+LWlLCq9syGMv5rNGl14l+chgutBZjYpmGQyw3th+ErE7IT7hR+8GrI1RXs
> MKCA4nZX7pGe8HFOCDApQJj7yd5ct2NCfAlDGyAkr7tSW2px4zEvbIZ6zRWfSS97
> mrrH2YOMtRNHDjdKoc1zDF3gCfROS4cVlih9QNseA7rng8tuDI0yqOiqhGvSyedo
> jcj4CvM4WllHB986ZSdrFloYJPA+ys5cuKGAQiYTxuX/4Zw0dTetkmEZDyrtn9bd
> Hxn0kDsYmKdzNBfkL5PUGp0FC9erZuoau9Xn8Py2FUo/cP++V84gZf40E+7pcyZ8
> WMNccd6TYBNX0EJDiT7ub01oSGmwV3ohnZ1fthL505KYi02tKtXoNj+rijx8Ofbj
> H4P74Br22HQ6P6PmsA81zlhSb1owfcSHEt/l0qXIOK04yu3mxw0moGc1DPEqSTgw
> B18Ri3jrv2xYFeO3gGpc7rDK6fmBN6WOtla1pTrYXlERsmrNW9zz3kGmrMRmltUq
> CwLirQR7KDMe36QVQvOy
> =jXr6
> -----END PGP SIGNATURE-----
> _______________________________________________
> getdns-api mailing list
> getdns-api at vpnc.org
>