2020-03-13 16:31:01 -05:00
|
|
|
|
* 2020-0?-??: Version 1.6.1-rc.1
|
2020-03-16 08:50:59 -05:00
|
|
|
|
* Make TLS Handshake timeout max 4/5th of timeout for the query,
|
|
|
|
|
just like connection setup timeout was, so fallback transport
|
|
|
|
|
have a chance too when TCP connection setup is less well
|
|
|
|
|
detectable (as with TCP_FASTOPEN on MacOS).
|
2020-03-13 16:31:01 -05:00
|
|
|
|
* Issue #466: Memory leak with retrying queries (for examples
|
|
|
|
|
with search paths). Thanks doublez13.
|
|
|
|
|
|
2020-02-28 08:39:53 -06:00
|
|
|
|
* 2020-02-28: Version 1.6.0
|
|
|
|
|
* Issues #457, #458, #461: New symbols with libnettle >= 3.4.
|
|
|
|
|
Thanks hanvinke & kometchtech for testing & reporting.
|
2020-02-13 10:02:24 -06:00
|
|
|
|
* Issue #432: answer_ipv4_address and answer_ipv6_address in reply
|
|
|
|
|
and response dicts.
|
|
|
|
|
* Issue #430: Record and guard UDP max payload size with servers.
|
2020-02-14 09:49:45 -06:00
|
|
|
|
* Issue #407: Run only offline-tests option with:
|
|
|
|
|
src/test/tpkg/run-offline-only.sh (only with git checkouts).
|
2020-02-20 10:52:27 -06:00
|
|
|
|
* Issue #175: Include the packet the stub resolver sent to the
|
|
|
|
|
upstream the call_reporting dict. Thanks Tom Pusateri
|
2020-02-20 13:25:35 -06:00
|
|
|
|
* Issue #169: Build eventloop support libraries if event libraries
|
|
|
|
|
are available. Thanks Tom Pusateri
|
2020-02-13 08:33:13 -06:00
|
|
|
|
|
2019-12-18 05:29:21 -06:00
|
|
|
|
* 2019-12-20: Version 1.6.0-beta.1
|
2019-11-18 10:59:29 -06:00
|
|
|
|
* Migration of build system to cmake. Build now works on Ubuntu,
|
2019-12-18 05:29:21 -06:00
|
|
|
|
Windows 10 and macOS.
|
|
|
|
|
Some notes on minor differences in the new cmake build:
|
2019-11-18 08:05:50 -06:00
|
|
|
|
* OpenSSL 1.0.2 or higher is now required
|
|
|
|
|
* libunbound 1.5.9 is now required
|
2019-11-18 10:59:29 -06:00
|
|
|
|
* Only libidn2 2.0.0 and later is supported (not libidn)
|
|
|
|
|
* Windows uses ENABLE_STUB_ONLY=ON as the default
|
2019-12-18 05:29:21 -06:00
|
|
|
|
* Unit and regression tests work on Linux/macOS
|
|
|
|
|
(but not Windows yet)
|
2019-11-18 08:05:50 -06:00
|
|
|
|
|
2019-04-03 05:36:04 -05:00
|
|
|
|
* 2019-04-03: Version 1.5.2
|
|
|
|
|
* PR #424: Two small trust anchor fetcher fixes
|
|
|
|
|
Thanks Maciej S. Szmigiero
|
2019-03-15 06:13:38 -05:00
|
|
|
|
* Issue #422: Enable server side and update client side TCP Fast
|
|
|
|
|
Open implementation. Thanks Craig Andrews
|
2019-03-13 08:21:06 -05:00
|
|
|
|
* Issue #423: Fix insecure delegation detection while scheduling.
|
2019-03-15 06:13:38 -05:00
|
|
|
|
Thanks Charles Milette
|
2019-02-15 03:29:39 -06:00
|
|
|
|
* Issue #419: Escape backslashed when printing in JSON format.
|
|
|
|
|
Thanks boB Rudis
|
2019-03-15 14:45:04 -05:00
|
|
|
|
* Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
|
|
|
|
|
option to configure. libcrypto (from OpenSSL) still needed
|
|
|
|
|
for Zero configuration DNSSEC.
|
2019-02-15 06:36:39 -06:00
|
|
|
|
* DOA rr-type
|
|
|
|
|
* AMTRELAY rr-type
|
2019-02-15 03:29:39 -06:00
|
|
|
|
|
2019-01-11 05:08:38 -06:00
|
|
|
|
* 2019-01-11: Version 1.5.1
|
2019-01-17 05:24:40 -06:00
|
|
|
|
* Introduce proof of concept GnuTLS implementation. Incomplete support
|
|
|
|
|
for Trust Anchor validation. Requires GnuTLS DANE library. Currently
|
|
|
|
|
untested with GnuTLS prior to 3.5.19, so configure demands a minumum
|
|
|
|
|
version of 3.5.0.
|
|
|
|
|
* Be consistent and always fail connection setup if setting ciphers/curves/
|
|
|
|
|
TLS version/cipher suites fails.
|
|
|
|
|
* Refactor OpenSSL usage into modules under src/openssl.
|
|
|
|
|
Drop support for LibreSSL and versions of OpenSSL prior to 1.0.2.
|
2019-01-11 05:08:38 -06:00
|
|
|
|
* PR #414: remove TLS13 ciphers from cipher_list, but
|
|
|
|
|
only when SSL_CTX_set_ciphersuites is available.
|
|
|
|
|
Thanks Bruno Pagani
|
2019-01-07 04:33:21 -06:00
|
|
|
|
* Issue #415: Filter out #defines etc. when creating
|
|
|
|
|
symbols file. Thanks Zero King
|
|
|
|
|
|
2018-12-21 08:40:13 -06:00
|
|
|
|
* 2018-12-21: Version 1.5.0
|
2018-12-21 09:30:46 -06:00
|
|
|
|
* RFE getdnsapi/stubby#121 log re-instantiating TLS
|
|
|
|
|
upstreams (because they reached tls_backoff_time) at
|
|
|
|
|
log level 4 (WARNING)
|
2018-12-21 04:44:04 -06:00
|
|
|
|
* GETDNS_RESPSTATUS_NO_NAME for NODATA answers too
|
2018-12-13 07:53:41 -06:00
|
|
|
|
* ZONEMD rr-type
|
2018-12-03 07:52:58 -06:00
|
|
|
|
* getdns_query queries for addresses when a query name
|
|
|
|
|
without a type is given.
|
2018-12-03 05:27:31 -06:00
|
|
|
|
* RFE #408: Fetching of trust anchors will be retried
|
|
|
|
|
after failure, after a certain backoff time. The time
|
|
|
|
|
can be configured with
|
|
|
|
|
getdns_context_set_trust_anchors_backoff_time().
|
2018-11-30 07:20:12 -06:00
|
|
|
|
* RFE #408: A "dnssec" extension that requires DNSSEC
|
|
|
|
|
verification. When this extension is set, Indeterminate
|
2018-12-03 05:27:31 -06:00
|
|
|
|
DNSSEC status will not be returned.
|
2018-11-27 09:59:47 -06:00
|
|
|
|
* Issue #410: Unspecified ownership of get_api_information()
|
2018-11-22 03:21:48 -06:00
|
|
|
|
* Fix for DNSSEC bug in finding most specific key when
|
|
|
|
|
trust anchor proves non-existance of one of the labels
|
|
|
|
|
along the authentication chain other than the non-
|
|
|
|
|
existance of a DS record on a zonecut.
