[getdns-users] STUB mode, does it validate DNSSEC security?
Melinda Shore
melinda.shore at nomountain.net
Thu Feb 25 20:13:03 UTC 2016
On 2/25/16 10:10 AM, Rick van Rein wrote:
> The "easy" code that you show using snprintf() hurts my skull with
> thoughts of buffer overflows. They can be managed, but it takes
> mental effort that would not otherwise be required; this means it is
> still an awkward API for C, at least to me.
Well, I think nearly any C API that deals with DNS data is going
to have similar issues given the nature of what's returned from
a DNS query. Easing the pain of doing validation and so on, on
the other hand, is a big security win, as that's something that's
entirely too easy for an implementer to get wrong. It's all
about the tradeoffs.
But you may want to check out the Python bindings. The data are
standard Python dicts and lists and the callback function is a
standard Python callable, so working with those is not any different
from any other sort of Python programming and it's easy to adhere
to a more functional style.
You'll need to have libgetdns installed, along with the Python
development tools (usually "python-dev" and "python3-dev" on most
Linux distributions).
Melinda
More information about the Users
mailing list