Tue 17 Jan 2017

getdns-1.0.0 release

a0460269c6536501a7c0af9bc97f9339e05a012f8191d5c10f79042aa62f9e96

Announcement:

Dear All,

We are pleased to announce release 1.0.0 of our library implementation of the getdns API. This release implements the "December 2015" specification of the API. With the exception of namespaces (i.e. mDNS), everything in the API specification is implemented in this release. This for us was a clear marker for a 1.0.0 release.

getdns is a modern asynchronous DNS API. It implements DNS entry points from a design developed and vetted by application developers, in an API specification. With the implementation of this API, we intend to offer application developers a modernized and flexible way to access DNS security (DNSSEC) and other powerful new DNS features; a particular hope is to inspire application developers towards innovative security solutions in their applications. The open source C implementation of getdns is developed and maintained in collaboration by NLnet Labs, Sinodun, No Mountain Software and others. This implementation is licensed under the New BSD License.

Since the second beta release of 1.0.0, last July, new functionality has not been added in this branch. All efforts for the 1.0.0 release have been focussed towards testing stability and robustness and proper operation on different platforms.

Alongside this release, we have refactored our website and updated it with an example. It is our intention to add more examples illustrating how to use getdns for common use cases in the future.

Note that this does not mean that we have not worked on new features and functionality. Also in this time we have worked on new features and functionality in the develop branch. A new feature release of getdns will follow shortly (early 2017). It will also contain all the robustness updates that went into 1.0.0, but will introduce only new functionality not in the API specification, primarily enhancements of our implementation of newer DNS specifications such as RFC 7858. and that perhaps has been less thoroughly tested and covered in our unit tests.

Note: if you are a package maintainer, we recommend that you not pick up release 1.0.0 but wait for the first non-beta release of 1.1 in early 2017.

Happy new year!


ChangeLog:
* 2017-01-13: Version 1.0.0
  * edns0_cookies extension enabled by default (per RFC7873)
  * dnssec_roadblock_avoidance enabled by default (per RFC8027)
  * bugfix: DSA support with OpenSSL 1.1.0
  * Initialize OpenSSL just once in a thread safe way
  * Thread safety with arc4random function
  * Improvements that came from Visual Studio static analysis
    Thanks Christian Huitema
  * Conventional RFC3986 IPv6 [address]:port parsing from getdns_query
  * bugfix: OpenSSL 1.1.0 style crypto locking
    Thanks volkommenheit
  * configure tells *which* dependency is missing
  * bugfix: Exclude terminating '\0' from bindata's returned by
    getdns_get_suffix(). Thanks Jim Hague
  * Better README.md.  Thanks Andrew Sullivan

* 2016-07-14: Version 1.0.0b2
  * Collect coverage information from the unit tests
    Thanks Shane Kerr
  * pkg-config for the getdns_ext_event library
    Thanks Tom Pusateri
  * Bugfix: Multiple requests on the same upstream with a transport 
    that keeps connections open in synchronous stub mode.
  * Canonicalized DNSSEC chain with dnssec_return_validation_chain
    (when validated)
  * A dnssec_return_full_validation_chain extension which includes
    then validated resource records.
  * Bugfix: Callbacks fired while scheduling (answer from cache)
    with the unbound plugable event API
  * header extension to set opcode and flags in stub mode
  * Unit tests that cover more code
  * Static checking with the clang analyzer
  * getdns_pretty_print_dict prints dname's as primitives
  * Accept just bindata's instead of address dicts.
    Allow misshing "address_type" in address dicts.
  * TLS session resumption
  * -C <config file> option to getdns_query to configure context 
    from a json like formated file.  The output of -i (print API
    information) can be used as config file directly.
    Settings may also be given in this format as arguments of
    the getdns_query command directly.
  * DNS server mode for getdns_query.  Enable by providing addresses
    to listen on, either by giving "-z <listen address>" options or by
    providing "listen_addresses" in the config file or settings.
  * Bugfixes from deckard testing: CNAME loop protection.
  * "srv_addresses" in response dict with getdns_service()
  * use libbsd when available
    Thanks Guillem Jover
  * Bugfix: DNSSEC wildcard validation issue
  * Bugfix: TLS timeouts not re-using a connection
  * A getdns_context_get_eventloop(), to get the current
    (pluggable) eventloop from context
  * getdns_query now uses the default event loop (instead of custom)
  * Return call_reporting info in case of timeout
    Thanks Robert Groenenberg
  * Bugfix: Build fails with autoconf 2.63, works with 2.68.
    Thanks Robert Groenenberg
  * Doxygen output for getdns.h and getdns_extra.h only
  * Do not call SSL_library_init() from getdns_context_create() when
    the second bit from the set_from_os parameter is set.

* 2016-03-31: Version 1.0.0b1
  * openssl 1.1.0 support
  * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix handling
  * getdns_context_set_follow_redirects()
  * Read suffix list from registry on Windows
  * A dnssec_return_all_statuses extension
  * Set root servers without temporary file (libunbound >= 1.5.8 needed)
  * Eliminate unit test's ldns dependency
  * pkts wireformat <-> getdns_dict <-> string
    conversion functions
  * Eliminate all side effects when doing sync requests
    (libunbound >= 1.5.9 needed)
  * Bugfix: Load gost algorithm if digest is seen before key algorithm
    Thanks Jelte Janssen
  * Bugfix: Respect DNSSEC skew.
  * Offline dnssec validation for any given point in time
  * Correct return value in documentation for getdns_pretty_print_dict().
    Thanks Linus Nordberg
  * Bugfix: Don't treat "domain" or "search" as a nameserver.
    Thanks Linus Nordberg
  * Use the default CA trust store on Windows (for DNS over TLS).
  * Propagate eventloop to unbound when unbound has pluggable event loops
    (libunbound >= 1.5.9 needed)
  * Replace mini_event extension by default_eventloop
  * Bugfix: Segfault on NULL pin
  * Bugfix: Correct output of get_api_settings
  * Bugfix: Memory leak with getdns_get_api_information() 
    Thanks Robert Groenenberg.