Wed 09 Sep 2015  

getdns-0.3.3 release

8a02da5779c3da8d9a7973662ddb5cf19825c2689b48cbc604c536014cca1046

Announcement:

Dear All,

We have a fast-track single bugfix release of getdns: version 0.3.3.

The native DNSSEC validation, which is part of getdns since version 0.3.0, failed to validate direct CNAME queries. This affected direct CNAME queries only. Queries that have CNAME redirections included are not affected. Also the (default) RECURSING resolution mode is not affected, except when used in combination with the dnssec_return_validation_chain extension.

When a query is done for a valid CNAME in either STUB resolution mode or with the dnssec_return_validation_chain extension, with getdns version 0.3.0, 0.3.1 or 0.3.2, the returned dnssec_status will be GETDNS_DNSSEC_BOGUS always.

This release has this issue resolved. A patch for getdns version 0.3.0, 0.3.1 and 0.3.2 is provided here: https://getdnsapi.net/patches/dnssec-cname-query-validation.patch

Because of the smallness of the change, we've decided to bypass a release candidate and do the release immediately.


ChangeLog:
* 2015-09-09: Version 0.3.3
  * Fix clearing upstream events on shutdown
  * Fix dnssec validation of direct CNAME queries.
    Thanks Simson L. Garfinkel.
  * Fix get_api_information():version_string also for release candidates