[getdns-api] some early API comments

Joe Hildebrand (jhildebr) jhildebr at cisco.com
Tue Jan 22 10:07:50 MST 2013

On 1/22/13 10:00 AM, "Evan Hunt" <each at isc.org> wrote:

>The short answer is you might *not* want to, and for that matter I might
>not either, but DNS does provide a mechanism for it and IMHO a complete
>API ought to provde access to the mechanism. (Which this one may have
>but I missed it.)

As I thought I said in my last mail, I have no interest in a complete DNS
API.  I want it to be:

- Fast
- Async
- Plain C
- Easy to use
- Able to get "interesting" RRTypes, including ones not yet defined

>More substantively: embedded systems, in particular, may find it desirable
>not to replicate code or work, and may wish to full advantage of a local

Those systems will be p0wnd through the DNS channel with trivial amounts
of work.

>also, I can imagine situations in which an application developer
>could expect updates to be infrequent and wouldn't want to be stuck
>using an outdated or buggy crypto library.

Those developers shouldn't be writing applications.

>Suppose ECDSA-signed DNS
>records come along and your resolver knows how to validate them but
>your application doesn't?  Security's always about tradeoffs.

Then my application doesn't trust those records.  If my users care, I'll
update my software.

Joe Hildebrand

More information about the getdns-api mailing list