[getdns-users] getdns 0.9.0 release candidate

Willem Toorop willem at nlnetlabs.nl
Thu Dec 24 17:07:58 UTC 2015

Hash: SHA256

Dear All,

We have a candidate for the special Christmas and New Years eve
release, version 0.9.0rc1 of getdns.

This release brings the implementation on par with the December 2015
version of the specification and has (almost) all of the still
remaining functionality from the specification implemented. This
includes respecting the given dns root servers in recursive resolution
modus and TSIG authentication.

Other new features and noteworthy improvements are:

  - Functions to convert getdns_dicts representing resource records to
    and from wire- and zone file format. Also zone files can be read
    into a getdns_list of getdns_dicts representing the resource
    records in that zone file. These lists can then conventiently be
    used with (for example) getdns_context_set_dns_root_servers() and
  - TCP Fast Open support whenever available on the platform
    (including Mac-OS X (new)).
  - Client side edns-tcp-keepalice support
  - Pinning of upstream certificate's public keys with pinsets
    (with TLS transport)
  - Initial support for Windows

Besides these new functionalities, a few bugs have been fixed.
For a complete overview see the ChangeLog below.

Please review this candidate carefully. If no issues arise the actual
release will follow Thursday the 31th of December 2015.

Marry Christmas!

link: https://getdnsapi.net/dist/getdns-0.9.0rc1.tar.gz
md5 : b5525667b35a0a1b013abe5c49b2b2c1
sha1: 5fe50d706949da22d8c0635b4345ad1a98c4872e
pgp : https://getdnsapi.net/dist/getdns-0.9.0rc1.tar.gz.asc

  * Update of unofficial extension to the API that supports stub mode
    TLS verification. GETDNS_AUTHENTICATION_ is replaced by
    GETDNS_AUTHENTICATION_REQUIRED (but remains available as an alias).
    Upstreams can now be configured with either a hostname or a SPKI
    pinset for TLS authentication (or both). If the
    GETDNS_AUTHENTICATION_REQUIRED option is used at least one piece of
    authentication information must be configured for each upstream,
    and all the configured authentication
    information for an upstream must validate.
  * Remove STARTTLS implementation (no change to SPEC)
  * Enable TCP Fast Open when possible. Add OSX support for TFO.
  * Rename return_call_debugging to return_call_reporting
  * Bugfix: configure problem with getdns-0.5.1 on OpenBSD
    Thanks Claus Assmann.
  * pkg-config support. Thanks Neil Cook.
  * Functions to convert from RR dicts to wireformat and text format
    and vice versa. Including a function that builds a getdns_list
    of RR dicts from a zonefile.
  * Use the with the getdns_context_set_dns_root_servers() function
    provided root servers in recursing resolution modus.
  * getdns_query option (-f) to read a DNSSEC trust anchor from file.
  * getdns_query option (-R) to read a "root hints" file.
  * Bugfix: Detect and prevent duplicate NSEC(3)s to be returned with
  * Bugfix: Remove duplicate RRs from RRsets when DNSSEC verifying
  * Client side edns-tcp-keepalive support
  * TSIG support
  * Verify upstream TLS pubkeys with pinsets; A getdns_query option
    (-K) to attach pinsets to getdns_contexts.
    Thanks Daniel Kahn Gillmor
  * Initial support for Windows. Thanks Gowri Visweswaran
Version: GnuPG v2


More information about the Users mailing list