[getdns-users] getdns 0.9.0 release candidate
Willem Toorop
willem at nlnetlabs.nl
Thu Dec 24 17:07:58 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear All,
We have a candidate for the special Christmas and New Years eve
release, version 0.9.0rc1 of getdns.
This release brings the implementation on par with the December 2015
version of the specification and has (almost) all of the still
remaining functionality from the specification implemented. This
includes respecting the given dns root servers in recursive resolution
modus and TSIG authentication.
Other new features and noteworthy improvements are:
- Functions to convert getdns_dicts representing resource records to
and from wire- and zone file format. Also zone files can be read
into a getdns_list of getdns_dicts representing the resource
records in that zone file. These lists can then conventiently be
used with (for example) getdns_context_set_dns_root_servers() and
getdns_context_set_dnssec_trust_anchors().
- TCP Fast Open support whenever available on the platform
(including Mac-OS X (new)).
- Client side edns-tcp-keepalice support
- Pinning of upstream certificate's public keys with pinsets
(with TLS transport)
- Initial support for Windows
Besides these new functionalities, a few bugs have been fixed.
For a complete overview see the ChangeLog below.
Please review this candidate carefully. If no issues arise the actual
release will follow Thursday the 31th of December 2015.
Marry Christmas!
link: https://getdnsapi.net/dist/getdns-0.9.0rc1.tar.gz
md5 : b5525667b35a0a1b013abe5c49b2b2c1
sha1: 5fe50d706949da22d8c0635b4345ad1a98c4872e
pgp : https://getdnsapi.net/dist/getdns-0.9.0rc1.tar.gz.asc
ChangeLog
=========
* Update of unofficial extension to the API that supports stub mode
TLS verification. GETDNS_AUTHENTICATION_ is replaced by
GETDNS_AUTHENTICATION_REQUIRED (but remains available as an alias).
Upstreams can now be configured with either a hostname or a SPKI
pinset for TLS authentication (or both). If the
GETDNS_AUTHENTICATION_REQUIRED option is used at least one piece of
authentication information must be configured for each upstream,
and all the configured authentication
information for an upstream must validate.
* Remove STARTTLS implementation (no change to SPEC)
* Enable TCP Fast Open when possible. Add OSX support for TFO.
* Rename return_call_debugging to return_call_reporting
* Bugfix: configure problem with getdns-0.5.1 on OpenBSD
Thanks Claus Assmann.
* pkg-config support. Thanks Neil Cook.
* Functions to convert from RR dicts to wireformat and text format
and vice versa. Including a function that builds a getdns_list
of RR dicts from a zonefile.
* Use the with the getdns_context_set_dns_root_servers() function
provided root servers in recursing resolution modus.
* getdns_query option (-f) to read a DNSSEC trust anchor from file.
* getdns_query option (-R) to read a "root hints" file.
* Bugfix: Detect and prevent duplicate NSEC(3)s to be returned with
dnssec_return_validation_chain.
* Bugfix: Remove duplicate RRs from RRsets when DNSSEC verifying
* Client side edns-tcp-keepalive support
* TSIG support
* Verify upstream TLS pubkeys with pinsets; A getdns_query option
(-K) to attach pinsets to getdns_contexts.
Thanks Daniel Kahn Gillmor
* Initial support for Windows. Thanks Gowri Visweswaran
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWfCZuAAoJEOX4+CEvd6SYVh0P/3iHig6/kwccluUFzL/p8TYj
x0wSD4TMt/vQlfgJfRwj3RGDVJWNsGgyo4dEb2u8yLm+hiKf6kqt4tx9P8NI/pZF
eNskXiLaVgsRRgHGJ2ZaGz358tRIwDIhcfuwuBUpx7+8bdiJuBCoGBQFoFUWA/Ds
e9vEztKUsT9a+Juk8l8RgY8IK+INGxWh48h0ABXwkBwggGd8itTMihkNfYW3RhoI
x5WgPxa1umyLyrp7sPfdQjwQ537EusHU4PuUUl5qWbjw3hysddyAEaLqrCeorjOd
SmA/mta7xCWI2UMiBH7ivPPb+s5SKZGqfprNDx8XXthuNWDUoZVa/rGoe+5wSBlX
C+G65Ink7BzKJt9nLhE6fgoeVB5q75MgtSrbXtw3uKsMT4diqaYKlr0Ood5qGCpB
C/TCou28NUBbX1oH+QC215s67bMdoGVuQ5sDshqZm2G0oYzvRCP15lDNH8Nibq8I
v1uz5my5+Y0ZwFoEG7uN900K1rZ4Y2rQX1gX91F1sLzpYPm5/B+NzgpsySpMaXXh
WevFL2z65sDH1jgYQCmP+7zVuMYl8fXA8Lel0mZJa1VZREO0UmTogk+/BkLV+aMt
XQFUeOJPha4K+p6bOr/aFvfQhgj0alJjGubeVGkRcDqEmQ9SOIt4wXUf3mZXr4zP
x23DrWzMlOpHSi/0jVLX
=mQii
-----END PGP SIGNATURE-----
More information about the Users
mailing list