From mohit4677 at gmail.com  Thu Jun  1 11:04:23 2017
From: mohit4677 at gmail.com (Mohit Batra)
Date: Thu, 1 Jun 2017 16:34:23 +0530
Subject: [getdns-users] Procedure to decrypt encrypted DNS
 query/response packets inside Wireshark ?
In-Reply-To: <B174EA14-A7A2-4A72-9C71-A467DB2BC711@sinodun.com>
References: <CAAZqyN6PVWc10p8fO4yA1-NFW==tXpeLvVqtv09E=-pQPH1k7Q@mail.gmail.com>
 <B174EA14-A7A2-4A72-9C71-A467DB2BC711@sinodun.com>
Message-ID: <CAAZqyN7cu=4PKY3PD7bqfKQ3m_96QxUsMHuS9QqksQ_fc0QQSg@mail.gmail.com>

Thanks a lot Sara !!

Just wondering whether this functionality (decryption of encrypted DNS
query/response packets right inside Wireshark, or by some other means) can
be taken up in GetDNSAPI / Stubby in upcoming versions .. Is there a
possibility ?

Thanks & Regards,
Mohit Batra


On Tue, May 30, 2017 at 8:24 PM, Sara Dickinson <sara at sinodun.com> wrote:

>
> On 29 May 2017, at 11:15, Mohit Batra <mohit4677 at gmail.com> wrote:
>
> Hello Everyone,
>
> I have compiled / configured Stubby successfully, and I can see encrypted
> DNS query/response packets on port 853 on Wireshark.
>
>
> Now my question is:
>
> *"Is anyone aware of a documented procedure to decrypt encrypted DNS
> query/response packets inside Wireshark??*
>
>
> So a good starting point is: https://wiki.wireshark.org/SSL#Complete_SSL_
> decryption_walk_through which describes the basics of decrypting traffic
> assuming you are using openssl as a server.
>
> From this you can see that you either need access to the private key of
> the server (works for RSA cipher suites) or to be able to create a SSL key
> log file from the DNS client (not so easy, not directly supported in
> Stubby).
>
> Sara.
>
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> https://getdnsapi.net/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170601/f922785f/attachment.htm>

From edmonds at debian.org  Thu Jun  1 17:32:09 2017
From: edmonds at debian.org (Robert Edmonds)
Date: Thu, 1 Jun 2017 13:32:09 -0400
Subject: [getdns-users] Procedure to decrypt encrypted DNS
 query/response packets inside Wireshark ?
In-Reply-To: <B174EA14-A7A2-4A72-9C71-A467DB2BC711@sinodun.com>
References: <CAAZqyN6PVWc10p8fO4yA1-NFW==tXpeLvVqtv09E=-pQPH1k7Q@mail.gmail.com>
 <B174EA14-A7A2-4A72-9C71-A467DB2BC711@sinodun.com>
Message-ID: <20170601173209.mrtqji7soml3iqy6@mycre.ws>

Sara Dickinson wrote:
> From this you can see that you either need access to the private key of the server (works for RSA cipher suites) or to be able to create a SSL key log file from the DNS client (not so easy, not directly supported in Stubby).

Seems like it would be easier and more useful to implement dnstap
support in stubby + Wireshark than whatever is needed to break forward
secrecy.

-- 
Robert Edmonds
edmonds at debian.org


From sara at sinodun.com  Fri Jun  2 09:43:26 2017
From: sara at sinodun.com (Sara Dickinson)
Date: Fri, 2 Jun 2017 10:43:26 +0100
Subject: [getdns-users] Procedure to decrypt encrypted DNS
 query/response packets inside Wireshark ?
In-Reply-To: <20170601173209.mrtqji7soml3iqy6@mycre.ws>
References: <CAAZqyN6PVWc10p8fO4yA1-NFW==tXpeLvVqtv09E=-pQPH1k7Q@mail.gmail.com>
 <B174EA14-A7A2-4A72-9C71-A467DB2BC711@sinodun.com>
 <20170601173209.mrtqji7soml3iqy6@mycre.ws>
Message-ID: <FEF6C026-80C5-4CF7-82C4-ACB55C456E37@sinodun.com>


> On 1 Jun 2017, at 18:32, Robert Edmonds <edmonds at debian.org> wrote:
> 
> Sara Dickinson wrote:
>> From this you can see that you either need access to the private key of the server (works for RSA cipher suites) or to be able to create a SSL key log file from the DNS client (not so easy, not directly supported in Stubby).
> 
> Seems like it would be easier and more useful to implement dnstap
> support in stubby + Wireshark than whatever is needed to break forward
> secrecy.

