We have a fast-track single bugfix release of getdns: version 0.3.3.
The native DNSSEC validation, which is part of getdns since version 0.3.0, failed to validate direct
CNAME queries. This affected direct CNAME queries only. Queries that have
CNAME redirections included are not affected. Also the (default)
RECURSING resolution mode is not affected, except when used in combination with the
When a query is done for a valid
CNAME in either
STUB resolution mode or with the
dnssec_return_validation_chain extension, with getdns version 0.3.0, 0.3.1 or 0.3.2, the returned
dnssec_status will be
This release has this issue resolved. A patch for getdns version 0.3.0, 0.3.1 and 0.3.2 is provided here: https://getdnsapi.net/patches/dnssec-cname-query-validation.patch
Because of the smallness of the change, we've decided to bypass a release candidate and do the release immediately.
* 2015-09-09: Version 0.3.3 * Fix clearing upstream events on shutdown * Fix dnssec validation of direct CNAME queries. Thanks Simson L. Garfinkel. * Fix get_api_information():version_string also for release candidates