|
2018-11-21 08:02:28 -06:00
|
|
|
|
* Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130:
|
|
|
|
|
Configurable minimum and maximum TLS versions with
|
|
|
|
|
getdns_context_set_tls_min_version() and
|
|
|
|
|
getdns_context_set_tls_max_version() functions and
|
|
|
|
|
tls_min_version and tls_max_version configuration parameters
|
|
|
|
|
for upstreams.
|
|
|
|
|
* Configurable TLS1.3 ciphersuites with the
|
|
|
|
|
getdns_context_set_tls_ciphersuites() function and
|
|
|
|
|
tls_ciphersuites config parameter for upstreams.
|
|
|
|
|
* Bugfix in upstream string configurations: tls_cipher_list and
|
|
|
|
|
tls_curve_list
|
2018-06-08 14:38:09 -05:00
|
|
|
|
* Bugfix finding signer for validating NSEC and NSEC3s, which
|
|
|
|
|
caused trouble with the partly tracing DNSSEC from the root
|
|
|
|
|
up, introduced in 1.4.2. Thanks Philip Homburg
|
|
|
|
|
|
2018-05-11 05:02:49 -05:00
|
|
|
|
* 2018-05-11: Version 1.4.2
|
2018-05-11 06:20:08 -05:00
|
|
|
|
* Bugfix getdnsapi/stubby#87: Detect and ignore duplicate certs
|
|
|
|
|
in the Windows root CA store.
|
|
|
|
|
* PR #397: No TCP sendto without TCP_FASTOPEN
|
|
|
|
|
Thanks Emery Hemingway
|
2018-05-11 04:28:52 -05:00
|
|
|
|
* Bugfix getdnsapi/stubby#106: Core dump when printing certain
|
|
|
|
|
configuration. Thanks Han Vinke
|
2018-05-03 08:14:12 -05:00
|
|
|
|
* Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root
|
|
|
|
|
up (for tld and sld), to find insecure delegations quicker.
|
|
|
|
|
Thanks UniverseXXX
|
|
|
|
|
* Bugfix: Allow NSEC spans starting from (unexpanded) wildcards
|
|
|
|
|
Bug was introduced when dealing with CVE-2017-15105
|
|
|
|
|
* Bugfix getdnsapi/stubby#46: Don't assume trailing zero with
|
|
|
|
|
string bindata's. Thanks Lonnie Abelbeck
|
2018-05-02 07:32:12 -05:00
|
|
|
|
* Bugfix #394: Update src/compat/getentropy_linux.c in order to
|
|
|
|
|
handle ENOSYS (not implemented) fallback.
|
|
|
|
|
Thanks Brent Blood
|
|
|
|
|
* Bugfix #395: Clarify that libidn2 dependency is for version 2.0.0
|
2018-05-02 07:01:00 -05:00
|
|
|
|
or higher. Thanks mire3212
|
|
|
|
|
|
2018-03-12 06:05:09 -05:00
|
|
|
|
* 2018-03-12: Version 1.4.1
|
2018-03-05 08:40:16 -06:00
|
|
|
|
* Bugfix #388: Prevent fallback to an earlier tries upstream within a
|
|
|
|
|
single query. Thanks Robert Groenenberg
|
|
|
|
|
* PR #387: Compile with OpenSSL with deprecated APIs disabled.
|
|
|
|
|
Thanks Rosen Penev
|
2018-03-05 05:47:51 -06:00
|
|
|
|
* PR #386: UDP failover improvements:
|
|
|
|
|
- When all UDP upstreams fail, retry them (more or less) equally
|
|
|
|
|
- Limit maximum UDP backoff (default to 1000)
|
|
|
|
|
This is configurable with the --with-max-udp-backoff configure
|
|
|
|
|
option.
|
|
|
|
|
Thanks Robert Groenenberg
|
2018-03-05 04:51:31 -06:00
|
|
|
|
* Bugfix: Find zonecut with DS queries (instead of SOA queries).
|
|
|
|
|
Thanks Elmer Lastdrager
|
|
|
|
|
* Bugfix #385: Verifying insecure NODATA answers (broken since 1.2.1).
|
|
|
|
|
Thanks hanvinke
|
2018-03-05 04:34:32 -06:00
|
|
|
|
* PR #384: Fix minor spelling and formatting. Thanks dkg.
|
2018-03-05 04:30:18 -06:00
|
|
|
|
* Bugfix #382: Parallel install of getdns_query and getdns_server_mon
|
2018-03-05 04:26:20 -06:00
|
|
|
|
|
2018-02-21 09:45:26 -06:00
|
|
|
|
* 2018-02-21: Version 1.4.0
|
2018-02-12 10:14:56 -06:00
|
|
|
|
* .so revision bump to please fedora packaging system.
|
|
|
|
|
Thanks Paul Wouters
|
2018-02-12 08:40:17 -06:00
|
|
|
|
* Specify the supported curves with getdns_context_set_tls_curves_list()
|
|
|
|
|
An upstream specific list of supported curves may also be given
|
|
|
|
|
with the tls_curves_list setting in the upstream dict with
|
|
|
|
|
getdns_context_set_upstream_recursive_servers()
|
2018-02-12 10:14:56 -06:00
|
|
|
|
* New tool getdns_server_mon for checking upstream recursive
|
|
|
|
|
resolver's capabilities.
|
|
|
|
|
* Improved handling of opportunistic back-off. If other transports
|
|
|
|
|
are working, don’t forcibly promote failed upstreams just wait for
|
|
|
|
|
the re-try timer.
|
|
|
|
|
* Hostname authentication with libressl
|
|
|
|
|
Thanks Norbert Copones
|
|
|
|
|
* Security bugfix in response to CVE-2017-15105. Although getdns was
|
|
|
|
|
not vulnerable for this specific issue, as a precaution code has been
|
|
|
|
|
adapted so that signatures of DNSKEYs, DSs, NSECs and NSEC3s can not
|
|
|
|
|
be wildcard expansions when used with DNSSEC proofs. Only direct
|
|
|
|
|
queries for those types are allowed to be wildcard expansions.
|
|
|
|
|
* Bugfix PR#379: Miscelleneous double free or corruption, and corrupted
|
2018-02-23 16:11:46 -06:00
|
|
|
|
memory double linked list detected issue, with serving functionality.
|
2018-02-12 10:14:56 -06:00
|
|
|
|
Thanks maddie and Bruno Pagani
|
|
|
|
|
* Security Bugfix PR#293: Check sha256 pinset's
|
|
|
|
|
with OpenSSL native DANE functions for OpenSSL >= 1.1.0
|
|
|
|
|
with Viktor Dukhovni's danessl library for OpenSSL >= 1.0.0
|
|
|
|
|
don't allow for authentication exceptions (like self-signed
|
|
|
|
|
certificates) otherwise. Thanks Viktor Dukhovni
|
2018-01-08 05:54:48 -06:00
|
|
|
|
* libidn2 support. Thanks Paul Wouters
|
|
|
|
|
|
2017-12-21 10:06:43 -06:00
|
|
|
|
* 2017-12-21: Version 1.3.0
|
2017-12-21 09:21:10 -06:00
|
|
|
|
* Bugfix #300: Detect dnsmasq and skip unit test that fails with it.