I?m inclined to agree with Robert here, in that I think a better solution is to implement some sort of generic debugging/logging mechanism that will work with all transports. The getdns response tree already provides a pretty detailed breakdown of the response contents including binary format for RDATA, we could consider extending the data provided there.  

Sara. 


From willem at nlnetlabs.nl  Thu Jun  8 15:08:59 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Thu, 8 Jun 2017 17:08:59 +0200
Subject: [getdns-users] First release candidate for getdns-1.1.1
Message-ID: <94987962-54a1-9a1c-0ef8-a2a0184c5662@nlnetlabs.nl>

Dear all,

We have a release candidate for a quickfix release version 1.1.1 of getdns.

When working on the brew formula for Stubby, we discovered that the
default configuration file, stubby.conf was missing from the
distribution tarball. This release is just to fix this omission and has
no further big changes.

Besides the stubby.conf file, this release also includes a script that
helps with setting up Stubby on a Mac, and guidance for integration with
systemd.

Since our last release we have steadily improved and added unit tests,
and significantly increased the code covered by them. This has led to a
few bugfixes which are also included with this release.

For a more complete overview also see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the
actual release will follow Thursday the 15th of June.


link  : https://getdnsapi.net/dist/getdns-1.1.1rc1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.1.1rc1.tar.gz.asc
sha256: f63340b1d05410b875217c6abd7066586fc55a811db4ae90ffd01d2240e05e57


ChangeLog
=========
* 2017-06-??: Version 1.1.1
  * Added stubby-setdns-macos.sh script to support Homebrew formula
  * Include stubby.conf in the districution tarball
  * Bugfix #286 reschedule reused listening addresses
  * Bugfix #166 Allow parallel builds and unit-tests
  * NSAP-PTR, EID and NIMLOC, TALINK, AVC support
  * Bugfix of TA RR type
  * OPENPGPKEY and SMIMEA support
  * Bugfix TAG rdata type presentation format for CAA RR type
  * Bugfix Zero sized gateways with IPSECKEY gateway_type 0
  * Guidance for integration with systemd
  * Also check for memory leaks with advances server capabilities.
  * Bugfix convert IP string to IP dict with getdns_str2dict() directly.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170608/6a4380a1/attachment.bin>

From sca at andreasschulze.de  Thu Jun  8 21:46:16 2017
From: sca at andreasschulze.de (A. Schulze)
Date: Thu, 8 Jun 2017 23:46:16 +0200
Subject: [getdns-users] First release candidate for getdns-1.1.1
In-Reply-To: <94987962-54a1-9a1c-0ef8-a2a0184c5662@nlnetlabs.nl>
References: <94987962-54a1-9a1c-0ef8-a2a0184c5662@nlnetlabs.nl>
Message-ID: <c5dc040a-caa2-1a17-71bd-bc6242103645@andreasschulze.de>



Am 08.06.2017 um 17:08 schrieb Willem Toorop:
> We have a release candidate for a quickfix release version 1.1.1 of getdns.
compiled (Debian Jessie + Stretch) and works...

the buildsystem complain only on one spelling error:
"recieved" should be "received"

Thanks for including stubby.conf!

Andreas


From willem at nlnetlabs.nl  Thu Jun 15 20:19:33 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Thu, 15 Jun 2017 22:19:33 +0200
Subject: [getdns-users] getdns-1.1.1 released
Message-ID: <694bba66-6e51-b1f6-d78e-6a87796d2dde@nlnetlabs.nl>

Dear all,

We are pleased to announce release 1.1.1 of our library implementation
of the getdns API.

When working on the brew formula for Stubby, we discovered that the
default configuration file, stubby.conf was missing from the
distribution tarball. This release is just to fix this omission and has
no further big changes.

Besides the stubby.conf file, this release also includes a script that
helps with setting up Stubby on a Mac, and guidance for integration with
systemd.

