[getdns-api] some early API comments
Joe Hildebrand (jhildebr)
jhildebr at cisco.com
Tue Jan 22 10:07:50 MST 2013
On 1/22/13 10:00 AM, "Evan Hunt" <each at isc.org> wrote:
>The short answer is you might *not* want to, and for that matter I might
>not either, but DNS does provide a mechanism for it and IMHO a complete
>DNS
>API ought to provde access to the mechanism. (Which this one may have
>done,
>but I missed it.)
As I thought I said in my last mail, I have no interest in a complete DNS
API. I want it to be:
- Fast
- Async
- Plain C
- Easy to use
- Able to get "interesting" RRTypes, including ones not yet defined
>More substantively: embedded systems, in particular, may find it desirable
>not to replicate code or work, and may wish to full advantage of a local
>cache;
Those systems will be p0wnd through the DNS channel with trivial amounts
of work.
>also, I can imagine situations in which an application developer
>could expect updates to be infrequent and wouldn't want to be stuck
>using an outdated or buggy crypto library.
Those developers shouldn't be writing applications.
>Suppose ECDSA-signed DNS
>records come along and your resolver knows how to validate them but
>your application doesn't? Security's always about tradeoffs.
Then my application doesn't trust those records. If my users care, I'll
update my software.
--
Joe Hildebrand
More information about the getdns-api
mailing list