From willem at nlnetlabs.nl Thu Mar 31 12:15:58 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 31 Mar 2016 09:15:58 -0300 Subject: [getdns-users] getdns 1.0.0b1 release Message-ID: <56FD14FE.5010206@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear All, I am very pleased to announce that we have a beta release for version 1.0.0 of getdns We are now 100% spec complete. The last remaining function from the specification, getdns_context_set_follow_redirects(), is functional with this release. This release also contains the following improvements and non-spec features: * A dnssec_return_all_statuses extension Use this extension if you want to know about DNSSEC status, but you don't want the DNSSEC protection. When this extension is set, all replies will always be included in the response dict, regardless their dnssec status. When used on its own or in combination with just dnssec_return_status, it will return BOGUS replies, but those replies will have "dnssec_status": GETDNS_DNSSEC_BOGUS. The response dict "status" will be GETDNS_RESPSTATUS_GOOD then. When used on in combination with dnssec_return_only_secure, it will return BOGUS and INSECURE replies (shown in their "dnssec_status"). The response dict "status" can be any of the status that the dnssec_return_only_secure extenstion returns, so GETDNS_RESPSTATUS_GOOD when at least one reply was secure, GETDNS_RESPSTATUS_NO_SECURE_ANSWERS when all replies were insecure, or GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS when all replies were bogus. * Conversion functions for DNS messages. With these the unit tests could be adapted so they are not dependent on ldns anymore * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix This makes suffix handling more like what is conventional with system stub behaviour. Suffixes are appended to a name before trying it without suffixes, but only if the name consists of a single label. * MS Windows version in 100% working The default event loop, that is also used for synchronous calls, has been renewed. With it, TCP and TLS transports are now also possible on MS Windows. The event loop extension (custom or not) will now also be used in recursive lookups (libunbound >= 1.5.9 is needed for this). Because of this it is now also possible to do recursive requests in MS Windows. The MS Windows native certificate store will be used with TLS transport and also suffixes are initialized as the system stub is. Besides these new features and improvements, a few bugs have been fixed. For a complete overview see the ChangeLog below. We would kindly ask you to review and try out this beta release thoroughly. The 1.0.0 release will follow as soon as we are confident we haven't missed anything and it is ready for production link: https://getdnsapi.net/dist/getdns-1.0.0b1.tar.gz.asc md5 : eb7f6d78499e5d21b7e67b2e6704e7d7 sha1: b8b21d8676dc29bfe61c70b490ec0842cf987012 pgp : https://getdnsapi.net/dist/getdns-1.0.0b1.tar.gz.asc * 2016-??-??: Version 1.0.0 * openssl 1.1.0 support * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix handling * getdns_context_set_follow_redirects() * Read suffix list from registry on Windows * A dnssec_return_all_statuses extension * Set root servers without temporary file (libunbound >= 1.5.8 needed) * Eliminate unit test's ldns dependency * pkts wireformat <-> getdns_dict <-> string conversion functions * Eliminate all side effects when doing sync requests (libunbound >= 1.5.9 needed) * Bugfix: Load gost algorithm if digest is seen before key algorithm Thanks Jelte Janssen * Bugfix: Respect DNSSEC skew. * Offline dnssec validation for any given point in time * Correct return value in documentation for getdns_pretty_print_dict(). Thanks Linus Nordberg * Bugfix: Don't treat "domain" or "search" as a nameserver. Thanks Linus Nordberg * Use the default CA trust store on Windows (for DNS over TLS). * Propagate eventloop to unbound when unbound has pluggable event loops (libunbound >= 1.5.9 needed) * Replace mini_event extension by default_eventloop * Bugfix: Segfault on NULL pin * Bugfix: Correct output of get_api_settings * Bugfix: Memory leak with getdns_get_api_information() Thanks Robert Groenenberg. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW/RT+AAoJEOX4+CEvd6SYQeIP/A2+qkWgOEbGLukOVe99DJb9 MU8Q5zvJobWYmx97OvQX3YT6KU8zvrjWqUUdG2bV+O3badsK1peB8VxLMjQ5J/V1 fhznTGiJeMbMZ60yquh9NF9KrLxMPJSJ8ydCNbAZfuRgnp+8uoY+NwetASwDR2JE RwYtRfxB23srIduw/SY0QPpcBaF7XrdyDFNIYlruPSq8zM3To40owRpVCQQkTrEY 6hDUTbf08xum+cWY7vyLAh6D1R2mWIsQEjBAmCLwC76oquEuwCRdrzzmHFx4oNKj B8Q0J41NU/jygRabu003+SgSQF9Y6CfL2VrQora9NIZ+MbHWpghI4o7LrEteT728 4jw0cFrJ3qw3GoIlABjdMfur3mUgP3KxJFSa8zbDc8cdCD1sxGLZr1vAWYEQTonT ub8Qq6pzTRPklcFj+sdr6xRfWATKsFCT/dGmVAAR/qXNCMhFaFAVZu8Eue/FN/wO sfYW0BMfA3HdXETrxlKFPwSA7+pm7VUVIVBEuT8ZORL8tgP+056ODulZwXWL933C 5zD29GN7iT+tP3kNCmDKrNz57ckvohUPEUmmeyLDQJTYhMdEri9A0U3wYLwlBi/m sIA+yFgGeLbJZIVUnnqCth/0fue1SmxakoQ/AKm6H8DyG8Ja6e+JEew8JnM7deEd 6HN1oA0PAmqS1J7qKvPo =rIPj -----END PGP SIGNATURE----- From willem at nlnetlabs.nl Wed Mar 23 21:46:41 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Wed, 23 Mar 2016 22:46:41 +0100 Subject: [getdns-api] Spec change request: Set suffixes from OS Message-ID: <56F30EC1.1040405@nlnetlabs.nl> Dear all, The current spec (in paragraph 8.5 https://getdnsapi.net/spec.html#8.5 ) states that the default suffixes is "an empty list". I propose to change this to "set from the OS when the context is created with the "set_from_os" parameter set, otherwise an empty list". This would be consistent with how other settings are "set from the OS", such as for example the upstream recursive servers. The complete text will then become: getdns_return_t getdns_context_set_suffix( getdns_context *context, getdns_list *value ); The value is a list of bindatas that are strings that are to be appended based on getdns_context_set_append_name; the default is an set from the OS when the context is created with the "set_from_os" parameter set, otherwise an empty list. The values here follow the rules in section 2.1 of RFC 4343 to allow non-ASCII octets and special characters in labels. Do you agree? I would appreciate a response on short notice as I am about to do the 1.0beta release very soon (preferable before the DNS-OARC and IETF95). Thanks, -- Willem From willem at nlnetlabs.nl Wed Mar 23 21:59:57 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Wed, 23 Mar 2016 22:59:57 +0100 Subject: [getdns-api] Spec change request: add GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST constant Message-ID: <56F311DD.1050408@nlnetlabs.nl> Dear All, I would prefer to have the getdns stub resolver behave the same as most system stub resolvers by default with respect to suffix handling. Most system stub resolvers will try the query with suffixes appended first, but only if the query is for a single label. This behaviour does not seem to be reflected in a constant that can be used with the getdns_context_set_append_name() function in paragraph 8.5 (see https://getdnsapi.net/spec.html#8.5 ). I suggest to introduce another constant that has the standard system stub behaviour: GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST I also suggest to make that the default setting. The complete description will then become: getdns_return_t getdns_context_set_append_name( getdns_context *context, getdns_append_name_t value ); Specifies whether to append a suffix to the query string before the API starts resolving a name. The value is