[getdns-users] Possible Go language version of getdns API

Shane Kerr shane at time-travellers.org
Fri Jun 17 11:27:23 UTC 2016


My colleagues and I at BII have been thinking about the getdns API and
the Go language. We are considering developing a native Go
implementation, and wanted to discuss it with other people before
starting. Here are some ideas.

Native Go
We think that it should be native Go. There are two motivations for

1. Performance
   I haven't done any benchmarking myself, but I have been told that
   executing C functions from Go carries a severe performance penalty.

2. Usability
   We would like a Go library that looks & feels like a native library,
   and does things in a way that matches the Principle of Least
   Surprise for Go developers.

It might be that wrapping the C library doesn't carry a performance
penalty, and we might be able to convert the file-descriptor + callback
style concurrency model into one that looks & feels more like
goroutines and channels. Looking at the getdns API specification shows
that there are only a small number of calls for the base API, so it
shouldn't be *that* difficult to implement this natively in Go.

Miek Gieben's DNS library
This is a well-maintained low-level DNS library that actually provides
almost all of the components necessary to build a getdns API.  We plan
on using this as the basis for the API.

This DNS library is not especially friendly for application developers
who are not DNS nerds, so we have a good reason to want the getdns API
implemented on top of it.

The getdns API does not require DNSSEC support, so we plan on an
initial version without it. However, DNSSEC is very important so we'll
add this support as the second release. The low-level work of
validating signatures is already in the miekg DNS library, but the work
of following the chain of trust and doing trust anchor management is
not present. Possibly it will make sense to push those capabilities
upstream into the miekg library... we will see.


A rough outline of how we would expect the project to go is something
like this:

1. Discuss with the getdns list
   - ask about the basic idea (this e-mail!)
   - submit a sample API description for discussion

2. MVP (Minimum Viable Product) of base API
   - any data structure definition needed
   - the basic getdns API calls that make sense in Go (about 7
   - documentation

3. DNSSEC support
   - trust anchor management
   - positive validation
     - check RRSIG
     - follow DS chain (zone cuts, etc.)
   - negative validation
     - NSEC, wildcard, encloser, ...
   - NSEC3
     - hashing
     - opt-out

4. TLS support
5. DNS over HTTP support
6. RFC 5011 support
7. EDNS0 DS chain 

I expect that step 2 will take something like 2 to 3 weeks of work, and
step 3 something like 4 to 5 weeks. We haven't done any guestimates
about any of the other features, as those are lower priority.

Please let us know what you think. Is this a good idea? What of our
assumptions are crazy? And so on.

Please also let us know if you want to help with the work. ;)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20160617/6ed26b6a/attachment.bin>

More information about the Users mailing list