[getdns-users] STUB mode, does it validate DNSSEC security?
Rick van Rein
rick at openfortress.nl
Thu Feb 25 19:10:17 UTC 2016
Hello Melinda,
Thanks for your blog reference, I helped to gain a better understanding of the use of GetDNS from C.
I'm hesitant to embrace it, to be honest. Where Willem Toorop emphasis the ease of extension in his YouTube talk, I see dynamicity as a two-sided sword when security is at play. IMHO, static typing is a very powerful tool in reducing programming errors, and scriptish data structures such as a dictionary or list are not helpful in that respect. I have to weigh pros and cons; it's not a heavenly match the way you describe it.
Functional language strike a very interesting middle ground in this arena; they can often be statically typed, but with refinements that are not possible in procedural languages. Both C and JavaScript/Lua end up holding a shorter end of the stick, albeit the opposite end :)
The "easy" code that you show using snprintf() hurts my skull with thoughts of buffer overflows. They can be managed, but it takes mental effort that would not otherwise be required; this means it is still an awkward API for C, at least to me. A lesser concern is "wasting" compute cycles on dynamicity; but I know that this is being pedantic and is not a serious hold-back.
I now understand better what GetDNS tries to do to be more C-ish, but to me it still feels like a bit of a twist.
-Rick
More information about the Users
mailing list