Since our last release we have steadily improved and added unit tests,
and significantly increased the code covered by them. This has led to a
few bugfixes which are also included with this release.


link  : https://getdnsapi.net/dist/getdns-1.1.1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.1.1.tar.gz.asc
sha256: fa414c30d5f2d2b2453b5cec77362b4cc0f44d440be5893233748d82bd6a1a56


ChangeLog
=========
* 2017-06-15: Version 1.1.1
  * Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
  * Spelling fix s/receive/receive.  Thanks Andreas Schulze.
  * Added stubby-setdns-macos.sh script to support Homebrew formula
  * Include stubby.conf in the districution tarball
  * Bugfix #286 reschedule reused listening addresses
  * Bugfix #166 Allow parallel builds and unit-tests
  * NSAP-PTR, EID and NIMLOC, TALINK, AVC support
  * Bugfix of TA RR type
  * OPENPGPKEY and SMIMEA support
  * Bugfix TAG rdata type presentation format for CAA RR type
  * Bugfix Zero sized gateways with IPSECKEY gateway_type 0
  * Guidance for integration with systemd
  * Also check for memory leaks with advances server capabilities.
  * Bugfix convert IP string to IP dict with getdns_str2dict() directly

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170615/7acebd56/attachment.bin>

From sca at andreasschulze.de  Wed Jun 21 11:38:38 2017
From: sca at andreasschulze.de (A. Schulze)
Date: Wed, 21 Jun 2017 13:38:38 +0200
Subject: [getdns-users] stubby --debug
Message-ID: <20170621133838.Horde._3w313KUcboaEDqkE1fNcyG@andreasschulze.de>

Hello,

running stubby in verbose mode is possible only as compile time option
"configure --enable-debug-all" ( at least I found nothing other )

would be easier if that could be a runtime option.

... or did I missed something?

Andreas




From sara at sinodun.com  Wed Jun 21 12:12:10 2017
From: sara at sinodun.com (Sara Dickinson)
Date: Wed, 21 Jun 2017 13:12:10 +0100
Subject: [getdns-users] stubby --debug
In-Reply-To: <20170621133838.Horde._3w313KUcboaEDqkE1fNcyG@andreasschulze.de>
References: <20170621133838.Horde._3w313KUcboaEDqkE1fNcyG@andreasschulze.de>
Message-ID: <89F0CE98-2862-4A4A-B4AD-BD8E789DD96D@sinodun.com>


> On 21 Jun 2017, at 12:38, A. Schulze <sca at andreasschulze.de> wrote:
> 
> Hello,
> 
> running stubby in verbose mode is possible only as compile time option
> "configure --enable-debug-all" ( at least I found nothing other )

In the 1.1 release this is correct. The user guide (https://getdnsapi.net/blog/dns-privacy-daemon-stubby/ <https://getdnsapi.net/blog/dns-privacy-daemon-stubby/>) provides some more information on the exact configure options to use:

Logging/debugging

--enable-debug-daemon If you don't want to see the connection statistics then remove the --enable-debug-daemon option in the configure line above.
--enable-debug-stub If you do want to see very detailed debug information as messages are processed (including connection statistics) then add the --enable-debug-stub option to the configure line above.

and workarounds on how to control the output via re-direction:

The logging is currently crude and simply writes to stderr. (We are working on making this better!)
	? If don't want to see any logging for some reason then include the following on the command line: 2>/dev/null
	? If you build with both stub and daemon logging and want to see only the daemon logging use: 2>&1 >/dev/null | grep 'DAEMON'

> would be easier if that could be a runtime option.

Making this a runtime option is on the TODO list:
https://github.com/getdnsapi/getdns/issues/295 <https://github.com/getdnsapi/getdns/issues/295>

Sara. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170621/9ce104a1/attachment.htm>

From jroyalty at gmail.com  Tue Jun 27 13:40:44 2017
From: jroyalty at gmail.com (James Royalty)
Date: Tue, 27 Jun 2017 10:40:44 -0300
Subject: [getdns-users] Context reuse?
Message-ID: <CAGQMiWmfjuJigKkpw7BE859NTAH42GYF9W4X+u=A8HxG=mXkig@mail.gmail.com>

I'm using getdns in a long-running async (libuv) application.  Should
I be reusing a single context for new requests (while others are in
flight)?  Or should I be creating a new context for each resolution
request?