|
|
|
|
|
Thanks Tim Rühsen and Konomi Kitten
|
2017-12-21 05:30:15 -06:00
|
|
|
|
* Specify default available cipher suites for authenticated TLS
|
|
|
|
|
upstreams with getdns_context_set_tls_ciphers_list()
|
|
|
|
|
An upstream specific available cipher suite may also be given
|
|
|
|
|
with the tls_cipher_list setting in the upstream dict with
|
|
|
|
|
getdns_context_set_upstream_recursive_servers()
|
2017-12-20 02:43:45 -06:00
|
|
|
|
* PR #366: Add support for TLS 1.3 and Chacha20-Poly1305
|
|
|
|
|
Thanks Pascal Ernster
|
2017-12-13 06:08:24 -06:00
|
|
|
|
* Bugfix #356: Do Zero configuration DNSSEC meta queries over on the
|
2017-12-20 02:43:45 -06:00
|
|
|
|
context configured upstreams. Thanks Andreas Schulze
|
2017-12-13 04:55:49 -06:00
|
|
|
|
* Report default extension settings with
|
|
|
|
|
getdns_context_get_api_information()
|
2017-12-12 08:10:37 -06:00
|
|
|
|
* Specify locations at which CA certificates for verification purposes
|
2017-12-21 06:08:01 -06:00
|
|
|
|
are located: getdns_context_set_tls_ca_path()
|
|
|
|
|
getdns_context_set_tls_ca_file()
|
2017-12-12 05:24:31 -06:00
|
|
|
|
* getdns_context_set_resolvconf() function to initialize a context
|
|
|
|
|
upstreams and suffices with a resolv.conf file.
|
|
|
|
|
getdns_context_get_resolvconf() to get the file used to initialize
|
|
|
|
|
the context's upstreams and suffixes.
|
|
|
|
|
getdns_context_set_hosts() function to initialize a context's
|
|
|
|
|
LOCALNAMES namespace.
|
|
|
|
|
getdns_context_get_hosts() function to get the file used to initialize
|
|
|
|
|
the context's LOCALNAMES namespace.
|
|
|
|
|
* get which version of OpenSSL was used at build time and at run time
|
|
|
|
|
when available with getdns_context_get_api_information()
|
2017-12-12 05:38:55 -06:00
|
|
|
|
* GETDNS_RETURN_IO_ERROR return error code
|
2017-11-23 06:20:42 -06:00
|
|
|
|
* Bugfix #359: edns_client_subnet_private should set family
|
2017-12-20 02:43:45 -06:00
|
|
|
|
Thanks Daniel Areiza & Andreas Schulze
|
2017-12-13 08:41:08 -06:00
|
|
|
|
* Bugfix getdnsapi/stubby#34: Segfault issue with native DNSSEC
|
|
|
|
|
validation. Thanks Bruno Pagani
|
2017-11-23 06:20:42 -06:00
|
|
|
|
|
2017-11-10 10:42:25 -06:00
|
|
|
|
* 2017-11-11: Version 1.2.1
|
2017-11-03 14:26:45 -05:00
|
|
|
|
* Handle more I/O error cases. Also, when an I/O error does occur,
|
|
|
|
|
never stop listening (with servers), and
|
|
|
|
|
never exit (when running the built-in event loop).
|
2017-11-02 09:14:07 -05:00
|
|
|
|
* Bugfix: Tolerate unsigned and unused RRsets in the authority section.
|
|
|
|
|
Fixes DNSSEC with BIND upstream.
|
|
|
|
|
* Bugfix: DNSSEC validation without support records
|
|
|
|
|
* Bugfix: Validation of full recursive DNSKEY lookups
|
|
|
|
|
* Bugfix: Retry to validate full recursion BOGUS replies with zero
|
|
|
|
|
configuration DNSSEC only when DNSSEC was actually requested
|
2017-10-27 02:58:25 -05:00
|
|
|
|
* Bugfix #348: Fix a linking issue in stubby when libbsd is present
|
|
|
|
|
Thanks Remi Gacogne
|
2017-11-02 09:06:56 -05:00
|
|
|
|
* More robust scheduling; Eliminating a segfault with long running
|
|
|
|
|
applications.
|
|
|
|
|
* Miscellaneous Windows portability fixes from Jim Hague.
|
2017-10-02 09:36:07 -05:00
|
|
|
|
* Fix Makefile dependencies for parallel install.
|
|
|
|
|
Thanks ilovezfs
|
|
|
|
|
|
2017-09-29 15:46:31 -05:00
|
|
|
|
* 2017-09-29: Version 1.2.0
|
2017-09-28 15:28:39 -05:00
|
|
|
|
* Bugfix of rc1: authentication of first query with TLS
|
2017-09-29 04:41:58 -05:00
|
|
|
|
Thanks Travis Burtrum
|
2017-09-21 05:33:44 -05:00
|
|
|
|
* A function to set the location for library specific data,
|
|
|
|
|
like trust-anchors: getdns_context_set_appdata().
|
|
|
|
|
* Zero configuration DNSSEC - build upon the scheme
|
|
|
|
|
described in RFC7958. The URL from which to fetch
|
|
|
|
|
the trust anchor, the verification CA and email
|
|
|
|
|
can be set with the new getdns_context_set_trust_anchor_url(),
|
|
|
|
|
getdns_context_set_trust_anchor_verify_CA() and
|
|
|
|
|
getdns_context_set_trust_anchor_verify_email() functions.
|
|
|
|
|
The default values are to fetch from IANA and to validate
|
|
|
|
|
with the ICANN CA.
|
|
|
|
|
* Update of Stubby with yaml configuration file and
|
|
|
|
|
logging from a certain severity support.
|
2017-09-20 08:38:07 -05:00
|
|
|
|
* Fix tpkg exit status on test failure. Thanks Jim Hague.
|
|
|
|
|
* Refined logging levels for upstream statistics
|
|
|
|
|
* Reuse (best behaving) backed-off TLS upstreams when non are usable.
|
|
|
|
|
* Let TLS upstreams back-off a incremental amount of time.
|
|
|
|
|
Back-off time starts with 1 second and is doubled each failure, but
|
|
|
|
|
will not exceed the time given by getdns_context_set_tls_backoff_time()
|
|
|
|
|
* Make TLS upstream management more resilient to temporary outages
|
|
|
|
|
(like laptop sleeps)
|
|
|
|
|
|
2017-09-04 03:21:23 -05:00
|
|
|
|
* 2017-09-04: Version 1.1.3
|
|
|
|
|
* Small bugfixes that came out of static analysis
|
2017-08-24 06:29:16 -05:00
|
|
|
|
* No annotations with the output of getdns_query anymore,
|
|
|
|
|
unless -V option is given to increase verbosity
|
|
|
|
|
Thanks Ollivier Robert
|
|
|
|
|
* getdns_query will now exit with failure status if replies are BOGUS
|
|
|
|
|
* Bugfix: dnssec_return_validation_chain now also works when fallback
|
|
|
|
|
to full recursion was needed with dnssec_roadblock_avoidance
|
|
|
|
|
* More clear build instructions from Paul Hoffman. Thanks.
|
|
|
|
|
* Bugfix #320.1: Eliminate multiple closing of file descriptors
|
|
|
|
|
Thanks Neil Cook
|
|
|
|
|
* Bugfix #320.2: Array bounds bug in upstream_select
|
|
|
|
|
Thanks Neil Cook
|
|
|
|
|
* Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
|
|
|
|
|
pages. Thanks James Raftery
|
|
|
|
|
* Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
|
|
|
|
|
but does not have it implemented. Thanks Joel Purra
|
|
|
|
|
* Compile without Stubby by default. Stubby now has a git repository
|
|
|
|
|
of its own. The new Stubby repository is added as a submodule.
|
|
|
|
|
Stubby will still be build alongside getdns with the --with-stubby
|
|
|
|
|
configure option.
