[getdns-api] getdns 0.9.0 release candidate

Willem Toorop willem at nlnetlabs.nl
Thu Dec 24 17:07:53 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear All,

We have a candidate for the special Christmas and New Years eve
release, version 0.9.0rc1 of getdns.

This release brings the implementation on par with the December 2015
version of the specification and has (almost) all of the still
remaining functionality from the specification implemented. This
includes respecting the given dns root servers in recursive resolution
modus and TSIG authentication.

Other new features and noteworthy improvements are:

  - Functions to convert getdns_dicts representing resource records to
    and from wire- and zone file format. Also zone files can be read
    into a getdns_list of getdns_dicts representing the resource
    records in that zone file. These lists can then conventiently be
    used with (for example) getdns_context_set_dns_root_servers() and
    getdns_context_set_dnssec_trust_anchors().
  - TCP Fast Open support whenever available on the platform
    (including Mac-OS X (new)).
  - Client side edns-tcp-keepalice support
  - Pinning of upstream certificate's public keys with pinsets
    (with TLS transport)
  - Initial support for Windows

Besides these new functionalities, a few bugs have been fixed.
For a complete overview see the ChangeLog below.

Please review this candidate carefully. If no issues arise the actual
release will follow Thursday the 31th of December 2015.

Marry Christmas!


link: https://getdnsapi.net/dist/getdns-0.9.0rc1.tar.gz
md5 : b5525667b35a0a1b013abe5c49b2b2c1
sha1: 5fe50d706949da22d8c0635b4345ad1a98c4872e
pgp : https://getdnsapi.net/dist/getdns-0.9.0rc1.tar.gz.asc


ChangeLog
=========
  * Update of unofficial extension to the API that supports stub mode
    TLS verification. GETDNS_AUTHENTICATION_ is replaced by
    GETDNS_AUTHENTICATION_REQUIRED (but remains available as an alias).
    Upstreams can now be configured with either a hostname or a SPKI
    pinset for TLS authentication (or both). If the
    GETDNS_AUTHENTICATION_REQUIRED option is used at least one piece of
    authentication information must be configured for each upstream,
    and all the configured authentication
    information for an upstream must validate.
  * Remove STARTTLS implementation (no change to SPEC)
  * Enable TCP Fast Open when possible. Add OSX support for TFO.
  * Rename return_call_debugging to return_call_reporting
  * Bugfix: configure problem with getdns-0.5.1 on OpenBSD
    Thanks Claus Assmann.
  * pkg-config support.  Thanks Neil Cook.
  * Functions to convert from RR dicts to wireformat and text format
    and vice versa.  Including a function that builds a getdns_list
    of RR dicts from a zonefile.
  * Use the with the getdns_context_set_dns_root_servers() function
    provided root servers in recursing resolution modus.
  * getdns_query option (-f) to read a DNSSEC trust anchor from file.
  * getdns_query option (-R) to read a "root hints" file.
  * Bugfix: Detect and prevent duplicate NSEC(3)s to be returned with
    dnssec_return_validation_chain.
  * Bugfix: Remove duplicate RRs from RRsets when DNSSEC verifying
  * Client side edns-tcp-keepalive support
  * TSIG support
  * Verify upstream TLS pubkeys with pinsets; A getdns_query option
    (-K) to attach pinsets to getdns_contexts.
    Thanks Daniel Kahn Gillmor
  * Initial support for Windows.  Thanks Gowri Visweswaran
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWfCZpAAoJEOX4+CEvd6SYWNAP/2jqaFbyZ1safY6mi/H4NFOf
JrFR38URam5zWouvalATxmy/Pxw99A23uVaGamLIemUlB7ARUkLL0NYL+e7R8W7g
TUNIS6ndulVUdb4cgVtfi47wKO/eEicULMHyelFSpXdF6UrCFzUeuzW5wx2fSa8O
zdEdaU+fh0DRpP2j35WDnQ3s0HFkFszR6DGcKqiSTZHlMUWQV7EJpowmuo34CJQl
ih+cHu46qF46sSpXh+Eqc+Xl5ai09CvP7Q8WcgXTTwbNb3SBYZMU5hOKz/o9jseV
PekUFsx3/L4nlsCbRzbGZeTVC25z382I/I/yQOcPQdawY/fHJx3PVHbWt4P0/QlH
YsWTrmFj0q0aPn9zeHf8OnduEkgXJCJgSl/m+OAfSZhslBHRmKHncA529aiBC2KV
fLvBzNfdbxIyWTqDULAMUlprQxQHUYPDrMBs9KT0FS8KHQF4kHRIqWic6NVid5z/
j2Rx8wadIxajzvl8cqP/fJ5L6w9NYmLWt0iDFbosfnNfrF0V82nISeups9rJs9ip
2HDNlZhalOUgQGrvcagpZhSRyKSun8NRYaV8wndHClVWEvl4x8aDC2IBjzZUMlR+
LVjSLubnQF++/4ly4Kf1EDureQwabXtDu62qZO6TktRfy7dSyTjirAIbCEdLMJNV
T6+JGdTd6qcE9W8nZu+r
=Btc8
-----END PGP SIGNATURE-----



More information about the spec mailing list