Cheers!
--
J


From willem at nlnetlabs.nl  Wed Jun 28 12:33:10 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Wed, 28 Jun 2017 14:33:10 +0200
Subject: [getdns-users] Context reuse?
In-Reply-To: <CAGQMiWmfjuJigKkpw7BE859NTAH42GYF9W4X+u=A8HxG=mXkig@mail.gmail.com>
References: <CAGQMiWmfjuJigKkpw7BE859NTAH42GYF9W4X+u=A8HxG=mXkig@mail.gmail.com>
Message-ID: <bf35a8a0-d42b-f9e6-8093-ba17724cfb53@nlnetlabs.nl>

Op 27-06-17 om 15:40 schreef James Royalty:
> I'm using getdns in a long-running async (libuv) application.  Should
> I be reusing a single context for new requests (while others are in
> flight)?  Or should I be creating a new context for each resolution
> request?

Hi James,

You should use a single context.

Did you register the uv event loop with the context?
Something like this:


#include <getdns/getdns.h>
#include <getdns/getdns_extra.h>
#include <getdns/getdns_ext_libuv.h>

int main()
{
	getdns_return_t r;
	getdns_context *context = NULL;
	uv_loop_t* loop = uv_default_loop();

	if ((r = getdns_create_context(&context, 1))
		fprintf(stderr, "Error creating context");

	else if ((r = getdns_extension_set_libuv_loop(context, loop))
		fprintf(stderr, "Error registering event loop");
	else {
		// your stuff scheduling against loop,
		// doing async getdns requests etc.
	
		uv_run(loop, UV_RUN_DEFAULT); // Run the uv loop
	}
	if (r)
		fprintf(stderr, ": %s\n", getdns_errorstr_by_id(r));
	getdns_context_destroy(context);
	return r ? EXIT_FAILURE : EXIT_SUCCES;
}

Then all getdns I/O will use the libuv loop.  Even the full recursive
requests (done with libunbound under the hood).

Also don't forget to link against libgetdns_ext_uv.so then too!
eg: -luv -lgetdns -lgetdns_ext_uv


Cheers,
-- Willem
> 
> Cheers!
> --
> J
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> https://getdnsapi.net/mailman/listinfo/users
> 



From willem at nlnetlabs.nl  Wed Jun 28 21:06:30 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Wed, 28 Jun 2017 23:06:30 +0200
Subject: [getdns-users] First release candidate for getdns-1.1.2
Message-ID: <9150f629-b6f7-e7cc-1e4f-36a041d2f542@nlnetlabs.nl>

Dear all,

We have a release candidate for a quickfix release version 1.1.2 of getdns.

The brew formula for Stubby installed and configured a version of the
getdns library that would not fit other applications using getdns very
well. More specifically, libgetdns was configured to output statistics
about upstreams.

To allow to display upstream statistics without the necessity for a
specifically configured library, this release introduces a single new
feature: the ability to register a callback function that will fire when
certain subsystems have a log message of a certain severity. Which
subsystems will fire the callback can be specified with the registration
function. Currently this is only available for upstream statistics, but
in the future the log messages for the other subsystems will be provided
in a similar fashion.

Besides this single feature, we have a few bugfixes in this release. The
most prominent one fixing fallbacks on certain error conditions for
stateful transports on MacOS.

For a more complete overview also see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the
actual release will follow Monday the 3th of July.



link  : https://getdnsapi.net/dist/getdns-1.1.2-rc1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.1.2-rc1.tar.gz.asc
sha256: 6cee73b5d56806420870e0cd80938d054034792ab5107f058c9f062f4fdb310d


ChangeLog
=========
* 2017-07-??: Version 1.1.2
  * Bugfix for parallel make install
  * Bugfix to trigger event callbacks on socket errors
  * A getdns_context_set_logfunc() function with which one may
    register a callback log function for certain library subsystems
    at certain levels.  Currently this can only be used for
    upstream statistics subsystem.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170628/5e0d1fe4/attachment.bin>

From rick at openfortress.nl  Fri Jun 30 02:50:17 2017
From: rick at openfortress.nl (Rick van Rein)
Date: Fri, 30 Jun 2017 04:50:17 +0200
Subject: [getdns-users] GetDNSapi for Erlang
Message-ID: <5955BC69.30401@openfortress.nl>

Hi,

I'm looking for a DNS client to use in Erlang.  Much to my surprise, I
can "only" find authoritative code!

