Thu 31 Mar 2016  

getdns-1.0.0b1 release



Dear All,

I am very pleased to announce that we have a beta release for version 1.0.0 of getdns

We are now 100% spec complete. The last remaining function from the specification, getdns_context_set_follow_redirects(), is functional with this release. This release also contains the following improvements and non-spec features:

A dnssec_return_all_statuses extension
Use this extension if you want to know about DNSSEC status, but you don't want the DNSSEC protection. When this extension is set, all replies will always be included in the response dict, regardless their dnssec status.
When used on its own or in combination with just dnssec_return_status, it will return BOGUS replies, but those replies will have "dnssec_status": GETDNS_DNSSEC_BOGUS. The response dict "status" will be GETDNS_RESPSTATUS_GOOD then.
When used on in combination with dnssec_return_only_secure, it will return BOGUS and INSECURE replies (shown in their "dnssec_status"). The response dict "status" can be any of the status that the dnssec_return_only_secure extenstion returns, so GETDNS_RESPSTATUS_GOOD when at least one reply was secure, GETDNS_RESPSTATUS_NO_SECURE_ANSWERS when all replies were insecure, or GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS when all replies were bogus.
Conversion functions for DNS messages.
With these the unit tests could be adapted so they are not dependent on ldns anymore
This makes suffix handling more like what is conventional with system stub behaviour. Suffixes are appended to a name before trying it without suffixes, but only if the name consists of a single label.
MS Windows version in 100% working order
The default event loop, that is also used for synchronous calls, has been renewed. With it, TCP and TLS transports are now also possible on MS Windows.
The event loop extension (custom or not) will now also be used in recursive lookups (libunbound >= 1.5.9 is needed for this). Because of this it is now also possible to do recursive requests in MS Windows.
The MS Windows native certificate store will be used with TLS transport and also suffixes are initialized as the system stub is.

Besides these new features and improvements, a few bugs have been fixed. For a complete overview see the ChangeLog below.

We would kindly ask you to review and try out this bete release thoroughly. The 1.0.0 release will follow as soon as we are confident we haven't missed anything and it is ready for production

* 2016-??-??: Version 1.0.0
  * openssl 1.1.0 support
  * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix handling
  * getdns_context_set_follow_redirects()
  * Read suffix list from registry on Windows
  * A dnssec_return_all_statuses extension
  * Set root servers without temporary file (libunbound >= 1.5.8 needed)
  * Eliminate unit test's ldns dependency
  * pkts wireformat <-> getdns_dict <-> string
    conversion functions
  * Eliminate all side effects when doing sync requests
    (libunbound >= 1.5.9 needed)
  * Bugfix: Load gost algorithm if digest is seen before key algorithm
    Thanks Jelte Janssen
  * Bugfix: Respect DNSSEC skew.
  * Offline dnssec validation for any given point in time
  * Correct return value in documentation for getdns_pretty_print_dict().
    Thanks Linus Nordberg
  * Bugfix: Don't treat "domain" or "search" as a nameserver.
    Thanks Linus Nordberg
  * Use the default CA trust store on Windows (for DNS over TLS).
  * Propagate eventloop to unbound when unbound has pluggable event loops
    (libunbound >= 1.5.9 needed)
  * Replace mini_event extension by default_eventloop
  * Bugfix: Segfault on NULL pin
  * Bugfix: Correct output of get_api_settings
  * Bugfix: Memory leak with getdns_get_api_information() 
    Thanks Robert Groenenberg.