From willem at nlnetlabs.nl Thu Jul 14 21:09:36 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 14 Jul 2016 23:09:36 +0200 Subject: [getdns-api] Todays getdns releases Message-ID: <5787FF90.7060009@nlnetlabs.nl> Dear All, This email is to outline the content of two getdns releases made today: 1.0.0b2 - a second beta release for version 1.0.0 of getdns 1.1.0a1 - an alpha release for a new feature release, version 1.1.0 of getdns The specifics of the release will be in the separate release announcements, but here we discuss more generally some of the background work that has been going in lately. Testing ----------- Since the 1.0.0b1 release our efforts have been concentrated on assessing the library to make sure that the final 1.0.0 release will be production ready and minimise the number of known issues and omissions. To this end we have been measuring coverage of the code base and we have also been evaluating the behaviour of the library with Deckard, the DNS software testing tool developed at CZ.NIC. (Both methods were first introduced by Shane Kerr as part of his IETF95 hackathon project). This work is still ongoing. getdns_query ------------ getdns_query was originally developed as a test tool. In order to evaluate the getdns library with Deckard, we had to provide it as a (configurable) DNS server and so we extended the getdns_query test tool in order to facilitate this. In 1.0: * The getdns_context used by getdns_query can now also be configured with the help of a configuration file (given with the -C option). The configuration file format is the JSON like format that it is returned by the getdns_pretty_print_*() functions. The pretty printed version of the getdns_dict returned by getdns_context_get_api_information() can be used as a configuration file directly, but a less verbose form is also accepted. * getdns_query can now answer DNS requests through the library configured with command line options or config file, by providing the IP(6) addresses to listen on either with an -z command line option or by specifying them in the configuration file. While working on this functionality for getdns_query, we realised that such features would be convenient for the application developer too, however to minimise disruption in 1.0 we chose to make the significant changes needed in 1.1. Therefore in the 1.1 release: getdns_query is promoted to be a a first class citizen of the getdns suite and it is relocated to src/tools and built by default. The 1.1 release contains function prototypes (prototyped in getdns_query) to the library user to enable easy configuration and use as a DNS server. More information and example configuration files can be found here https://getdnsapi.net/getdns_query.html Documentation ?????????? We now have a preliminary documentation available in doxygen, which can be built locally using ?make doc? or viewed on line at https://getdnsapi.net/doxygen/ and https://getdnsapi.net/doxygen-1.1/ . This provides details of both the Official getdns API and the 'Additional? API (see the ?Modules? page). The Additional API specifies the additional functionality that this implementation offers to supplement that in the official getdns API and is available in the getdns_extras.h file. Some additions are convenient utility functions but other functionality is experimental prior to be being recommended for inclusion in the official API. This documentation is also a work in progress. 1.1 release ?????????????? Apart from the changes to getdns_query, the major updates in the 1.1.0a1 release compared to 1.0.0b1 are new functions to convert text strings to the getdns native types, configure a context directly from a configuration file and register listen addresses. It also enhances the handling of upstreams for stub mode. More details are in the 1.1 release note. DNS64 functionality and the addition of new error codes will be added in a later release. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From willem at nlnetlabs.nl Thu Jul 14 21:21:20 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 14 Jul 2016 23:21:20 +0200 Subject: [getdns-api] getdns 1.0.0b2 release Message-ID: <57880250.2050808@nlnetlabs.nl> We are please to announce a second beta release of getdns 1.0.0 is available for testing. Updates: * RFC2782 style ordering of SRV resource records after a call to getdns_service() is now implemented (was missing from the previous beta release). * The DNSSEC authentication chain returned by using the dnssec_return_validation_chain extension, will now be in canonicalized from and order * A new extension dnssec_return_full_validation_chain that will return the DNSSEC authentication chain in canonicalized form and order, including the authenticated resource record set. * The return_call_reporting extension will also report on tried upstreams with timeouts * A new getdns_context_get_eventloop() companion function to the already existing getdns_context_set_evenloop() function, that will allow applications postpone the choice for a specific event library or use the getdns default eventloop for their own I/O. * More leniency in what to accept as an representation for IP and IPv6 addresses (i.e. missing address_type keys in the dict, or just the bindate without the dict container). * Significant improvements to the getdns_query test tool including option to use as a daemon listening on a specified address and option to configure getdns_query via a configuration file. For more details see https://getdnsapi.net/getdns_query.html * API and Additional API information for this implementation is now available in doxygen format which can be generated using make doc. Bugfixes: * An issue with DNSSEC wildcard validation * An issue with CNAME loop protection in generating the response dicts * Correct processing of callbacks that are fired before the scheduling call has returned * Correct processing of multiple requests on an open state-full transport * Correctly reusing a TLS transport after a request on it timed out Documentation is available at: * getdns API documentation: https://getdnsapi.net/spec.html * getdns doxygen: https://getdnsapi.net/doxygen/ * getdns_query documentation: https://getdnsapi.net/getdns_query.html We would kindly ask that you review and try out this beta release thoroughly. Depending on feedback, we