I have been saying that GetDNSapi isn't very C-like, but it does seem to
fit well with Erlang.  And that's the sort of thing it was designed for,
of course.

Is anyone aware of work that has been done to make GetDNSapi work with
Erlang?  DuckDuckGo seems to have misplaced the answers to this one :)

-Rick


From jroyalty at gmail.com  Fri Jun 30 11:42:39 2017
From: jroyalty at gmail.com (James Royalty)
Date: Fri, 30 Jun 2017 08:42:39 -0300
Subject: [getdns-users] Context reuse?
In-Reply-To: <bf35a8a0-d42b-f9e6-8093-ba17724cfb53@nlnetlabs.nl>
References: <CAGQMiWmfjuJigKkpw7BE859NTAH42GYF9W4X+u=A8HxG=mXkig@mail.gmail.com>
 <bf35a8a0-d42b-f9e6-8093-ba17724cfb53@nlnetlabs.nl>
Message-ID: <CAGQMiW=xYDJDKLa6PvgnLiyZ4=cxazM0+4Zvpv-mAvkzOgaO-w@mail.gmail.com>

Thanks Willem for the response!  That's the gist of what I'm currently
doing so all good there.

Another question along these lines:  What are the circumstances where
you'd want (or need) multiple contexts?

Cheers!
--
James


On Wed, Jun 28, 2017 at 9:33 AM, Willem Toorop <willem at nlnetlabs.nl> wrote:
> Hi James,
>
> You should use a single context.
>
> Did you register the uv event loop with the context?
> Something like this:
>
>
> #include <getdns/getdns.h>
> #include <getdns/getdns_extra.h>
> #include <getdns/getdns_ext_libuv.h>
>
> int main()
> {
>         getdns_return_t r;
>         getdns_context *context = NULL;
>         uv_loop_t* loop = uv_default_loop();
>
>         if ((r = getdns_create_context(&context, 1))
>                 fprintf(stderr, "Error creating context");
>
>         else if ((r = getdns_extension_set_libuv_loop(context, loop))
>                 fprintf(stderr, "Error registering event loop");
>         else {
>                 // your stuff scheduling against loop,
>                 // doing async getdns requests etc.
>
>                 uv_run(loop, UV_RUN_DEFAULT); // Run the uv loop
>         }
>         if (r)
>                 fprintf(stderr, ": %s\n", getdns_errorstr_by_id(r));
>         getdns_context_destroy(context);
>         return r ? EXIT_FAILURE : EXIT_SUCCES;
> }
>
> Then all getdns I/O will use the libuv loop.  Even the full recursive
> requests (done with libunbound under the hood).
>
> Also don't forget to link against libgetdns_ext_uv.so then too!
> eg: -luv -lgetdns -lgetdns_ext_uv
>
>
> Cheers,
> -- Willem


From willem at nlnetlabs.nl  Fri Jun 30 11:55:06 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Fri, 30 Jun 2017 13:55:06 +0200
Subject: [getdns-users] Context reuse?
In-Reply-To: <CAGQMiW=xYDJDKLa6PvgnLiyZ4=cxazM0+4Zvpv-mAvkzOgaO-w@mail.gmail.com>
References: <CAGQMiWmfjuJigKkpw7BE859NTAH42GYF9W4X+u=A8HxG=mXkig@mail.gmail.com>
 <bf35a8a0-d42b-f9e6-8093-ba17724cfb53@nlnetlabs.nl>
 <CAGQMiW=xYDJDKLa6PvgnLiyZ4=cxazM0+4Zvpv-mAvkzOgaO-w@mail.gmail.com>
Message-ID: <afe2216e-d98c-c2d9-ccfc-218f32e14267@nlnetlabs.nl>

Op 30-06-17 om 13:42 schreef James Royalty:
> Thanks Willem for the response!  That's the gist of what I'm currently
> doing so all good there.
> 
> Another question along these lines:  What are the circumstances where
> you'd want (or need) multiple contexts?

Hmmm.. hard to think of any.  It might make sense in multi-threaded
applications.
Also, the upstreams configuration (i.e.recursive_upstream_resolvers)
associated with a context cannot be changed on a per query basis via an
extension dict.  So, it might be useful to have one context for stateful
connections to remote upstreams, and do some meta queries with a
separate context configured with the OS defaults (i.e. UDP queries to
the recursor in the local network).