|
|
|
|
|
|
2017-07-03 09:23:25 -05:00
|
|
|
|
* 2017-07-03: Version 1.1.2
|
2017-06-28 14:21:15 -05:00
|
|
|
|
* Bugfix for parallel make install
|
2017-06-28 14:24:35 -05:00
|
|
|
|
* Bugfix to trigger event callbacks on socket errors
|
2017-06-28 14:21:15 -05:00
|
|
|
|
* A getdns_context_set_logfunc() function with which one may
|
|
|
|
|
register a callback log function for certain library subsystems
|
|
|
|
|
at certain levels. Currently this can only be used for
|
|
|
|
|
upstream stastistics subsystem.
|
|
|
|
|
|
2017-06-15 14:43:23 -05:00
|
|
|
|
* 2017-06-15: Version 1.1.1
|
|
|
|
|
* Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
|
|
|
|
|
* Spelling fix s/receive/receive. Thanks Andreas Schulze.
|
2017-06-08 05:08:44 -05:00
|
|
|
|
* Added stubby-setdns-macos.sh script to support Homebrew formula
|
|
|
|
|
* Include stubby.conf in the districution tarball
|
|
|
|
|
* Bugfix #286 reschedule reused listening addresses
|
|
|
|
|
* Bugfix #166 Allow parallel builds and unit-tests
|
|
|
|
|
* NSAP-PTR, EID and NIMLOC, TALINK, AVC support
|
2017-06-08 07:48:22 -05:00
|
|
|
|
* Bugfix of TA RR type
|
2017-06-08 05:08:44 -05:00
|
|
|
|
* OPENPGPKEY and SMIMEA support
|
|
|
|
|
* Bugfix TAG rdata type presentation format for CAA RR type
|
|
|
|
|
* Bugfix Zero sized gateways with IPSECKEY gateway_type 0
|
|
|
|
|
* Guidance for integration with systemd
|
|
|
|
|
* Also check for memory leaks with advances server capabilities.
|
|
|
|
|
* Bugfix convert IP string to IP dict with getdns_str2dict() directly.
|
|
|
|
|
|
2017-04-13 04:48:40 -05:00
|
|
|
|
* 2017-04-13: Version 1.1.0
|
|
|
|
|
* bugfix: Check size of tls_auth_name.
|
|
|
|
|
* Improvements that came from Visual Studio static analysis
|
2017-04-12 16:05:17 -05:00
|
|
|
|
* Fix to compile with libressl. Thanks phicoh.
|
2017-04-11 16:33:24 -05:00
|
|
|
|
* Spelling fixes. Thanks Andreas Schulze.
|
2017-04-06 09:13:15 -05:00
|
|
|
|
* bugfix: Reschedule request timeout when getting the DNSSEC chain.
|
2017-04-06 12:47:15 -05:00
|
|
|
|
* getdns_context_unset_edns_maximum_udp_payload_size() to reset
|
|
|
|
|
to default IPv4/IPv6 dependent edns max udp payload size.
|
2017-04-06 09:13:15 -05:00
|
|
|
|
* Implement sensible default edns0 padding policy. Thanks DKG.
|
|
|
|
|
* Keep connections open with sync requests too.
|
|
|
|
|
* Fix of event loops so they do not give up with naked timers with
|
|
|
|
|
windows. Thanks Christian Huitema.
|
|
|
|
|
* Include peer certificate with DNS-over-TLS in combination with
|
|
|
|
|
the return_call_reporting extension.
|
2017-03-22 05:52:07 -05:00
|
|
|
|
* More fine grained control over TLS upstream retry and back off
|
|
|
|
|
behaviour with getdns_context_set_tls_backoff_time() and
|
|
|
|
|
getdns_context_set_tls_connection_retries().
|
2017-03-22 06:35:23 -05:00
|
|
|
|
* New round robin over the available upstreams feaure.
|
|
|
|
|
Enable with getdns_context_set_round_robin_upstreams()
|
2017-03-22 05:52:07 -05:00
|
|
|
|
* Bugfix: Queue requests when no sockets available for outgoing queries.
|
|
|
|
|
* Obey the outstanding query limit with STUB resolution mode too.
|
|
|
|
|
* Updated stubby config file
|
2017-03-22 06:35:23 -05:00
|
|
|
|
* Draft MDNS client implementation by Christian Huitema.
|
|
|
|
|
Enable with --enable-draft-mdns-support to configure
|
2017-03-22 05:52:07 -05:00
|
|
|
|
* bugfix: Let synchronous queries use fds > MAX_FDSETSIZE;
|
|
|
|
|
By moving default eventloop from select to poll
|
|
|
|
|
Thanks Neil Cook
|
|
|
|
|
* bugfix: authentication failure for self signed cert + only pinset
|
|
|
|
|
* bugfix: issue with session re-use making authentication appear to fail
|
2017-04-06 09:13:15 -05:00
|
|
|
|
|
2017-01-13 13:22:49 -06:00
|
|
|
|
* 2017-01-13: Version 1.0.0
|
|
|
|
|
* edns0_cookies extension enabled by default (per RFC7873)
|
|
|
|
|
* dnssec_roadblock_avoidance enabled by default (per RFC8027)
|
|
|
|
|
* bugfix: DSA support with OpenSSL 1.1.0
|
|
|
|
|
* Initialize OpenSSL just once in a thread safe way
|
|
|
|
|
* Thread safety with arc4random function
|
|
|
|
|
* Improvements that came from Visual Studio static analysis
|
|
|
|
|
Thanks Christian Huitema
|
|
|
|
|
* Conventional RFC3986 IPv6 [address]:port parsing from getdns_query
|
|
|
|
|
* bugfix: OpenSSL 1.1.0 style crypto locking
|
|
|
|
|
Thanks volkommenheit
|
|
|
|
|
* configure tells *which* dependency is missing
|
|
|
|
|
* bugfix: Exclude terminating '\0' from bindata's returned by
|
|
|
|
|
getdns_get_suffix(). Thanks Jim Hague
|
|
|
|
|
* Better README.md. Thanks Andrew Sullivan
|
|
|
|
|
|
2016-10-19 07:30:31 -05:00
|
|
|
|
* 2016-10-19: Version 1.1.0-a2
|
|
|
|
|
* Improved TLS connection management
|
|
|
|
|
* OpenSSL 1.1 support
|
|
|
|
|
* Stubby, Server version of getdns_query that by default listens
|
|
|
|
|
on 127.0.0.1 and ::1 and reads config from /etc/stubby.conf
|
|
|
|
|
and $HOME/.stubby.conf
|
|
|
|
|
|
2016-07-14 08:20:13 -05:00
|
|
|
|
* 2016-07-14: Version 1.1.0a1
|
|
|
|
|
* Conversion functions from text strings to getdns native types:
|
|
|
|
|
getdns_str2dict(), getdns_str2list(), getdns_str2bindata() and
|
|
|
|
|
getdns_str2int()
|
|
|
|
|
* A getdns_context_config() function that configures a context
|
|
|
|
|
with settings given in a getdns_dict
|
|
|
|
|
* A a getdns_context_set_listen_addresses() function and companion
|
|
|
|
|
getdns_reply() function to construct simple name servers.
|
2016-07-14 08:24:59 -05:00
|
|
|
|
* Relocate getdns_query to src/tools and build by default
|
|
|
|
|
* Enhancements to the logic used to select connection based upstream
|
|
|
|
|
transports (TCP, TLS) to improve robustness and re-use of
|
|
|
|
|
connections/upstreams.
