[getdns-api] getdns-1.5.1 and stubby-0.2.5 released

Willem Toorop willem at nlnetlabs.nl
Fri Jan 11 16:02:07 UTC 2019

Dear all,

Our previous getdns-1.5.0 release had a bug which prevented it from
building on MacOS. This release has (almost) only this single bug fixed.

Also, some new configurable properties for DNS-over-TLS were introduced
in the previous release, but these properties were not exposed in
stubby.yml.example. This release includes Stubby 0.2.5, which has this
corrected and does have example configuration for these properties in

Google recently announced DNS-over-TLS support on the Google public DNS
resolvers (). Example configuration entries for DNS-over-TLS with Google
public DNS are added to stubby.yml.example now too.

link  : https://getdnsapi.net/dist/getdns-1.5.1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.5.1.tar.gz.asc
sha256: 5686e61100599c309ce03535f9899a5a3d94a82cc08d10718e2cd73ad3dc28af
web   : https://getdnsapi.net/releases/getdns-1-5-1/

* 2019-01-11: Version 1.5.1
  * PR #414: remove TLS13 ciphers from cipher_list, but
    only when SSL_CTX_set_ciphersuites is available.
    Thanks Bruno Pagani
  * Issue #415: Filter out #defines etc. when creating
    symbols file.  Thanks Zero King

* 2018-12-21: Version 1.5.0
  * RFE getdnsapi/stubby#121 log re-instantiating TLS
    upstreams (because they reached tls_backoff_time) at
    log level 4 (WARNING)
  * ZONEMD rr-type
  * getdns_query queries for addresses when a query name
    without a type is given.
  * RFE #408: Fetching of trust anchors will be retried
    after failure, after a certain backoff time. The time
    can be configured with
  * RFE #408: A "dnssec" extension that requires DNSSEC
    verification.  When this extension is set, Indeterminate
    DNSSEC status will not be returned.
  * Issue #410: Unspecified ownership of get_api_information()
  * Fix for DNSSEC bug in finding most specific key when
    trust anchor proves non-existance of one of the labels
    along the authentication chain other than the non-
    existance of a DS record on a zonecut.
  * Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130:
    Configurable minimum and maximum TLS versions with
    getdns_context_set_tls_min_version() and
    getdns_context_set_tls_max_version() functions and
    tls_min_version and tls_max_version configuration parameters
    for upstreams.
  * Configurable TLS1.3 ciphersuites with the
    getdns_context_set_tls_ciphersuites() function and
    tls_ciphersuites config parameter for upstreams.
  * Bugfix in upstream string configurations: tls_cipher_list and
  * Bugfix finding signer for validating NSEC and NSEC3s, which
    caused trouble with the partly tracing DNSSEC from the root
    up, introduced in 1.4.2.  Thanks Philip Homburg

Stubby ChangeLog
* 2019-01-11: Version 0.2.5
 * RFE getdnsapi/getdns#408: Document trust_anchors_backoff_time
   in stubby.yml.example. Thanks Jonathan Underwood
 * RFE #148: Document tls_ciphersuites, tls_cipher_list, tls_min_version
   and tls_max_version in stubby.yml.example. Thanks Jonathan Underwood
 * RFE #149: Added Google Public DNS to stubby.yml.example.
   Thanks Bruno Pagani

* 2018-12-21: Version 0.2.4
 * DNSSEC required with dnssec extension in example config
 * Removed the yeti servers from stubby.yml.example
 * Added the Foundation RESTENA servers in stubby.yml.example
 * Bugfix: only start Stubby when network is up
   Thanks Bruno Pagani

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20190111/eb1e4d32/attachment.bin>

More information about the Users mailing list