[getdns-users] STUB mode, does it validate DNSSEC security?

[Philip Homburg]

In your letter dated Fri, 26 Feb 2016 10:20:10 +0100 you wrote:
>Op 25-02-16 om 19:30 schreef Melinda Shore:
>> On 2/25/16 12:20 AM, Rick van Rein wrote:
>>> 2. I was looking into GetDNS as an possible alternative for libunbound
>>> (and got a bit confused because they're both from NLNet Labs) and if I'm
>>> getting it correctly, then GetDNS is meant to be wrapped for
>>> script-style languages, but given the string-indexed dictionary
>>> structures returned it strikes me as more complex to use in a C program
>>> than libunbound; or am I missing something?
>> 
>> Hi, Rick:
>> 
>> Yes, there's no question that the original data structure
>> design was extremely clunky for C programmers.  This was
>> recognized fairly early on, so Willem came up with a
>
>Uh-hum... so Philip Homburg suggested to use expressions in the lookup
>strings to get to more deeply nested information for the first time
>during the IETF in Prague I believe.  JSON pointer syntax was suggested
>by Joe Hildebrand.

As a long time C programmer with some experience with python, etc. it is
very clear that getdns is completely different from normal C APIs.

However, for DNS this approach seems to be a good fit. It takes some 
getting used to. It helps if you have already experience dealing with JSON,
etc.

Typically, DNS involves variable length strings anyhow, so getdns doesn't
seem to be worse from that point of view. Always using snprintf, strlcpy,
strlcat should be enough there.

While writing some code that uses getdns I realized that having to manually
navigate the result structure one step at the time was not very nice.
So I suggested to Willem to add some syntax to refer to deeper fields 
directly. I didn't know that there was already an official JSON pointer
syntax.

That reminds me that I have to update my code to actually use this feature :-)