|
2016-07-14 08:20:13 -05:00
|
|
|
|
|
2016-07-14 08:18:27 -05:00
|
|
|
|
* 2016-07-14: Version 1.0.0b2
|
2016-07-04 07:50:02 -05:00
|
|
|
|
* Collect coverage information from the unit tests
|
|
|
|
|
Thanks Shane Kerr
|
|
|
|
|
* pkg-config for the getdns_ext_event library
|
|
|
|
|
Thanks Tom Pusateri
|
|
|
|
|
* Bugfix: Multiple requests on the same upstream with a transport
|
|
|
|
|
that keeps connections open in synchronous stub mode.
|
|
|
|
|
* Canonicalized DNSSEC chain with dnssec_return_validation_chain
|
|
|
|
|
(when validated)
|
|
|
|
|
* A dnssec_return_full_validation_chain extension which includes
|
|
|
|
|
then validated resource records.
|
|
|
|
|
* Bugfix: Callbacks fired while scheduling (answer from cache)
|
|
|
|
|
with the unbound plugable event API
|
|
|
|
|
* header extension to set opcode and flags in stub mode
|
|
|
|
|
* Unit tests that cover more code
|
|
|
|
|
* Static checking with the clang analyzer
|
|
|
|
|
* getdns_pretty_print_dict prints dname's as primitives
|
|
|
|
|
* Accept just bindata's instead of address dicts.
|
|
|
|
|
Allow misshing "address_type" in address dicts.
|
|
|
|
|
* TLS session resumption
|
|
|
|
|
* -C <config file> option to getdns_query to configure context
|
2018-02-23 16:11:46 -06:00
|
|
|
|
from a json like formatted file. The output of -i (print API
|
2016-07-04 07:50:02 -05:00
|
|
|
|
information) can be used as config file directly.
|
|
|
|
|
Settings may also be given in this format as arguments of
|
|
|
|
|
the getdns_query command directly.
|
|
|
|
|
* DNS server mode for getdns_query. Enable by providing addresses
|
|
|
|
|
to listen on, either by giving "-z <listen address>" options or by
|
|
|
|
|
providing "listen_addresses" in the config file or settings.
|
|
|
|
|
* Bugfixes from deckard testing: CNAME loop protection.
|
|
|
|
|
* "srv_addresses" in response dict with getdns_service()
|
|
|
|
|
* use libbsd when available
|
|
|
|
|
Thanks Guillem Jover
|
|
|
|
|
* Bugfix: DNSSEC wildcard validation issue
|
|
|
|
|
* Bugfix: TLS timeouts not re-using a connection
|
|
|
|
|
* A getdns_context_get_eventloop(), to get the current
|
|
|
|
|
(pluggable) eventloop from context
|
|
|
|
|
* getdns_query now uses the default event loop (instead of custom)
|
|
|
|
|
* Return call_reporting info in case of timeout
|
|
|
|
|
Thanks Robert Groenenberg
|
|
|
|
|
* Bugfix: Build fails with autoconf 2.63, works with 2.68.
|
|
|
|
|
Thanks Robert Groenenberg
|
|
|
|
|
* Doxygen output for getdns.h and getdns_extra.h only
|
2016-07-13 08:28:08 -05:00
|
|
|
|
* Do not call SSL_library_init() from getdns_context_create() when
|
|
|
|
|
the second bit from the set_from_os parameter is set.
|
2016-07-04 07:50:02 -05:00
|
|
|
|
|
|
|
|
|
* 2016-03-31: Version 1.0.0b1
|
2016-03-30 10:33:49 -05:00
|
|
|
|
* openssl 1.1.0 support
|
|
|
|
|
* GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix handling
|
|
|
|
|
* getdns_context_set_follow_redirects()
|
|
|
|
|
* Read suffix list from registry on Windows
|
|
|
|
|
* A dnssec_return_all_statuses extension
|
|
|
|
|
* Set root servers without temporary file (libunbound >= 1.5.8 needed)
|
|
|
|
|
* Eliminate unit test's ldns dependency
|
|
|
|
|
* pkts wireformat <-> getdns_dict <-> string
|
|
|
|
|
conversion functions
|
|
|
|
|
* Eliminate all side effects when doing sync requests
|
|
|
|
|
(libunbound >= 1.5.9 needed)
|
|
|
|
|
* Bugfix: Load gost algorithm if digest is seen before key algorithm
|
|
|
|
|
Thanks Jelte Janssen
|
|
|
|
|
* Bugfix: Respect DNSSEC skew.
|
|
|
|
|
* Offline dnssec validation for any given point in time
|
|
|
|
|
* Correct return value in documentation for getdns_pretty_print_dict().
|
|
|
|
|
Thanks Linus Nordberg
|
|
|
|
|
* Bugfix: Don't treat "domain" or "search" as a nameserver.
|
|
|
|
|
Thanks Linus Nordberg
|
|
|
|
|
* Use the default CA trust store on Windows (for DNS over TLS).
|
|
|
|
|
* Propagate eventloop to unbound when unbound has pluggable event loops
|
|
|
|
|
(libunbound >= 1.5.9 needed)
|
|
|
|
|
* Replace mini_event extension by default_eventloop
|
|
|
|
|
* Bugfix: Segfault on NULL pin
|
|
|
|
|
* Bugfix: Correct output of get_api_settings
|
|
|
|
|
* Bugfix: Memory leak with getdns_get_api_information()
|
2016-02-26 05:24:45 -06:00
|
|
|
|
Thanks Robert Groenenberg.
|
|
|
|
|
|
2015-12-30 08:36:28 -06:00
|
|
|
|
* 2015-12-31: Version 0.9.0
|
2015-12-23 11:50:10 -06:00
|
|
|
|
* Update of unofficial extension to the API that supports stub mode
|
|
|
|
|
TLS verification. GETDNS_AUTHENTICATION_HOSTNAME is replaced by
|
|
|
|
|
GETDNS_AUTHENTICATION_REQUIRED (but remains available as an alias).
|
|
|
|
|
Upstreams can now be configured with either a hostname or a SPKI pinset
|
|
|
|
|
for TLS authentication (or both). If the GETDNS_AUTHENTICATION_REQUIRED
|
|
|
|
|
option is used at least one piece of authentication information must be
|
|
|
|
|
configured for each upstream, and all the configured authentication
|
|
|
|
|
information for an upstream must validate.
|
2015-12-17 11:20:08 -06:00
|
|
|
|
* Remove STARTTLS implementation (no change to SPEC)
|
2015-12-16 08:20:35 -06:00
|
|
|
|
* Enable TCP Fast Open when possible. Add OSX support for TFO.
|
|
|
|
|
* Rename return_call_debugging to return_call_reporting
|
2015-12-24 09:57:48 -06:00
|
|
|
|
* Bugfix: configure problem with getdns-0.5.1 on OpenBSD
|
|
|
|
|
Thanks Claus Assmann.
|
|
|
|
|
* pkg-config support. Thanks Neil Cook.
|
|
|
|
|
* Functions to convert from RR dicts to wireformat and text format
|
|
|
|
|
and vice versa. Including a function that builds a getdns_list
|
|
|
|
|
of RR dicts from a zonefile.
|
2015-12-30 08:36:28 -06:00
|
|
|
|
* Use the with the getdns_context_set_dns_root_servers() function
|
|
|
|
|
provided root servers in recursing resolution modus.
|
2015-12-24 09:57:48 -06:00
|
|
|
|
* getdns_query option (-f) to read a DNSSEC trust anchor from file.