-- Willem



From willem at nlnetlabs.nl  Fri Jun 30 11:58:57 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Fri, 30 Jun 2017 13:58:57 +0200
Subject: [getdns-users] GetDNSapi for Erlang
In-Reply-To: <5955BC69.30401@openfortress.nl>
References: <5955BC69.30401@openfortress.nl>
Message-ID: <4a4d4b92-0c2b-1000-eb61-320ae63137a5@nlnetlabs.nl>

Op 30-06-17 om 04:50 schreef Rick van Rein:
> Hi,
> 
> I'm looking for a DNS client to use in Erlang.  Much to my surprise, I
> can "only" find authoritative code!
> 
> I have been saying that GetDNSapi isn't very C-like, but it does seem to
> fit well with Erlang.  And that's the sort of thing it was designed for,
> of course.
> 
> Is anyone aware of work that has been done to make GetDNSapi work with
> Erlang?  DuckDuckGo seems to have misplaced the answers to this one :)

I don't know for sure, but I vaguely remember that Linus Nordberg (on
the CC) was interested in getdns bindings for Erlang for his CT for
DNSSEC work and I believe he looked into this at some point.

-- Willem

> 
> -Rick
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> https://getdnsapi.net/mailman/listinfo/users
> 



From willem at nlnetlabs.nl  Thu Jun  8 15:09:03 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Thu, 8 Jun 2017 17:09:03 +0200
Subject: [getdns-api] First release candidate for getdns-1.1.1
Message-ID: <af8063a6-f465-d4dc-3df3-f8477c44de0d@nlnetlabs.nl>

Dear all,

We have a release candidate for a quickfix release version 1.1.1 of getdns.

When working on the brew formula for Stubby, we discovered that the
default configuration file, stubby.conf was missing from the
distribution tarball. This release is just to fix this omission and has
no further big changes.

Besides the stubby.conf file, this release also includes a script that
helps with setting up Stubby on a Mac, and guidance for integration with
systemd.

Since our last release we have steadily improved and added unit tests,
and significantly increased the code covered by them. This has led to a
few bugfixes which are also included with this release.

For a more complete overview also see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the
actual release will follow Thursday the 15th of June.


link  : https://getdnsapi.net/dist/getdns-1.1.1rc1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.1.1rc1.tar.gz.asc
sha256: f63340b1d05410b875217c6abd7066586fc55a811db4ae90ffd01d2240e05e57


ChangeLog
=========
* 2017-06-??: Version 1.1.1
  * Added stubby-setdns-macos.sh script to support Homebrew formula
  * Include stubby.conf in the districution tarball
  * Bugfix #286 reschedule reused listening addresses
  * Bugfix #166 Allow parallel builds and unit-tests
  * NSAP-PTR, EID and NIMLOC, TALINK, AVC support
  * Bugfix of TA RR type
  * OPENPGPKEY and SMIMEA support
  * Bugfix TAG rdata type presentation format for CAA RR type
  * Bugfix Zero sized gateways with IPSECKEY gateway_type 0
  * Guidance for integration with systemd
  * Also check for memory leaks with advances server capabilities.
  * Bugfix convert IP string to IP dict with getdns_str2dict() directly.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170608/f087d5fb/attachment.bin>

From willem at nlnetlabs.nl  Thu Jun 15 20:19:38 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Thu, 15 Jun 2017 22:19:38 +0200
Subject: [getdns-api] getdns-1.1.1 released
Message-ID: <002427d3-b6cd-fb41-590c-58357c9e16e2@nlnetlabs.nl>

Dear all,

We are pleased to announce release 1.1.1 of our library implementation
of the getdns API.

When working on the brew formula for Stubby, we discovered that the
default configuration file, stubby.conf was missing from the
distribution tarball. This release is just to fix this omission and has
no further big changes.

Besides the stubby.conf file, this release also includes a script that
helps with setting up Stubby on a Mac, and guidance for integration with
systemd.