GETDNS_APPEND_NAME_ALWAYS, GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE, GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE, GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST, or GETDNS_APPEND_NAME_NEVER. This controls whether or not to append the suffix given by getdns_context_set_suffix Do you agree? I would appreciate a response on short notice as I am about to do the 1.0beta release very soon (preferable before the DNS-OARC and IETF95). Thanks, -- Willem From marc at nimago.nl Thu Mar 24 07:25:47 2016 From: marc at nimago.nl (Marc Groeneweg) Date: Thu, 24 Mar 2016 08:25:47 +0100 Subject: [getdns-api] Spec change request: Set suffixes from OS In-Reply-To: <56F30EC1.1040405@nlnetlabs.nl> References: <56F30EC1.1040405@nlnetlabs.nl> Message-ID: <4C3588A3-F1B2-44E2-B7D3-F52540658CA1@nimago.nl> Willem, +1, as we should stay as close as possible to existing implementations of normal behaviour. Regards Marc > On 23 Mar 2016, at 22:46, Willem Toorop wrote: > > Dear all, > > The current spec (in paragraph 8.5 https://getdnsapi.net/spec.html#8.5 ) > states that the default suffixes is "an empty list". > > I propose to change this to "set from the OS when the context is created > with the "set_from_os" parameter set, otherwise an empty list". > > This would be consistent with how other settings are "set from the OS", > such as for example the upstream recursive servers. > > The complete text will then become: > > > getdns_return_t > getdns_context_set_suffix( > getdns_context *context, > getdns_list *value > ); > > The value is a list of bindatas that are strings that are to > be appended based on getdns_context_set_append_name; the > default is an set from the OS when the context is created with > the "set_from_os" parameter set, otherwise an empty list. The > values here follow the rules in section 2.1 of RFC 4343 to > allow non-ASCII octets and special characters in labels. > > > Do you agree? > > I would appreciate a response on short notice as I am about to do the > 1.0beta release very soon (preferable before the DNS-OARC and IETF95). > > Thanks, > > -- Willem > _______________________________________________ > spec mailing list > spec at getdnsapi.net -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3677 bytes Desc: not available URL: From willem at nlnetlabs.nl Thu Mar 24 09:30:45 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 24 Mar 2016 10:30:45 +0100 Subject: [getdns-api] Spec change request: Set suffixes from OS In-Reply-To: <56F30EC1.1040405@nlnetlabs.nl> References: <56F30EC1.1040405@nlnetlabs.nl> Message-ID: <56F3B3C5.3020602@nlnetlabs.nl> Op 23-03-16 om 22:46 schreef Willem Toorop: > Dear all, > > The current spec (in paragraph 8.5 https://getdnsapi.net/spec.html#8.5 ) > states that the default suffixes is "an empty list". > > I propose to change this to "set from the OS when the context is created > with the "set_from_os" parameter set, otherwise an empty list". > > This would be consistent with how other settings are "set from the OS", > such as for example the upstream recursive servers. > > The complete text will then become: > > > getdns_return_t > getdns_context_set_suffix( > getdns_context *context, > getdns_list *value > ); > > The value is a list of bindatas that are strings that are to > be appended based on getdns_context_set_append_name; the > default is an set from the OS when the context is created with Sorry, the "an" was unintended. "set" was meant to be a verb. So the sentence should be: the default is set from the OS when the context is created with the "set_from_os" parameter set, otherwise an empty list. The terminology "set from OS" is perhaps a little vague, but it is coming from the spec (and not from me the implementer). The spec elaborates a little more in 4th paragraph of section 8 ( https://getdnsapi.net/spec.html#8. ) where it says: When the context is used in the API for the first time and set_from_os is 1, the API starts replacing some of the values with values from the OS, such as those that would be found in res_query(3), /etc/resolv.conf, and so on, then proceeds with the new function. In our implementation we construct the suffix list from the "domain" and "search" options from /etc/resolv.conf in unix like systems, and read it from the registry location HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters or HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/VxD/MSTCP keys "Domain", "DhcpDomain" and "SearchList" on windows. This is also what ldns and Net::DNS do, and what getaddrinfo() does by default. Note that the text also mentions that you have to create the context with the set_from_OS argument of the getdns_context_create() function set. If you create a context without that parameter, then you do not read the upstreams and suffixes from /etc/resolv.conf. I would also be happy to have the getdns_context_set_append_name() default value to be GETDNS_APPEND_NAME_NEVER . It is just that current default value is not what people are used to expect, so I want it to be more what is conventional. -- Willem > the "set_from_os" parameter set, otherwise an empty list. The > values here follow the rules in section 2.1 of RFC 4343 to > allow non-ASCII octets and special characters in labels. > > > Do you agree? > > I would appreciate a response on short notice as I am about to do the > 1.0beta release very soon (preferable before the DNS-OARC and IETF95). > > Thanks, > > -- Willem > _______________________________________________ > spec mailing list > spec at getdnsapi.net > From sara at sinodun.com Thu Mar 24 11:52:16 2016 From: sara at sinodun.com (Sara Dickinson) Date: Thu, 24 Mar 2016 11:52:16 +0000 Subject: [getdns-api] Spec change request: Set suffixes from OS In-Reply-To: <56F3B3C5.3020602@nlnetlabs.nl> References: <56F30EC1.1040405@nlnetlabs.nl> <56F3B3C5.3020602@nlnetlabs.nl> Message-ID: <167E795D-D335-4835-9D7A-BE079D332B01@sinodun.com> +1 on both this and the proposed change to the getdns_context_set_append_name() default value Sara > On 24 Mar 2016, at 09:30, Willem Toorop wrote: > > Op 23-03-16 om 22:46 schreef Willem Toorop: >> Dear all, >> >> The current spec (in paragraph 8.5 https://getdnsapi.net/spec.html#8.5 ) >> states that the default suffixes is "an empty list". >> >> I propose to change this to "set from the OS when the context is created >> with the "set_from_os" parameter set, otherwise an empty list". >> >> This would be consistent with how other settings are "set from the OS", >> such as for example the upstream recursive servers. >> >> The complete text will then become: >> >> >> getdns_return_t >> getdns_context_set_suffix( >> getdns_context *context, >> getdns_list *value >> ); >> >> The value is a list of bindatas that are strings that are to >> be appended based on getdns_context_set_append_name; the >> default is an set from the OS when the context is created with > > Sorry, the "an" was unintended. "set" was meant to be a verb. So the > sentence should be: > > the default is set from the OS when the context is created with > the "set_from_os" parameter set, otherwise an empty list. > > The terminology "set from OS" is perhaps a little vague, but it is > coming from the spec (and not from me the implementer). The spec > elaborates a little more in 4th paragraph of section 8 ( > https://getdnsapi.net/spec.html#8. ) where it says: > > When the context is used in the API for the first time and > set_from_os is 1, the API starts replacing some of the values > with values from the OS, such as those that would be found in > res_query(3), /etc/resolv.conf, and so on, then proceeds with > the new function. > > In