|
|
|
|
|
* getdns_query option (-R) to read a "root hints" file.
|
|
|
|
|
* Bugfix: Detect and prevent duplicate NSEC(3)s to be returned with
|
|
|
|
|
dnssec_return_validation_chain.
|
|
|
|
|
* Bugfix: Remove duplicate RRs from RRsets when DNSSEC verifying
|
|
|
|
|
* Client side edns-tcp-keepalive support
|
2015-12-30 08:36:28 -06:00
|
|
|
|
* TSIG support + getdns_query syntax to specify TSIG parameters
|
|
|
|
|
per upstream: @<ip>[^[<algorithm>:]<name>:<secret in Base64>]
|
|
|
|
|
* Bugfix: Allow truncated answers to be returned in case of missing
|
|
|
|
|
fallback transport.
|
2015-12-24 09:57:48 -06:00
|
|
|
|
* Verify upstream TLS pubkeys with pinsets; A getdns_query option
|
|
|
|
|
(-K) to attach pinsets to getdns_contexts.
|
|
|
|
|
Thanks Daniel Kahn Gillmor
|
|
|
|
|
* Initial support for Windows. Thanks Gowri Visweswaran
|
2015-12-30 08:36:28 -06:00
|
|
|
|
* add_warning_for_bad_dns extension
|
|
|
|
|
* Try and retry with suffixes giving with getdns_context_set_suffix()
|
|
|
|
|
following directions given by getdns_context_set_append_name()
|
|
|
|
|
getdns_query options to set suffixes and append_name directions:
|
|
|
|
|
'-W' to append suffix always (default)
|
|
|
|
|
'-1' to append suffix only to single label after failure
|
|
|
|
|
'-M' to append suffix only to multi label name after failure
|
|
|
|
|
'-N' to never append a suffix
|
2017-04-11 16:33:24 -05:00
|
|
|
|
'-Z <suffixes>' to set suffixes with the given comma separated list
|
2015-12-30 08:36:28 -06:00
|
|
|
|
* Better help text for getdns_query (printed with the '-h' option)
|
|
|
|
|
* Setting the +specify_class extension with getdns_query
|
|
|
|
|
* Return NOT_IMPLEMENTED for not implemented namespaces, and the
|
|
|
|
|
not implemented getdns_context_set_follow_redirects() function.
|
2015-12-16 08:20:35 -06:00
|
|
|
|
|
2015-11-18 09:32:50 -06:00
|
|
|
|
* 2015-11-18: Version 0.5.1
|
2015-11-11 05:40:23 -06:00
|
|
|
|
* Bugfix: growing upstreams arrow.
|
|
|
|
|
* Bugfix: Segfault on timeout in specific conditions
|
|
|
|
|
* Bugfix: install getdns_extra.h from build location
|
|
|
|
|
* Bugfix: Don't let cookies overwrite existing EDNS0 options
|
2015-11-11 06:52:02 -06:00
|
|
|
|
* Don't link libdl
|
2015-11-11 05:40:23 -06:00
|
|
|
|
* The EDNS(0) Padding Option (draft-mayrhofer-edns0-padding).
|
|
|
|
|
When using DNS over TLS, query sizes will be padded to multiples
|
|
|
|
|
of a block size given with:
|
|
|
|
|
getdns_context_set_tls_query_padding_blocksize()
|
|
|
|
|
* An EDNS client subnet private option, that will ask a EDNS client
|
|
|
|
|
subnet aware resolver to not reveal any details about the
|
|
|
|
|
originating network. See: draft-ietf-dnsop-edns-client-subnet
|
|
|
|
|
Set with: getdns_context_set_edns_client_subnet_private()
|
|
|
|
|
* The return_call_debugging extension. The extension will also return
|
|
|
|
|
the transport used on top of the information about the request which
|
|
|
|
|
is described in the API spec.
|
|
|
|
|
* A dnssec_roadblock_avoidance extension. When set, the library will
|
|
|
|
|
work in stub resolution mode and try to get a by DNSSEC validation
|
|
|
|
|
assessed answer. On BOGUS answers the library will retry rescursive
|
|
|
|
|
resolution mode. This is the simplest form of passive roadblock
|
2015-11-11 06:52:02 -06:00
|
|
|
|
detection and avoidance: draft-ietf-dnsop-dnssec-roadblock-avoidance.
|
|
|
|
|
Use the --enable-draft-dnssec-roadblock-avoidance option to configure
|
|
|
|
|
to compile with this extension.
|
2015-11-01 01:23:26 -05:00
|
|
|
|
|
2015-10-29 09:43:00 -05:00
|
|
|
|
* 2015-10-29: Version 0.5.0
|
2015-09-29 07:03:48 -05:00
|
|
|
|
* Native crypto. No ldns dependency anymore.
|
|
|
|
|
(ldns still necessary to be able to run tests though)
|
2015-10-21 10:19:50 -05:00
|
|
|
|
* JSON pointer arguments to getdns_dict_get_* and getdns_dict_set_*
|
|
|
|
|
to dereference nested dicts and lists.
|
2015-10-02 05:45:32 -05:00
|
|
|
|
* Bugfix: DNSSEC code finding zone cut with redirects + pursuing unsigned
|
|
|
|
|
DS answers close to the root. Thanks Theogene Bucuti!
|
2015-10-16 12:31:57 -05:00
|
|
|
|
* Default port for TLS changed to 853
|
|
|
|
|
* Unofficial extension to the API to allow TLS hostname verification to be
|
|
|
|
|
required for stub mode when using only TLS as a transport.
|
|
|
|
|
When required a hostname must be supplied in the
|
|
|
|
|
'hostname' field of the upstream_list dict and the TLS cipher suites are
|
|
|
|
|
restricted to the 4 AEAD suites recommended in RFC7525.
|
2015-09-09 05:48:10 -05:00
|
|
|
|
|
2015-09-09 05:45:29 -05:00
|
|
|
|
* 2015-09-09: Version 0.3.3
|
2015-09-04 09:20:21 -05:00
|
|
|
|
* Fix clearing upstream events on shutdown
|
2015-09-08 03:52:04 -05:00
|
|
|
|
* Fix dnssec validation of direct CNAME queries.
|
|
|
|
|
Thanks Simson L. Garfinkel.
|
2015-09-08 04:20:52 -05:00
|
|
|
|
* Fix get_api_information():version_string also for release candidates
|
2015-09-08 03:52:04 -05:00
|
|
|
|
|
2015-09-03 08:39:44 -05:00
|
|
|
|
* 2015-09-04: Version 0.3.2
|
2015-08-27 06:53:02 -05:00
|
|
|
|
* Fix returned upstreams list by getdns_context_get_api_information()
|
|
|
|
|
* Fix some autoconf issues when srcdir != builddir
|
2018-02-23 16:11:46 -06:00
|
|
|
|
* Fix remove build date from manpage version for reproducible builds
|
2015-08-27 06:53:02 -05:00
|
|
|
|
* Fix transport fallback issues plus transport fallback unit test script
|
|
|
|
|
* Fix string bindata's need not contain trailing zero byte
|
2015-08-28 04:09:32 -05:00
|
|
|
|
* --enable-stub-only configure option for stub only operation.
|
|
|
|
|
Stub mode will be the default. Removes the dependency on libunbound
|
2015-08-28 06:33:02 -05:00
|
|
|
|
* --with-getdns_query compiles and installs the getdns_query tool too
|
2015-09-03 08:39:44 -05:00
|
|
|
|
* Fix assert on context destruction from a callback in stub mode too.
|
2015-09-04 03:33:08 -05:00
|
|
|
|
* Use a thread instead of a process for running the unbound event loop.
|
2015-08-27 06:53:02 -05:00
|
|
|
|
|
|
|
|
|
* 2015-07-18: Version 0.3.1
|
2015-07-18 10:39:19 -05:00
|
|
|
|
* Fix repeating rdata fields
|
|
|
|
|
|
2015-07-17 11:10:57 -05:00
|
|
|
|
* 2015-07-17: Version 0.3.0
|
2015-05-26 07:16:27 -05:00
|
|
|
|
* Unit test for spurious execute bits. Thanks Paul Wouters.
|
2015-07-09 07:00:26 -05:00
|
|
|
|
* Added new transport list options in API. The option is now an ordered
|
|
|
|
|
list of GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP,
|
|
|
|
|
GETDNS_TRANSPORT_TLS, GETDNS_TRANSPORT_STARTTLS.
|
2015-06-18 11:29:23 -05:00
|
|
|
|
* Added new context setting for idle_timeout
|
2015-07-06 07:14:46 -05:00
|
|
|
|
* CSYNC RR type
|
2015-07-09 07:30:11 -05:00
|
|
|
|
* EDNS0 COOKIE option code set to 10
|
2015-07-09 07:27:22 -05:00
|
|
|
|
* dnssec_return_validation_chain for negative and insecure responses.
|
|
|
|
|
* dnssec_return_validation_chain return a single RRSIG on each RRSET
|
|
|
|
|
(whenever possible)
|
|
|
|
|
* getdns_validate_dnssec() accept replies from the replies_tree
|
|
|
|
|
* getdns_validate_dnssec() asses negative and insecure responses.
|
|
|
|
|
* Native stub dnssec validation
|
2015-07-09 17:57:58 -05:00
|
|
|
|
* Implemented getdns_context_set_dnssec_trust_anchors()
|
|
|
|
|
* Switch freely between stub and recursive mode
|
|
|
|
|
* getdns_query -k shows default trust anchors
|
|
|
|
|
* functions and defines to get library and API versions in string
|
|
|
|
|
and numeric values: getdns_get_version(), getdns_get_version_number(),
|
|
|
|
|
getdns_get_api_version() and getdns_get_api_version_number()
|
2015-05-26 07:16:27 -05:00
|
|
|
|
|
2015-05-21 04:24:16 -05:00
|
|
|
|
* 2015-05-21: Version 0.2.0
|
2015-04-30 04:57:32 -05:00
|
|
|
|
* Fix libversion numbering: Thanks Daniel Kahn Gillmor
|
2015-05-11 06:24:39 -05:00
|
|
|
|
* run_once method for the libevent extension
|
2015-05-12 14:15:35 -05:00
|
|
|
|
* autoreconf -fi on FreeBSD always, because of newer libtool version
|
|
|
|
|
suitable for FreeBSD installs too. Thanks Robert Edmonds
|
2015-05-13 16:24:36 -05:00
|
|
|
|
* True asynchronous processing of the new TLS transport options
|
|
|
|
|
* GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN
|
|
|
|
|
transport option.
|
2015-05-21 05:29:04 -05:00
|
|
|
|
* Manpage fixes: Thanks Anthony Kirby
|
2015-04-30 04:57:32 -05:00
|
|
|
|
|
2015-04-19 14:36:24 -05:00
|
|
|
|
* 2015-04-19: Version 0.1.8
|
|
|
|
|
* The GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN and
|
|
|
|
|
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN
|
|
|
|
|
DNS over TLS transport options.
|
|
|
|
|
|
2015-04-08 14:08:36 -05:00
|
|
|
|
* 2015-04-08: Version 0.1.7
|
2015-03-26 16:09:02 -05:00
|
|
|
|
* Individual getter functions for context settings
|
|
|
|
|
* Fix: --with-current-date function to make build deterministically
|
|
|
|
|
reproducible (i.e. the GETDNS_COMPILATION_COMMENT define from
|
|
|
|
|
getdns.h contains a date value). Thanks Ondřej Surý
|
|
|
|
|
* Fix: Include m4 dir in distribution tarball
|
|
|
|
|
* Fix: Link build requirements in tests too. Thanks Ondřej Surý
|
|
|
|
|
* Fix: Remove executable flags on source files. Thanks Paul Wouters
|
|
|
|
|
* Fix: Return "just_address_answers" only when queried for addresses
|
|
|
|
|
* Eliminate ldns intermediate wireformat parsing
|
|
|
|
|
* The CSYNC RR type
|
|
|
|
|
* Fix: canonical_name in response dict returns the canonical name
|
|
|
|
|
found after following all CNAMEs
|
|
|
|
|
* Implementation of the section 6 and 7 version of
|
|
|
|
|
draft-ietf-dnsop-cookies-01.txt for stub resolution. Enable with the
|
|
|
|
|
--enable-draft-edns-cookies option to configure. Use it by setting the
|
|
|
|
|
edns_cookies extension to GETDNS_EXTENSION_TRUE.
|
|
|
|
|
* Pretty printing of lists with:
|
|
|
|
|
char *getdns_pretty_print_list(getdns_list *list)
|
|
|
|
|
* Output to json format with:
|
|
|
|
|
char * getdns_print_json_dict(const getdns_dict *some_dict, int pretty);
|
|
|
|
|
char * getdns_print_json_list(const getdns_list *some_list, int pretty);
|
|
|
|
|
* snprintf style versions of the dict, list and json print functions.
|
|
|
|
|
* Better random number generation with OpenBSD's arc4random
|
2015-04-02 06:35:52 -05:00
|
|
|
|
* Let getdns_address schedule the AAAA query first. This results in AAAA
|
|
|
|
|
being the first in the just_address_answers sections of the response dict.
|
2015-04-02 07:42:26 -05:00
|
|
|
|
* New context update callback function to also return a user given argument
|
|
|
|
|
along with the context and which item was changed.
|
|
|
|
|
Thanks Scott Hollenbeck.
|
2015-04-02 08:33:10 -05:00
|
|
|
|
* Demotivate use of getdns_strerror and expose getdns_get_errorstr_by_id.
|
|
|
|
|
Thanks Scott Hollenbeck.
|
2015-04-02 15:01:30 -05:00
|
|
|
|
* A getter for context update callback, to allow for chaining update
|
|
|
|
|
callbacks.
|
2015-03-26 16:09:02 -05:00
|
|
|
|
|
2015-01-16 07:07:40 -06:00
|
|
|
|
* 2015-01-16: Version 0.1.6
|
2014-11-04 17:47:43 -06:00
|
|
|
|
* Fix: linking against libev on FreeBSD
|
|
|
|
|
* Fix: Let configure report problem on FreeBSD when configuring with
|
|
|
|
|
libevent and libunbound <= 1.4.22 is not compiled with libevent.
|
2014-12-23 08:29:53 -06:00
|
|
|
|
* Fix: Build on Mac OS-X
|
|
|
|
|
* Fix: Lintian errors in manpages
|
|
|
|
|
* Better libcheck detection
|
|
|
|
|
* Better portability with UNIX systems
|
2014-11-04 17:47:43 -06:00
|
|
|
|
|
2014-10-27 09:02:18 -05:00
|
|
|
|
* 2014-10-31: Version 0.1.5
|
|
|
|
|
* Unit tests for transport settings
|
|
|
|
|
* Fix: adhere to set maximum UDP payload size
|
|
|
|
|
* API change: when no maximum UDP payload size is set, outgoing
|
|
|
|
|
values will adhere to the suggestions in RFC 6891 and may follow
|
|
|
|
|
a scheme that uses multiple values to maximize receptivity.
|
2014-10-30 05:09:31 -05:00
|
|
|
|
* Stub mode use 1232 maximum UDP payload size when connecting to an
|
2014-10-27 09:02:18 -05:00
|
|
|
|
IPv6 upstreams and 1432 with an IPv4 upstream.
|
|
|
|
|
* Evaluate namespaces (or not) on a per query basis
|
2014-10-30 05:09:31 -05:00
|
|
|
|
* GETDNS_NAMESPACE_LOCALNAMES namespace now gives just_address_answers
|
|
|
|
|
only and does not mimic a DNS packet answer anymore
|
2014-10-27 09:02:18 -05:00
|
|
|
|
* The add_opt_parameters extension
|
|
|
|
|
* IPv6 scope_id support with link-local addresses. Both with parsing
|
2014-10-30 05:09:31 -05:00
|
|
|
|
/etc/resolv.conf and by providing them explicitly via
|
2014-10-27 09:02:18 -05:00
|
|
|
|
getdns_context_set_upstream_recursive_servers
|
2014-10-30 05:16:08 -05:00
|
|
|
|
* Query for A and AAAA simultaneously with return_both_v4_and_v6
|
2014-10-30 05:09:31 -05:00
|
|
|
|
* GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN DNS transport
|
2014-10-27 09:02:18 -05:00
|
|
|
|
* Fix: Answers without RRs in query secion (i.e. REFUSED)
|
|
|
|
|
* Fix: Return empty response dict on timeout in async mode too
|
|
|
|
|
* Move spec examples to spec subdirectory
|
|
|
|
|
* Fix issue#76: Setting UDP Payload size below 512 should not error
|
2014-10-27 15:37:41 -05:00
|
|
|
|
* Fix: Include OPT RR in response dict always (even without options)
|
2014-10-30 09:17:06 -05:00
|
|
|
|
* TCP Fast open support (linux only).
|
|
|
|
|
Enable with the --enable-tcp-fastopen configure option
|
2014-10-31 05:30:24 -05:00
|
|
|
|
* Bump library version because of binary API change
|
2014-10-27 09:02:18 -05:00
|
|
|
|
|
2014-09-03 15:14:53 -05:00
|
|
|
|
* 2014-09-03: Version 0.1.4
|
2014-09-03 09:50:24 -05:00
|
|
|
|
* Synchronous resolves now respect timeout setting,
|
|
|
|
|
* On timeout *_sync functions now return GETDNS_RETURN_GOOD and a
|
|
|
|
|
response dict with "status" GETDNS_RESPSTATUS_ALL_TIMEOUT>
|
|
|
|
|
* Fix issue#50: getdns_dict_remove_name returns GETDNS_RETURN_GOOD on
|
|
|
|
|
success.
|
|
|
|
|
* Fix Issue#54: set_ub_dns_transport() not working
|
|
|
|
|
* Fix Issue#49: Typo in documentation (thanks Stephane Bortzmeyer)
|
|
|
|
|
* getdns_context_set_limit_outstanding_queries(),
|
|
|
|
|
getdns_context_set_dnssec_allowed_skew() and
|
|
|
|
|
getdns_context_set_edns_maximum_udp_payload_size() now working
|
|
|
|
|
* <rr>_unknown rdata field for unknown or unsupported RR types
|
|
|
|
|
* Temporarily disable timeout unit test 3 because of unpredictable results
|
|
|
|
|
* Spec updated to version 0.507
|
|
|
|
|
* Renamed "resolver_type" to "resolution_type" in dict returned from
|
|
|
|
|
getdns_context_get_api_information()
|
|
|
|
|
* Added GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS return code for with the
|
|
|
|
|
dnssec_return_only_secure extension
|
|
|
|
|
* Added support for CDS and CDNSKEY RR types, but needs ldns > 1.6.17 to
|
|
|
|
|
be able to parse the wire format (not released yet at time of writing)
|
|
|
|
|
* Added OPENPGPKEY RR type, but no rdata fields implementation yet
|
|
|
|
|
* Updated spec to version 0.508 (September 2014)
|
2014-09-03 13:53:26 -05:00
|
|
|
|
* Also chase NSEC and NSEC3 RRSIGs with dnssec_return_validation_chain
|
2014-09-03 09:50:24 -05:00
|
|
|
|
|
2014-06-25 08:41:07 -05:00
|
|
|
|
* 2014-06-25: Version 0.1.3
|
2014-06-19 10:27:05 -05:00
|
|
|
|
* libtool chage, remove -release, added -version-info
|
2014-06-25 03:51:25 -05:00
|
|
|
|
* Update specification to the June 2014 version (0.501)
|
2014-06-18 12:08:15 -05:00
|
|
|
|
|
2014-06-02 13:18:26 -05:00
|
|
|
|
* 2014-06-02: Version 0.1.2
|
2014-05-15 09:11:32 -05:00
|
|
|
|
* Fixed rdata fields for MX
|
2014-05-21 03:31:49 -05:00
|
|
|
|
* Expose only public API symbols
|
|
|
|
|
* Updated manpages
|
2014-05-22 07:54:49 -05:00
|
|
|
|
* specify_class extension
|
|
|
|
|
* Build from separate build directory
|
2014-05-22 11:37:27 -05:00
|
|
|
|
* Anticipate libunbound not returning the answer packet
|
|
|
|
|
* Pretty print bindata's representing IP addresses
|
2018-02-23 16:11:46 -06:00
|
|
|
|
* Anticipate absence of implicit DSO linking
|
2014-05-21 03:31:49 -05:00
|
|
|
|
* Mention getdns specific options to configure in INSTALL
|
|
|
|
|
Thanks Paul Hoffman
|
|
|
|
|
* Mac OSX package built instructions for generic user in README.md
|
|
|
|
|
Thanks Joel Purra
|
2014-06-02 13:18:26 -05:00
|
|
|
|
* Fixed build problems on RHEL/CentOS due using libevent 1.x
|
2014-05-21 03:31:49 -05:00
|
|
|
|
|
2014-05-15 09:11:32 -05:00
|
|
|
|
|
2014-03-24 12:00:59 -05:00
|
|
|
|
* 2014-03-24 : Version 0.1.1
|
2014-03-06 10:43:18 -06:00
|
|
|
|
* default to NOT build extensions (libev, libuv, libevent), handle
|
2014-10-30 09:17:06 -05:00
|
|
|
|
--with/--without options to configure for them
|
2014-03-24 12:05:56 -05:00
|
|
|
|
* Fixed some build/make nits
|
2014-03-06 10:43:18 -06:00
|
|
|
|
* respect configure --docdir=X
|
2014-03-04 03:14:38 -06:00
|
|
|
|
* Documentation/man page updates
|
2014-03-06 13:08:10 -06:00
|
|
|
|
* Fix install and cpp guards in getdns_extra.h
|
|
|
|
|
* Add method to switch between threads and fork mode for unbound
|
|
|
|
|
* Fixes for libuv integration (saghul)
|
|
|
|
|
* Fixes for calling getdns_destroy_context within a callback
|
2014-03-24 12:05:56 -05:00
|
|
|
|
* Fixed signal related defines/decls
|
|
|
|
|
|
2014-03-04 03:14:38 -06:00
|
|
|
|
|
2014-02-25 16:12:55 -06:00
|
|
|
|
* 2014-02-25 : Version 0.1.0
|
|
|
|
|
* Initial public release of the getdns API
|