Since our last release we have steadily improved and added unit tests,
and significantly increased the code covered by them. This has led to a
few bugfixes which are also included with this release.


link  : https://getdnsapi.net/dist/getdns-1.1.1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.1.1.tar.gz.asc
sha256: fa414c30d5f2d2b2453b5cec77362b4cc0f44d440be5893233748d82bd6a1a56


ChangeLog
=========
* 2017-06-15: Version 1.1.1
  * Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
  * Spelling fix s/receive/receive.  Thanks Andreas Schulze.
  * Added stubby-setdns-macos.sh script to support Homebrew formula
  * Include stubby.conf in the districution tarball
  * Bugfix #286 reschedule reused listening addresses
  * Bugfix #166 Allow parallel builds and unit-tests
  * NSAP-PTR, EID and NIMLOC, TALINK, AVC support
  * Bugfix of TA RR type
  * OPENPGPKEY and SMIMEA support
  * Bugfix TAG rdata type presentation format for CAA RR type
  * Bugfix Zero sized gateways with IPSECKEY gateway_type 0
  * Guidance for integration with systemd
  * Also check for memory leaks with advances server capabilities.
  * Bugfix convert IP string to IP dict with getdns_str2dict() directly

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170615/5e048264/attachment.bin>

From shikha.sharma at broadforward.com  Fri Jun 23 08:58:59 2017
From: shikha.sharma at broadforward.com (Shikha Sharma)
Date: Fri, 23 Jun 2017 10:58:59 +0200
Subject: [getdns-api]  Upstream servers(over UDP)
Message-ID: <29ecb6a9-e221-0929-1465-1bd95a3c7dff@broadforward.com>

Hello,

I'm using getdns in stub mode with more than 1 upstream servers (over UDP)
configured in the context. Some of the observations that i have:

  * Every time a udp request times out, the back_off is multiplied by 2
    and another server is chosen. But if the response is received from
    the server then the back_off value is never reset. In case there is
    a timeout again, It continues with the previous back_off value. i
    would like to propose to reset the back_off to 0 as soon as the
    server becomes available.
  * If all upstreams are failing, the upstream with the smallest
    back_off value will be selected, and the back_off value decremented
    by one. In this scenario servers can also be retried in the round
    robin fashion to give them equal chance because one of the server
    might have large back_off value and will not be tried even though it
    has become available again. Or make it configurable to choose one of
    the above behavior.
  * In the latest release a feature was added "More fine grained control
    over TLS upstream retry and back off behavior with
    getdns_context_set_tls_backoff_time() and
    getdns_context_set_tls_connection_retries().". I would like to
    propose to add  similar back_off time and retries for over UDP as well.

Regards,

Shikha Sharma

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170623/861b17b9/attachment.htm>

From willem at nlnetlabs.nl  Wed Jun 28 21:06:33 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Wed, 28 Jun 2017 23:06:33 +0200
Subject: [getdns-api] First release candidate for getdns-1.1.2
Message-ID: <41236f7f-c4fe-9f26-c70f-74b2ea1f151e@nlnetlabs.nl>

Dear all,

We have a release candidate for a quickfix release version 1.1.2 of getdns.

The brew formula for Stubby installed and configured a version of the
getdns library that would not fit other applications using getdns very
well. More specifically, libgetdns was configured to output statistics
about upstreams.

To allow to display upstream statistics without the necessity for a
specifically configured library, this release introduces a single new
feature: the ability to register a callback function that will fire when
certain subsystems have a log message of a certain severity. Which
subsystems will fire the callback can be specified with the registration
function. Currently this is only available for upstream statistics, but
in the future the log messages for the other subsystems will be provided
in a similar fashion.

Besides this single feature, we have a few bugfixes in this release. The
most prominent one fixing fallbacks on certain error conditions for
stateful transports on MacOS.
spe
For a more complete overview also see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the
actual release will follow Monday the 3th of July.



link  : https://getdnsapi.net/dist/getdns-1.1.2-rc1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.1.2-rc1.tar.gz.asc
sha256: 6cee73b5d56806420870e0cd80938d054034792ab5107f058c9f062f4fdb310d


ChangeLog
=========
* 2017-07-??: Version 1.1.2
  * Bugfix for parallel make install
  * Bugfix to trigger event callbacks on socket errors
  * A getdns_context_set_logfunc() function with which one may
    register a callback log function for certain library subsystems
    at certain levels.  Currently this can only be used for
    upstream statistics subsystem.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170628/07da83f2/attachment.bin>