our implementation we construct the suffix list from the "domain" and > "search" options from /etc/resolv.conf in unix like systems, and read it > from the registry location > HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters > or HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/VxD/MSTCP > keys "Domain", "DhcpDomain" and "SearchList" on windows. This is also > what ldns and Net::DNS do, and what getaddrinfo() does by default. > > Note that the text also mentions that you have to create the context > with the set_from_OS argument of the getdns_context_create() function > set. If you create a context without that parameter, then you do not > read the upstreams and suffixes from /etc/resolv.conf. > > I would also be happy to have the getdns_context_set_append_name() > default value to be GETDNS_APPEND_NAME_NEVER . It is just that current > default value is not what people are used to expect, so I want it to be > more what is conventional. > > > -- Willem > > >> the "set_from_os" parameter set, otherwise an empty list. The >> values here follow the rules in section 2.1 of RFC 4343 to >> allow non-ASCII octets and special characters in labels. >> >> >> Do you agree? >> >> I would appreciate a response on short notice as I am about to do the >> 1.0beta release very soon (preferable before the DNS-OARC and IETF95). >> >> Thanks, >> >> -- Willem >> _______________________________________________ >> spec mailing list >> spec at getdnsapi.net >> > > _______________________________________________ > spec mailing list > spec at getdnsapi.net From pusateri at bangj.com Sat Mar 26 18:59:27 2016 From: pusateri at bangj.com (Tom Pusateri) Date: Sat, 26 Mar 2016 14:59:27 -0400 Subject: [getdns-api] opcode Message-ID: <714A4013-A853-408C-B691-909A8AE57DB3@bangj.com> Thanks for all the work on getdns so far. I?m not sure if this is the right list so apologies in advance if it is not and please direct me to the right place for api questions. I was looking at using getdns for a test tool and didn?t see a way to specify the opcode in the DNS header in a request. In my particular case, I am trying to implement a test client for draft-ietf-dnssd-push-06. Maybe I overlooked it and thought I would check if I missed something. If not, does it make sense to add this to the getdns_general() api? Otherwise, I will look at ldns. Thanks, Tom P.S. The API site (http://getdnsapi.net/spec.html) says to email team at getdnsapi.net but this address bounces. It also references https://www.vpnc.org/mailman/listinfo/getdns-api which no longer exists. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From willem at nlnetlabs.nl Sat Mar 26 20:01:50 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Sat, 26 Mar 2016 21:01:50 +0100 Subject: [getdns-api] opcode In-Reply-To: <714A4013-A853-408C-B691-909A8AE57DB3@bangj.com> References: <714A4013-A853-408C-B691-909A8AE57DB3@bangj.com> Message-ID: <56F6EAAE.9070109@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Op 26-03-16 om 19:59 schreef Tom Pusateri: > Thanks for all the work on getdns so far. I?m not sure if this is > the right list so apologies in advance if it is not and please > direct me to the right place for api questions. Thank you Tom, This list is the correct place for this. > I was looking at using getdns for a test tool and didn?t see a way > to specify the opcode in the DNS header in a request. In my > particular case, I am trying to implement a test client for > draft-ietf-dnssd-push-06. Maybe I overlooked it and thought I would > check if I missed something. If not, does it make sense to add this > to the getdns_general() api? That isn't possible yet. The extension dict would be the most appropriate place for this I think. A "set_header" or maybe even just a "header" extension key with as its context the things that can be set with the various pieces of the dns header "id", "qr", "opcode", "aa", "tc", "rd", "ra", "z", "rcode". I'll try to make up some text for section 3.7 of the spec; > Otherwise, I will look at ldns. With ldns it is possible to create a query packet with ldns_pkt_new(), alter it's opcode with ldns_pkt_set_opcode(), and send it out with ldns_send(). With our implementation of the getdns it is also possible to construct packets (dns messages) but there is no getdns_send() function (yet). It would be trivial to add though. I'll bring it up for discussion with our team... Thanks, - -- Willem > Thanks, Tom > > P.S. The API site (http://getdnsapi.net/spec.html) says to email > team at getdnsapi.net but this address bounces. It also references > https://www.vpnc.org/mailman/listinfo/getdns-api which no longer > exists. Ah.. that's clumsy. I fixed the team at getdnsapi.net address. The reference to the vpnc list will be changed as soon as we have a new spec (which might well be very soon). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW9uquAAoJEOX4+CEvd6SYeGcQAKTDKTJgLBCqXurr3U8c43vK MYs3toe07A1Jh52dpV99QPDzRq9HcJzabNMQ/GrOtNAU5A61LjWcffOLR9Eh5prE MtGCkzMXUW9OyPjiaICnmCCIYk1eNF6PGTTtCVLFwvRzKu63SP8Kb/Z4W72gx7Y+ jiL0KHF5OiSyzPvR8lwGwqTN4RUT7vg8iurE7HFC/UMy0MngepGwQzJCMTRli2uP 84G+nixpZKuCf9BdGyP2jRXrybmRutUm+ixMtoQrP0azvOcICwb6SKKXGgNZCQoQ NAzqhy+gS+aDJFUZYGqrliRmo4xaRokNHYpdnWumxH7FZBNnVk4GSBlPUA9U5HVl KHJ68s1ObQ9l+cnIpRI7FoBi4DclSm7JHDRis0r1jBADQz5kaQIu/8FH38yfbJz1 m5BZ5Y2147yhjeVPdyvsupWcHDGBEXBknPkvZqvvyQV7//+9HOnpq3q6UxkZNdjY 7xEDJofHJPNh/aR1z2dGeAxcK2wNV4wxQgc4fEfgiVYSc9TNuDftb8kGVkqb7XSI UXiBiElRNcWJRdU7PfQJa+k5GQUvSZuJvzcFndJHq9ifbaZD54ctoB7gGchlnak1 IFxxkKbSYbVs9xB6WStlswJ4jALl3G8Hvk67o0uMSdbETfqkhOXgGOjDD75TEYru Ae+t+ciqxkjnaX9eBt9l =mtQR -----END PGP SIGNATURE----- From pusateri at bangj.com Sat Mar 26 21:34:12 2016 From: pusateri at bangj.com (Tom Pusateri) Date: Sat, 26 Mar 2016 17:34:12 -0400 Subject: [getdns-api] opcode In-Reply-To: <56F6EAAE.9070109@nlnetlabs.nl> References: <714A4013-A853-408C-B691-909A8AE57DB3@bangj.com> <56F6EAAE.9070109@nlnetlabs.nl> Message-ID: > On Mar 26, 2016, at 4:01 PM, Willem Toorop wrote: > > > Otherwise, I will look at ldns. > > With ldns it is possible to create a query packet with ldns_pkt_new(), > alter it's opcode with ldns_pkt_set_opcode(), and send it out with > ldns_send(). > > Thanks, > -- Willem That?s perfect. I?ll throw it up on github when I?m done. Thanks, Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From willem at nlnetlabs.nl Thu Mar 31 12:17:23 2016 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 31 Mar 2016 09:17:23 -0300 Subject: [getdns-api] getdns 1.0.0b1 release Message-ID: <56FD1553.2070400@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear All, I am very pleased to announce that we have a beta release for version 1.0.0 of getdns We are now 100% spec complete. The last remaining function from the specification, getdns_context_set_follow_redirects(), is functional with this release. This release also contains the following improvements and non-spec features: * A dnssec_return_all_statuses extension Use this extension if you want to know about DNSSEC status, but you don't want the DNSSEC protection. When this extension is set, all replies will always be included in the response dict, regardless their dnssec status. When used on its own or in combination with just dnssec_return_status, it will return BOGUS replies, but those replies will have "dnssec_status": GETDNS_DNSSEC_BOGUS. The response dict "status" will be GETDNS_RESPSTATUS_GOOD then. When used on in combination with dnssec_return_only_secure, it will return BOGUS and INSECURE replies (shown in their "dnssec_status"). The response dict "status" can be any of the status that the dnssec_return_only_secure extenstion returns, so GETDNS_RESPSTATUS_GOOD when at least one reply was secure, GETDNS_RESPSTATUS_NO_SECURE_ANSWERS when all replies were insecure, or GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS when all replies were bogus. * Conversion functions for DNS messages. With these the unit tests could be adapted so they are not dependent on ldns anymore * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix This makes suffix handling more like what is conventional with system stub behaviour. Suffixes are appended to a name before trying it without suffixes, but only if the name consists of a single label. * MS Windows version in 100% working The default event loop, that is also used for synchronous calls, has been renewed. With it, TCP and TLS transports are now also possible on MS Windows. The event loop extension (custom or not) will now also be used in recursive lookups (the yet unrelease libunbound >= 1.5.9 is needed for this). Because of this it is now also possible to do recursive requests in MS Windows. The MS Windows native certificate store will be used with TLS transport and also suffixes are initialized as the system stub is. Besides these new features and improvements, a few bugs have been fixed. For a complete overview see the ChangeLog below. We would kindly ask you to review and try out this beta release thoroughly. The 1.0.0 release will follow as soon as we are confident we haven't missed anything and it is ready for production link: https://getdnsapi.net/dist/getdns-1.0.0b1.tar.gz.asc md5 : eb7f6d78499e5d21b7e67b2e6704e7d7 sha1: b8b21d8676dc29bfe61c70b490ec0842cf987012 pgp : https://getdnsapi.net/dist/getdns-1.0.0b1.tar.gz.asc * 2016-??-??: Version 1.0.0 * openssl 1.1.0 support * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix handling * getdns_context_set_follow_redirects() * Read suffix list from registry on Windows * A dnssec_return_all_statuses extension * Set root servers without temporary file (libunbound >= 1.5.8 needed) * Eliminate unit test's ldns dependency * pkts wireformat <-> getdns_dict <-> string conversion functions * Eliminate all side effects when doing sync requests (libunbound >= 1.5.9 needed) * Bugfix: Load gost algorithm if digest is seen before key algorithm Thanks Jelte Janssen * Bugfix: Respect DNSSEC skew. * Offline dnssec validation for any given point in time * Correct return value in documentation for getdns_pretty_print_dict(). Thanks Linus Nordberg * Bugfix: Don't treat "domain" or "search" as a nameserver. Thanks Linus Nordberg * Use the default CA trust store on Windows (for DNS over TLS). * Propagate eventloop to unbound when unbound has pluggable event loops (libunbound >= 1.5.9 needed) * Replace mini_event extension by default_eventloop * Bugfix: Segfault on NULL pin * Bugfix: Correct output of get_api_settings * Bugfix: Memory leak with getdns_get_api_information() Thanks Robert Groenenberg. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW/RVTAAoJEOX4+CEvd6SYJx8P/RPzQpkN5vGf0d+9fH7Q4WuA h5ERoEPf5womzP2Eug284ISNBza+9n/YvlMCaP9dHouVhaSRIjxd6uuopULwbWK5 WZ/R5d6Nmg0h0t6R6j4x+fbzUXjAKo47x8MbTVaon5HFUOtpiTdIsn3uqdng2/ib Yebt3f6TSX319ykl4mGvm+NDV94c5jLNHw1/RWbNO0vWUfnXVb4Lta0PJ1e0DNHr Y/DyDaCREnau7zTBD1V49t7FYrBbzxScAahrLItHiS91vx9CA7EzPf5Y38kPPO4b LyZsorhj6RR1ZxYcwoN51pmk5/l4hUo7A9TBfk5nyHq9swWa0W4fUmN1xre8z2JV AiQc536jKelPYuePkAzZ5RBdxYC2battwmKAbu09Typs3myCOU6R9/DPBc0XSB63 S1dCcWtjwp4y/n8U+IvDPwcG86/BFyo1NlQGit6NWjr6dO1meq31QWqP6Q9F23fY 7Gs2Y04NAqc1hZfIrbS+XlsbJ2H973jS8xXJtJ5mDq8S6irTA0ltWD9CoxtNon6Q aSDNTqRxRR86Ud1HViO0atetHHf1WKSFCBv9E/yGopor6lxqo2efIkSBAg4XE6IA GZur/AmfJdMdvonVOADvTabER9AkeKs56OFEeXEpc3gwFDiDqpjOF0ZWDGDnRwym Ww02CVYJ0i3gVX7vDBkE =oiuB -----END PGP SIGNATURE-----