hope to have a production release available in early October. link: https://getdnsapi.net/dist/getdns-1.0.0b2.tar.gz md5 : a7d883ec4cd04bdb21f4ca7436c51d93 sha1: 6faa530cdb5808362d118ece6000bef6e881af0d pgp : https://getdnsapi.net/dist/getdns-1.0.0b2.tar.gz.asc ChangeLog ========= * 2016-07-14: Version 1.0.0b2 * Collect coverage information from the unit tests Thanks Shane Kerr * pkg-config for the getdns_ext_event library Thanks Tom Pusateri * Bugfix: Multiple requests on the same upstream with a transport that keeps connections open in synchronous stub mode. * Canonicalized DNSSEC chain with dnssec_return_validation_chain (when validated) * A dnssec_return_full_validation_chain extension which includes then validated resource records. * Bugfix: Callbacks fired while scheduling (answer from cache) with the unbound plugable event API * header extension to set opcode and flags in stub mode * Unit tests that cover more code * Static checking with the clang analyzer * getdns_pretty_print_dict prints dname's as primitives * Accept just bindata's instead of address dicts. Allow misshing "address_type" in address dicts. * TLS session resumption * -C option to getdns_query to configure context from a json like formated file. The output of -i (print API information) can be used as config file directly. Settings may also be given in this format as arguments of the getdns_query command directly. * DNS server mode for getdns_query. Enable by providing addresses to listen on, either by giving "-z " options or by providing "listen_addresses" in the config file or settings. * Bugfixes from deckard testing: CNAME loop protection. * "srv_addresses" in response dict with getdns_service() * use libbsd when available Thanks Guillem Jover * Bugfix: DNSSEC wildcard validation issue * Bugfix: TLS timeouts not re-using a connection * A getdns_context_get_eventloop(), to get the current (pluggable) eventloop from context * getdns_query now uses the default event loop (instead of custom) * Return call_reporting info in case of timeout Thanks Robert Groenenberg * Bugfix: Build fails with autoconf 2.63, works with 2.68. Thanks Robert Groenenberg * Do not call SSL_library_init() from getdns_context_create() when the second bit from the set_from_os parameter is set. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From willem at nlnetlabs.nl Thu Jul 14 21:38:15 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 14 Jul 2016 23:38:15 +0200 Subject: [getdns-api] getdns 1.1.0a1 release Message-ID: <57880647.9050208@nlnetlabs.nl> We are please to announce an alpha release of getdns 1.1.0 is being made available for early testing of a subset of features planned for this release. Updates: * getdns_query is promoted to be a a first class citizen. It is relocated src/tools and built and installed by default. * The 1.1 release exposes several function prototypes (prototyped in getdns_query) to the library user. Details can be found in the 1.1 doxygen documentation for: * functions to convert text strings to the getdns native types: getdns_str2dict(), getdns_str2dict(), getdns_str2bindata() and getdns_str2int(). The expected input is similar to JSON. * a getdns_context_config() function that configures a context with settings provided in a getdns_dict. This can reduce the amount of code needed to setup a context in a C program. It also facilitates default values for extensions and allows the trust anchor and root servers to be read from files directly. * a getdns_context_set_listen_addresses() function, that allows the user to register a request handler function and list of addresses that will be listened on when the eventloop is run. The request handler function will be called when a DNS requests arrives, with the request in getdns reply dict format. The request handler may construct a response to the request and eventually has to call getdns_reply() with that response (or NULL to cancel) to answer the request. * Enhancements to the logic used to select connection based upstream transports (TCP, TLS) to improve robustness and re-use of connections/upstreams. This facilitates using getdns locally as a DNS-over-TLS stub resolver. Documentation is available at: * getdns API documentation: https://getdnsapi.net/spec.html * getdns doxygen: https://getdnsapi.net/doxygen-1.1/ * getdns as a DNS-over-TLS local stub resolver: https://portal.sinodun.com/wiki/display/TDNS/DNS+Privacy+daemon link: https://getdnsapi.net/dist/getdns-1.1.0a1.tar.gz md5 : 0721b35c36d407812f59336158829e39 sha1: 10590bdb6db83970b516afca2a91641281834bb3 pgp : https://getdnsapi.net/dist/getdns-1.1.0a1.tar.gz.asc ChangeLog ========= * 2016-07-14: Version 1.1.0a1 * Conversion functions from text strings to getdns native types: getdns_str2dict(), getdns_str2list(), getdns_str2bindata() and getdns_str2int() * A getdns_context_config() function that configures a context with settings given in a getdns_dict * A a getdns_context_set_listen_addresses() function and companion getdns_reply() function to construct simple name servers. * Relocate getdns_query to src/tools and build by default * Enhancements to the logic used to select connection based upstream transports (TCP, TLS) to improve robustness and re-use of connections/upstreams. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Jul 15 16:40:53 2016 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 15 Jul 2016 18:40:53 +0200 Subject: [getdns-api] getdns 1.0.0b2 release In-Reply-To: <57880250.2050808@nlnetlabs.nl> References: <57880250.2050808@nlnetlabs.nl> Message-ID: <87twfq7t2i.fsf@alice.fifthhorseman.net> Hi Willem-- On Thu 2016-07-14 23:21:20 +0200, Willem Toorop wrote: > We are please to announce a second beta release of getdns 1.0.0 is > available for testing. Thanks for this! I've just uploaded getdns 1.0.0~b2-1 to debian unstable. Hopefully it will be available for download from the apt repository soon after it makes it through the autobuilders [0]. Any suggestions for what you want done with the 1.1.0a1 release? I could upload it to debian experimental if you think it would be useful, but i'm leaning toward focusing on 1.0.0 for the moment. --dkg [0] their status will show up here: https://buildd.debian.org/status/logs.php?arch=&pkg=getdns -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 948 bytes Desc: not available URL: