getdns/ChangeLog

698 lines
34 KiB
Plaintext
Raw Normal View History

* 2020-0?-??: Version 1.6.1-rc.1
* Make TLS Handshake timeout max 4/5th of timeout for the query,
just like connection setup timeout was, so fallback transport
have a chance too when TCP connection setup is less well
detectable (as with TCP_FASTOPEN on MacOS).
* Issue #466: Memory leak with retrying queries (for examples
with search paths). Thanks doublez13.
2020-02-28 08:39:53 -06:00
* 2020-02-28: Version 1.6.0
* Issues #457, #458, #461: New symbols with libnettle >= 3.4.
Thanks hanvinke & kometchtech for testing & reporting.
* Issue #432: answer_ipv4_address and answer_ipv6_address in reply
and response dicts.
* Issue #430: Record and guard UDP max payload size with servers.
2020-02-14 09:49:45 -06:00
* Issue #407: Run only offline-tests option with:
src/test/tpkg/run-offline-only.sh (only with git checkouts).
* Issue #175: Include the packet the stub resolver sent to the
upstream the call_reporting dict. Thanks Tom Pusateri
* Issue #169: Build eventloop support libraries if event libraries
are available. Thanks Tom Pusateri
2019-12-18 05:29:21 -06:00
* 2019-12-20: Version 1.6.0-beta.1
* Migration of build system to cmake. Build now works on Ubuntu,
2019-12-18 05:29:21 -06:00
Windows 10 and macOS.
Some notes on minor differences in the new cmake build:
* OpenSSL 1.0.2 or higher is now required
* libunbound 1.5.9 is now required
* Only libidn2 2.0.0 and later is supported (not libidn)
* Windows uses ENABLE_STUB_ONLY=ON as the default
2019-12-18 05:29:21 -06:00
* Unit and regression tests work on Linux/macOS
(but not Windows yet)
2019-04-03 05:36:04 -05:00
* 2019-04-03: Version 1.5.2
* PR #424: Two small trust anchor fetcher fixes
Thanks Maciej S. Szmigiero
* Issue #422: Enable server side and update client side TCP Fast
Open implementation. Thanks Craig Andrews
* Issue #423: Fix insecure delegation detection while scheduling.
Thanks Charles Milette
* Issue #419: Escape backslashed when printing in JSON format.
Thanks boB Rudis
* Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
option to configure. libcrypto (from OpenSSL) still needed
for Zero configuration DNSSEC.
2019-02-15 06:36:39 -06:00
* DOA rr-type
* AMTRELAY rr-type
2019-01-11 05:08:38 -06:00
* 2019-01-11: Version 1.5.1
* Introduce proof of concept GnuTLS implementation. Incomplete support
for Trust Anchor validation. Requires GnuTLS DANE library. Currently
untested with GnuTLS prior to 3.5.19, so configure demands a minumum
version of 3.5.0.
* Be consistent and always fail connection setup if setting ciphers/curves/
TLS version/cipher suites fails.
* Refactor OpenSSL usage into modules under src/openssl.
Drop support for LibreSSL and versions of OpenSSL prior to 1.0.2.
2019-01-11 05:08:38 -06:00
* PR #414: remove TLS13 ciphers from cipher_list, but
only when SSL_CTX_set_ciphersuites is available.
Thanks Bruno Pagani
* Issue #415: Filter out #defines etc. when creating
symbols file. Thanks Zero King
2018-12-21 08:40:13 -06:00
* 2018-12-21: Version 1.5.0
* RFE getdnsapi/stubby#121 log re-instantiating TLS
upstreams (because they reached tls_backoff_time) at
log level 4 (WARNING)
* GETDNS_RESPSTATUS_NO_NAME for NODATA answers too
2018-12-13 07:53:41 -06:00
* ZONEMD rr-type
* getdns_query queries for addresses when a query name
without a type is given.
* RFE #408: Fetching of trust anchors will be retried
after failure, after a certain backoff time. The time
can be configured with
getdns_context_set_trust_anchors_backoff_time().
* RFE #408: A "dnssec" extension that requires DNSSEC
verification. When this extension is set, Indeterminate
DNSSEC status will not be returned.
* Issue #410: Unspecified ownership of get_api_information()
* Fix for DNSSEC bug in finding most specific key when
trust anchor proves non-existance of one of the labels
along the authentication chain other than the non-
existance of a DS record on a zonecut.
* Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130:
Configurable minimum and maximum TLS versions with
getdns_context_set_tls_min_version() and
getdns_context_set_tls_max_version() functions and
tls_min_version and tls_max_version configuration parameters
for upstreams.
* Configurable TLS1.3 ciphersuites with the
getdns_context_set_tls_ciphersuites() function and
tls_ciphersuites config parameter for upstreams.
* Bugfix in upstream string configurations: tls_cipher_list and
tls_curve_list
* Bugfix finding signer for validating NSEC and NSEC3s, which
caused trouble with the partly tracing DNSSEC from the root
up, introduced in 1.4.2. Thanks Philip Homburg
2018-05-11 05:02:49 -05:00
* 2018-05-11: Version 1.4.2
2018-05-11 06:20:08 -05:00
* Bugfix getdnsapi/stubby#87: Detect and ignore duplicate certs
in the Windows root CA store.
* PR #397: No TCP sendto without TCP_FASTOPEN
Thanks Emery Hemingway
* Bugfix getdnsapi/stubby#106: Core dump when printing certain
configuration. Thanks Han Vinke
2018-05-03 08:14:12 -05:00
* Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root
up (for tld and sld), to find insecure delegations quicker.
Thanks UniverseXXX
* Bugfix: Allow NSEC spans starting from (unexpanded) wildcards
Bug was introduced when dealing with CVE-2017-15105
* Bugfix getdnsapi/stubby#46: Don't assume trailing zero with
string bindata's. Thanks Lonnie Abelbeck
* Bugfix #394: Update src/compat/getentropy_linux.c in order to
handle ENOSYS (not implemented) fallback.
Thanks Brent Blood
* Bugfix #395: Clarify that libidn2 dependency is for version 2.0.0
or higher. Thanks mire3212
2018-03-12 06:05:09 -05:00
* 2018-03-12: Version 1.4.1
* Bugfix #388: Prevent fallback to an earlier tries upstream within a
single query. Thanks Robert Groenenberg
* PR #387: Compile with OpenSSL with deprecated APIs disabled.
Thanks Rosen Penev
2018-03-05 05:47:51 -06:00
* PR #386: UDP failover improvements:
- When all UDP upstreams fail, retry them (more or less) equally
- Limit maximum UDP backoff (default to 1000)
This is configurable with the --with-max-udp-backoff configure
option.
Thanks Robert Groenenberg
2018-03-05 04:51:31 -06:00
* Bugfix: Find zonecut with DS queries (instead of SOA queries).
Thanks Elmer Lastdrager
* Bugfix #385: Verifying insecure NODATA answers (broken since 1.2.1).
Thanks hanvinke
* PR #384: Fix minor spelling and formatting. Thanks dkg.
* Bugfix #382: Parallel install of getdns_query and getdns_server_mon
2018-03-05 04:26:20 -06:00
2018-02-21 09:45:26 -06:00
* 2018-02-21: Version 1.4.0
2018-02-12 10:14:56 -06:00
* .so revision bump to please fedora packaging system.
Thanks Paul Wouters
2018-02-12 08:40:17 -06:00
* Specify the supported curves with getdns_context_set_tls_curves_list()
An upstream specific list of supported curves may also be given
with the tls_curves_list setting in the upstream dict with
getdns_context_set_upstream_recursive_servers()
2018-02-12 10:14:56 -06:00
* New tool getdns_server_mon for checking upstream recursive
resolver's capabilities.
* Improved handling of opportunistic back-off. If other transports
are working, dont forcibly promote failed upstreams just wait for
the re-try timer.
* Hostname authentication with libressl
Thanks Norbert Copones
* Security bugfix in response to CVE-2017-15105. Although getdns was
not vulnerable for this specific issue, as a precaution code has been
adapted so that signatures of DNSKEYs, DSs, NSECs and NSEC3s can not
be wildcard expansions when used with DNSSEC proofs. Only direct
queries for those types are allowed to be wildcard expansions.
* Bugfix PR#379: Miscelleneous double free or corruption, and corrupted
memory double linked list detected issue, with serving functionality.
2018-02-12 10:14:56 -06:00
Thanks maddie and Bruno Pagani
* Security Bugfix PR#293: Check sha256 pinset's
with OpenSSL native DANE functions for OpenSSL >= 1.1.0
with Viktor Dukhovni's danessl library for OpenSSL >= 1.0.0
don't allow for authentication exceptions (like self-signed
certificates) otherwise. Thanks Viktor Dukhovni
2018-01-08 05:54:48 -06:00
* libidn2 support. Thanks Paul Wouters
2017-12-21 10:06:43 -06:00
* 2017-12-21: Version 1.3.0
* Bugfix #300: Detect dnsmasq and skip unit test that fails with it.
Thanks Tim Rühsen and Konomi Kitten
2017-12-21 05:30:15 -06:00
* Specify default available cipher suites for authenticated TLS
upstreams with getdns_context_set_tls_ciphers_list()
An upstream specific available cipher suite may also be given
with the tls_cipher_list setting in the upstream dict with
getdns_context_set_upstream_recursive_servers()
* PR #366: Add support for TLS 1.3 and Chacha20-Poly1305
Thanks Pascal Ernster
* Bugfix #356: Do Zero configuration DNSSEC meta queries over on the
context configured upstreams. Thanks Andreas Schulze
2017-12-13 04:55:49 -06:00
* Report default extension settings with
getdns_context_get_api_information()
* Specify locations at which CA certificates for verification purposes
are located: getdns_context_set_tls_ca_path()
getdns_context_set_tls_ca_file()
* getdns_context_set_resolvconf() function to initialize a context
upstreams and suffices with a resolv.conf file.
getdns_context_get_resolvconf() to get the file used to initialize
the context's upstreams and suffixes.
getdns_context_set_hosts() function to initialize a context's
LOCALNAMES namespace.
getdns_context_get_hosts() function to get the file used to initialize
the context's LOCALNAMES namespace.
* get which version of OpenSSL was used at build time and at run time
when available with getdns_context_get_api_information()
* GETDNS_RETURN_IO_ERROR return error code
* Bugfix #359: edns_client_subnet_private should set family
Thanks Daniel Areiza & Andreas Schulze
2017-12-13 08:41:08 -06:00
* Bugfix getdnsapi/stubby#34: Segfault issue with native DNSSEC
validation. Thanks Bruno Pagani
2017-11-10 10:42:25 -06:00
* 2017-11-11: Version 1.2.1
2017-11-03 14:26:45 -05:00
* Handle more I/O error cases. Also, when an I/O error does occur,
never stop listening (with servers), and
never exit (when running the built-in event loop).
2017-11-02 09:14:07 -05:00
* Bugfix: Tolerate unsigned and unused RRsets in the authority section.
Fixes DNSSEC with BIND upstream.
* Bugfix: DNSSEC validation without support records
* Bugfix: Validation of full recursive DNSKEY lookups
* Bugfix: Retry to validate full recursion BOGUS replies with zero
configuration DNSSEC only when DNSSEC was actually requested
2017-10-27 02:58:25 -05:00
* Bugfix #348: Fix a linking issue in stubby when libbsd is present
Thanks Remi Gacogne
2017-11-02 09:06:56 -05:00
* More robust scheduling; Eliminating a segfault with long running
applications.
* Miscellaneous Windows portability fixes from Jim Hague.
2017-10-02 09:36:07 -05:00
* Fix Makefile dependencies for parallel install.
Thanks ilovezfs
2017-09-29 15:46:31 -05:00
* 2017-09-29: Version 1.2.0
2017-09-28 15:28:39 -05:00
* Bugfix of rc1: authentication of first query with TLS
Thanks Travis Burtrum
2017-09-21 05:33:44 -05:00
* A function to set the location for library specific data,
like trust-anchors: getdns_context_set_appdata().
* Zero configuration DNSSEC - build upon the scheme
described in RFC7958. The URL from which to fetch
the trust anchor, the verification CA and email
can be set with the new getdns_context_set_trust_anchor_url(),
getdns_context_set_trust_anchor_verify_CA() and
getdns_context_set_trust_anchor_verify_email() functions.
The default values are to fetch from IANA and to validate
with the ICANN CA.
* Update of Stubby with yaml configuration file and
logging from a certain severity support.
2017-09-20 08:38:07 -05:00
* Fix tpkg exit status on test failure. Thanks Jim Hague.
* Refined logging levels for upstream statistics
* Reuse (best behaving) backed-off TLS upstreams when non are usable.
* Let TLS upstreams back-off a incremental amount of time.
Back-off time starts with 1 second and is doubled each failure, but
will not exceed the time given by getdns_context_set_tls_backoff_time()
* Make TLS upstream management more resilient to temporary outages
(like laptop sleeps)
* 2017-09-04: Version 1.1.3
* Small bugfixes that came out of static analysis
2017-08-24 06:29:16 -05:00
* No annotations with the output of getdns_query anymore,
unless -V option is given to increase verbosity
Thanks Ollivier Robert
* getdns_query will now exit with failure status if replies are BOGUS
* Bugfix: dnssec_return_validation_chain now also works when fallback
to full recursion was needed with dnssec_roadblock_avoidance
* More clear build instructions from Paul Hoffman. Thanks.
* Bugfix #320.1: Eliminate multiple closing of file descriptors
Thanks Neil Cook
* Bugfix #320.2: Array bounds bug in upstream_select
Thanks Neil Cook
* Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
pages. Thanks James Raftery
* Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
but does not have it implemented. Thanks Joel Purra
* Compile without Stubby by default. Stubby now has a git repository
of its own. The new Stubby repository is added as a submodule.
Stubby will still be build alongside getdns with the --with-stubby
configure option.
2017-07-03 09:23:25 -05:00
* 2017-07-03: Version 1.1.2
2017-06-28 14:21:15 -05:00
* Bugfix for parallel make install
2017-06-28 14:24:35 -05:00
* Bugfix to trigger event callbacks on socket errors
2017-06-28 14:21:15 -05:00
* A getdns_context_set_logfunc() function with which one may
register a callback log function for certain library subsystems
at certain levels. Currently this can only be used for
upstream stastistics subsystem.
2017-06-15 14:43:23 -05:00
* 2017-06-15: Version 1.1.1
* Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
* Spelling fix s/receive/receive. Thanks Andreas Schulze.
2017-06-08 05:08:44 -05:00
* Added stubby-setdns-macos.sh script to support Homebrew formula
* Include stubby.conf in the districution tarball
* Bugfix #286 reschedule reused listening addresses
* Bugfix #166 Allow parallel builds and unit-tests
* NSAP-PTR, EID and NIMLOC, TALINK, AVC support
2017-06-08 07:48:22 -05:00
* Bugfix of TA RR type
2017-06-08 05:08:44 -05:00
* OPENPGPKEY and SMIMEA support
* Bugfix TAG rdata type presentation format for CAA RR type
* Bugfix Zero sized gateways with IPSECKEY gateway_type 0
* Guidance for integration with systemd
* Also check for memory leaks with advances server capabilities.
* Bugfix convert IP string to IP dict with getdns_str2dict() directly.
2017-04-13 04:48:40 -05:00
* 2017-04-13: Version 1.1.0
* bugfix: Check size of tls_auth_name.
* Improvements that came from Visual Studio static analysis
* Fix to compile with libressl. Thanks phicoh.
2017-04-11 16:33:24 -05:00
* Spelling fixes. Thanks Andreas Schulze.
2017-04-06 09:13:15 -05:00
* bugfix: Reschedule request timeout when getting the DNSSEC chain.
2017-04-06 12:47:15 -05:00
* getdns_context_unset_edns_maximum_udp_payload_size() to reset
to default IPv4/IPv6 dependent edns max udp payload size.
2017-04-06 09:13:15 -05:00
* Implement sensible default edns0 padding policy. Thanks DKG.
* Keep connections open with sync requests too.
* Fix of event loops so they do not give up with naked timers with
windows. Thanks Christian Huitema.
* Include peer certificate with DNS-over-TLS in combination with
the return_call_reporting extension.
2017-03-22 05:52:07 -05:00
* More fine grained control over TLS upstream retry and back off
behaviour with getdns_context_set_tls_backoff_time() and
getdns_context_set_tls_connection_retries().
* New round robin over the available upstreams feaure.
Enable with getdns_context_set_round_robin_upstreams()
2017-03-22 05:52:07 -05:00
* Bugfix: Queue requests when no sockets available for outgoing queries.
* Obey the outstanding query limit with STUB resolution mode too.
* Updated stubby config file
* Draft MDNS client implementation by Christian Huitema.
Enable with --enable-draft-mdns-support to configure
2017-03-22 05:52:07 -05:00
* bugfix: Let synchronous queries use fds > MAX_FDSETSIZE;
By moving default eventloop from select to poll
Thanks Neil Cook
* bugfix: authentication failure for self signed cert + only pinset
* bugfix: issue with session re-use making authentication appear to fail
2017-04-06 09:13:15 -05:00
2017-01-13 13:22:49 -06:00
* 2017-01-13: Version 1.0.0
* edns0_cookies extension enabled by default (per RFC7873)
* dnssec_roadblock_avoidance enabled by default (per RFC8027)
* bugfix: DSA support with OpenSSL 1.1.0
* Initialize OpenSSL just once in a thread safe way
* Thread safety with arc4random function
* Improvements that came from Visual Studio static analysis
Thanks Christian Huitema
* Conventional RFC3986 IPv6 [address]:port parsing from getdns_query
* bugfix: OpenSSL 1.1.0 style crypto locking
Thanks volkommenheit
* configure tells *which* dependency is missing
* bugfix: Exclude terminating '\0' from bindata's returned by
getdns_get_suffix(). Thanks Jim Hague
* Better README.md. Thanks Andrew Sullivan
2016-10-19 07:30:31 -05:00
* 2016-10-19: Version 1.1.0-a2
* Improved TLS connection management
* OpenSSL 1.1 support
* Stubby, Server version of getdns_query that by default listens
on 127.0.0.1 and ::1 and reads config from /etc/stubby.conf
and $HOME/.stubby.conf
2016-07-14 08:20:13 -05:00
* 2016-07-14: Version 1.1.0a1
* Conversion functions from text strings to getdns native types:
getdns_str2dict(), getdns_str2list(), getdns_str2bindata() and
getdns_str2int()
* A getdns_context_config() function that configures a context
with settings given in a getdns_dict
* A a getdns_context_set_listen_addresses() function and companion
getdns_reply() function to construct simple name servers.
2016-07-14 08:24:59 -05:00
* Relocate getdns_query to src/tools and build by default
* Enhancements to the logic used to select connection based upstream
transports (TCP, TLS) to improve robustness and re-use of
connections/upstreams.
2016-07-14 08:20:13 -05:00
2016-07-14 08:18:27 -05:00
* 2016-07-14: Version 1.0.0b2
2016-07-04 07:50:02 -05:00
* Collect coverage information from the unit tests
Thanks Shane Kerr
* pkg-config for the getdns_ext_event library
Thanks Tom Pusateri
* Bugfix: Multiple requests on the same upstream with a transport
that keeps connections open in synchronous stub mode.
* Canonicalized DNSSEC chain with dnssec_return_validation_chain
(when validated)
* A dnssec_return_full_validation_chain extension which includes
then validated resource records.
* Bugfix: Callbacks fired while scheduling (answer from cache)
with the unbound plugable event API
* header extension to set opcode and flags in stub mode
* Unit tests that cover more code
* Static checking with the clang analyzer
* getdns_pretty_print_dict prints dname's as primitives
* Accept just bindata's instead of address dicts.
Allow misshing "address_type" in address dicts.
* TLS session resumption
* -C <config file> option to getdns_query to configure context
from a json like formatted file. The output of -i (print API
2016-07-04 07:50:02 -05:00
information) can be used as config file directly.
Settings may also be given in this format as arguments of
the getdns_query command directly.
* DNS server mode for getdns_query. Enable by providing addresses
to listen on, either by giving "-z <listen address>" options or by
providing "listen_addresses" in the config file or settings.
* Bugfixes from deckard testing: CNAME loop protection.
* "srv_addresses" in response dict with getdns_service()
* use libbsd when available
Thanks Guillem Jover
* Bugfix: DNSSEC wildcard validation issue
* Bugfix: TLS timeouts not re-using a connection
* A getdns_context_get_eventloop(), to get the current
(pluggable) eventloop from context
* getdns_query now uses the default event loop (instead of custom)
* Return call_reporting info in case of timeout
Thanks Robert Groenenberg
* Bugfix: Build fails with autoconf 2.63, works with 2.68.
Thanks Robert Groenenberg
* Doxygen output for getdns.h and getdns_extra.h only
* Do not call SSL_library_init() from getdns_context_create() when
the second bit from the set_from_os parameter is set.
2016-07-04 07:50:02 -05:00
* 2016-03-31: Version 1.0.0b1
2016-03-30 10:33:49 -05:00
* openssl 1.1.0 support
* GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix handling
* getdns_context_set_follow_redirects()
* Read suffix list from registry on Windows
* A dnssec_return_all_statuses extension
* Set root servers without temporary file (libunbound >= 1.5.8 needed)
* Eliminate unit test's ldns dependency
* pkts wireformat <-> getdns_dict <-> string
conversion functions
* Eliminate all side effects when doing sync requests
(libunbound >= 1.5.9 needed)
* Bugfix: Load gost algorithm if digest is seen before key algorithm
Thanks Jelte Janssen
* Bugfix: Respect DNSSEC skew.
* Offline dnssec validation for any given point in time
* Correct return value in documentation for getdns_pretty_print_dict().
Thanks Linus Nordberg
* Bugfix: Don't treat "domain" or "search" as a nameserver.
Thanks Linus Nordberg
* Use the default CA trust store on Windows (for DNS over TLS).
* Propagate eventloop to unbound when unbound has pluggable event loops
(libunbound >= 1.5.9 needed)
* Replace mini_event extension by default_eventloop
* Bugfix: Segfault on NULL pin
* Bugfix: Correct output of get_api_settings
* Bugfix: Memory leak with getdns_get_api_information()
Thanks Robert Groenenberg.
* 2015-12-31: Version 0.9.0
2015-12-23 11:50:10 -06:00
* Update of unofficial extension to the API that supports stub mode
TLS verification. GETDNS_AUTHENTICATION_HOSTNAME is replaced by
GETDNS_AUTHENTICATION_REQUIRED (but remains available as an alias).
Upstreams can now be configured with either a hostname or a SPKI pinset
for TLS authentication (or both). If the GETDNS_AUTHENTICATION_REQUIRED
option is used at least one piece of authentication information must be
configured for each upstream, and all the configured authentication
information for an upstream must validate.
2015-12-17 11:20:08 -06:00
* Remove STARTTLS implementation (no change to SPEC)
* Enable TCP Fast Open when possible. Add OSX support for TFO.
* Rename return_call_debugging to return_call_reporting
2015-12-24 09:57:48 -06:00
* Bugfix: configure problem with getdns-0.5.1 on OpenBSD
Thanks Claus Assmann.
* pkg-config support. Thanks Neil Cook.
* Functions to convert from RR dicts to wireformat and text format
and vice versa. Including a function that builds a getdns_list
of RR dicts from a zonefile.
* Use the with the getdns_context_set_dns_root_servers() function
provided root servers in recursing resolution modus.
2015-12-24 09:57:48 -06:00
* getdns_query option (-f) to read a DNSSEC trust anchor from file.
* getdns_query option (-R) to read a "root hints" file.
* Bugfix: Detect and prevent duplicate NSEC(3)s to be returned with
dnssec_return_validation_chain.
* Bugfix: Remove duplicate RRs from RRsets when DNSSEC verifying
* Client side edns-tcp-keepalive support
* TSIG support + getdns_query syntax to specify TSIG parameters
per upstream: @<ip>[^[<algorithm>:]<name>:<secret in Base64>]
* Bugfix: Allow truncated answers to be returned in case of missing
fallback transport.
2015-12-24 09:57:48 -06:00
* Verify upstream TLS pubkeys with pinsets; A getdns_query option
(-K) to attach pinsets to getdns_contexts.
Thanks Daniel Kahn Gillmor
* Initial support for Windows. Thanks Gowri Visweswaran
* add_warning_for_bad_dns extension
* Try and retry with suffixes giving with getdns_context_set_suffix()
following directions given by getdns_context_set_append_name()
getdns_query options to set suffixes and append_name directions:
'-W' to append suffix always (default)
'-1' to append suffix only to single label after failure
'-M' to append suffix only to multi label name after failure
'-N' to never append a suffix
2017-04-11 16:33:24 -05:00
'-Z <suffixes>' to set suffixes with the given comma separated list
* Better help text for getdns_query (printed with the '-h' option)
* Setting the +specify_class extension with getdns_query
* Return NOT_IMPLEMENTED for not implemented namespaces, and the
not implemented getdns_context_set_follow_redirects() function.
2015-11-18 09:32:50 -06:00
* 2015-11-18: Version 0.5.1
2015-11-11 05:40:23 -06:00
* Bugfix: growing upstreams arrow.
* Bugfix: Segfault on timeout in specific conditions
* Bugfix: install getdns_extra.h from build location
* Bugfix: Don't let cookies overwrite existing EDNS0 options
2015-11-11 06:52:02 -06:00
* Don't link libdl
2015-11-11 05:40:23 -06:00
* The EDNS(0) Padding Option (draft-mayrhofer-edns0-padding).
When using DNS over TLS, query sizes will be padded to multiples
of a block size given with:
getdns_context_set_tls_query_padding_blocksize()
* An EDNS client subnet private option, that will ask a EDNS client
subnet aware resolver to not reveal any details about the
originating network. See: draft-ietf-dnsop-edns-client-subnet
Set with: getdns_context_set_edns_client_subnet_private()
* The return_call_debugging extension. The extension will also return
the transport used on top of the information about the request which
is described in the API spec.
* A dnssec_roadblock_avoidance extension. When set, the library will
work in stub resolution mode and try to get a by DNSSEC validation
assessed answer. On BOGUS answers the library will retry rescursive
resolution mode. This is the simplest form of passive roadblock
2015-11-11 06:52:02 -06:00
detection and avoidance: draft-ietf-dnsop-dnssec-roadblock-avoidance.
Use the --enable-draft-dnssec-roadblock-avoidance option to configure
to compile with this extension.
2015-10-29 09:43:00 -05:00
* 2015-10-29: Version 0.5.0
* Native crypto. No ldns dependency anymore.
(ldns still necessary to be able to run tests though)
* JSON pointer arguments to getdns_dict_get_* and getdns_dict_set_*
to dereference nested dicts and lists.
* Bugfix: DNSSEC code finding zone cut with redirects + pursuing unsigned
DS answers close to the root. Thanks Theogene Bucuti!
2015-10-16 12:31:57 -05:00
* Default port for TLS changed to 853
* Unofficial extension to the API to allow TLS hostname verification to be
required for stub mode when using only TLS as a transport.
When required a hostname must be supplied in the
'hostname' field of the upstream_list dict and the TLS cipher suites are
restricted to the 4 AEAD suites recommended in RFC7525.
2015-09-09 05:45:29 -05:00
* 2015-09-09: Version 0.3.3
2015-09-04 09:20:21 -05:00
* Fix clearing upstream events on shutdown
* Fix dnssec validation of direct CNAME queries.
Thanks Simson L. Garfinkel.
* Fix get_api_information():version_string also for release candidates
2015-09-03 08:39:44 -05:00
* 2015-09-04: Version 0.3.2
2015-08-27 06:53:02 -05:00
* Fix returned upstreams list by getdns_context_get_api_information()
* Fix some autoconf issues when srcdir != builddir
* Fix remove build date from manpage version for reproducible builds
2015-08-27 06:53:02 -05:00
* Fix transport fallback issues plus transport fallback unit test script
* Fix string bindata's need not contain trailing zero byte
2015-08-28 04:09:32 -05:00
* --enable-stub-only configure option for stub only operation.
Stub mode will be the default. Removes the dependency on libunbound
* --with-getdns_query compiles and installs the getdns_query tool too
2015-09-03 08:39:44 -05:00
* Fix assert on context destruction from a callback in stub mode too.
* Use a thread instead of a process for running the unbound event loop.
2015-08-27 06:53:02 -05:00
* 2015-07-18: Version 0.3.1
2015-07-18 10:39:19 -05:00
* Fix repeating rdata fields
2015-07-17 11:10:57 -05:00
* 2015-07-17: Version 0.3.0
* Unit test for spurious execute bits. Thanks Paul Wouters.
* Added new transport list options in API. The option is now an ordered
list of GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP,
GETDNS_TRANSPORT_TLS, GETDNS_TRANSPORT_STARTTLS.
* Added new context setting for idle_timeout
2015-07-06 07:14:46 -05:00
* CSYNC RR type
2015-07-09 07:30:11 -05:00
* EDNS0 COOKIE option code set to 10
2015-07-09 07:27:22 -05:00
* dnssec_return_validation_chain for negative and insecure responses.
* dnssec_return_validation_chain return a single RRSIG on each RRSET
(whenever possible)
* getdns_validate_dnssec() accept replies from the replies_tree
* getdns_validate_dnssec() asses negative and insecure responses.
* Native stub dnssec validation
* Implemented getdns_context_set_dnssec_trust_anchors()
* Switch freely between stub and recursive mode
* getdns_query -k shows default trust anchors
* functions and defines to get library and API versions in string
and numeric values: getdns_get_version(), getdns_get_version_number(),
getdns_get_api_version() and getdns_get_api_version_number()
2015-05-21 04:24:16 -05:00
* 2015-05-21: Version 0.2.0
* Fix libversion numbering: Thanks Daniel Kahn Gillmor
2015-05-11 06:24:39 -05:00
* run_once method for the libevent extension
2015-05-12 14:15:35 -05:00
* autoreconf -fi on FreeBSD always, because of newer libtool version
suitable for FreeBSD installs too. Thanks Robert Edmonds
2015-05-13 16:24:36 -05:00
* True asynchronous processing of the new TLS transport options
* GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN
transport option.
* Manpage fixes: Thanks Anthony Kirby
* 2015-04-19: Version 0.1.8
* The GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN and
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN
DNS over TLS transport options.
2015-04-08 14:08:36 -05:00
* 2015-04-08: Version 0.1.7
2015-03-26 16:09:02 -05:00
* Individual getter functions for context settings
* Fix: --with-current-date function to make build deterministically
reproducible (i.e. the GETDNS_COMPILATION_COMMENT define from
getdns.h contains a date value). Thanks Ondřej Surý
* Fix: Include m4 dir in distribution tarball
* Fix: Link build requirements in tests too. Thanks Ondřej Surý
* Fix: Remove executable flags on source files. Thanks Paul Wouters
* Fix: Return "just_address_answers" only when queried for addresses
* Eliminate ldns intermediate wireformat parsing
* The CSYNC RR type
* Fix: canonical_name in response dict returns the canonical name
found after following all CNAMEs
* Implementation of the section 6 and 7 version of
draft-ietf-dnsop-cookies-01.txt for stub resolution. Enable with the
--enable-draft-edns-cookies option to configure. Use it by setting the
edns_cookies extension to GETDNS_EXTENSION_TRUE.
* Pretty printing of lists with:
char *getdns_pretty_print_list(getdns_list *list)
* Output to json format with:
char * getdns_print_json_dict(const getdns_dict *some_dict, int pretty);
char * getdns_print_json_list(const getdns_list *some_list, int pretty);
* snprintf style versions of the dict, list and json print functions.
* Better random number generation with OpenBSD's arc4random
2015-04-02 06:35:52 -05:00
* Let getdns_address schedule the AAAA query first. This results in AAAA
being the first in the just_address_answers sections of the response dict.
* New context update callback function to also return a user given argument
along with the context and which item was changed.
Thanks Scott Hollenbeck.
* Demotivate use of getdns_strerror and expose getdns_get_errorstr_by_id.
Thanks Scott Hollenbeck.
2015-04-02 15:01:30 -05:00
* A getter for context update callback, to allow for chaining update
callbacks.
2015-03-26 16:09:02 -05:00
* 2015-01-16: Version 0.1.6
* Fix: linking against libev on FreeBSD
* Fix: Let configure report problem on FreeBSD when configuring with
libevent and libunbound <= 1.4.22 is not compiled with libevent.
* Fix: Build on Mac OS-X
* Fix: Lintian errors in manpages
* Better libcheck detection
* Better portability with UNIX systems
* 2014-10-31: Version 0.1.5
* Unit tests for transport settings
* Fix: adhere to set maximum UDP payload size
* API change: when no maximum UDP payload size is set, outgoing
values will adhere to the suggestions in RFC 6891 and may follow
a scheme that uses multiple values to maximize receptivity.
* Stub mode use 1232 maximum UDP payload size when connecting to an
IPv6 upstreams and 1432 with an IPv4 upstream.
* Evaluate namespaces (or not) on a per query basis
* GETDNS_NAMESPACE_LOCALNAMES namespace now gives just_address_answers
only and does not mimic a DNS packet answer anymore
* The add_opt_parameters extension
* IPv6 scope_id support with link-local addresses. Both with parsing
/etc/resolv.conf and by providing them explicitly via
getdns_context_set_upstream_recursive_servers
2014-10-30 05:16:08 -05:00
* Query for A and AAAA simultaneously with return_both_v4_and_v6
* GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN DNS transport
* Fix: Answers without RRs in query secion (i.e. REFUSED)
* Fix: Return empty response dict on timeout in async mode too
* Move spec examples to spec subdirectory
* Fix issue#76: Setting UDP Payload size below 512 should not error
2014-10-27 15:37:41 -05:00
* Fix: Include OPT RR in response dict always (even without options)
2014-10-30 09:17:06 -05:00
* TCP Fast open support (linux only).
Enable with the --enable-tcp-fastopen configure option
* Bump library version because of binary API change
2014-09-03 15:14:53 -05:00
* 2014-09-03: Version 0.1.4
2014-09-03 09:50:24 -05:00
* Synchronous resolves now respect timeout setting,
* On timeout *_sync functions now return GETDNS_RETURN_GOOD and a
response dict with "status" GETDNS_RESPSTATUS_ALL_TIMEOUT>
* Fix issue#50: getdns_dict_remove_name returns GETDNS_RETURN_GOOD on
success.
* Fix Issue#54: set_ub_dns_transport() not working
* Fix Issue#49: Typo in documentation (thanks Stephane Bortzmeyer)
* getdns_context_set_limit_outstanding_queries(),
getdns_context_set_dnssec_allowed_skew() and
getdns_context_set_edns_maximum_udp_payload_size() now working
* <rr>_unknown rdata field for unknown or unsupported RR types
* Temporarily disable timeout unit test 3 because of unpredictable results
* Spec updated to version 0.507
* Renamed "resolver_type" to "resolution_type" in dict returned from
getdns_context_get_api_information()
* Added GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS return code for with the
dnssec_return_only_secure extension
* Added support for CDS and CDNSKEY RR types, but needs ldns > 1.6.17 to
be able to parse the wire format (not released yet at time of writing)
* Added OPENPGPKEY RR type, but no rdata fields implementation yet
* Updated spec to version 0.508 (September 2014)
* Also chase NSEC and NSEC3 RRSIGs with dnssec_return_validation_chain
2014-09-03 09:50:24 -05:00
2014-06-25 08:41:07 -05:00
* 2014-06-25: Version 0.1.3
* libtool chage, remove -release, added -version-info
2014-06-25 03:51:25 -05:00
* Update specification to the June 2014 version (0.501)
2014-06-18 12:08:15 -05:00
2014-06-02 13:18:26 -05:00
* 2014-06-02: Version 0.1.2
2014-05-15 09:11:32 -05:00
* Fixed rdata fields for MX
2014-05-21 03:31:49 -05:00
* Expose only public API symbols
* Updated manpages
2014-05-22 07:54:49 -05:00
* specify_class extension
* Build from separate build directory
2014-05-22 11:37:27 -05:00
* Anticipate libunbound not returning the answer packet
* Pretty print bindata's representing IP addresses
* Anticipate absence of implicit DSO linking
2014-05-21 03:31:49 -05:00
* Mention getdns specific options to configure in INSTALL
Thanks Paul Hoffman
* Mac OSX package built instructions for generic user in README.md
Thanks Joel Purra
2014-06-02 13:18:26 -05:00
* Fixed build problems on RHEL/CentOS due using libevent 1.x
2014-05-21 03:31:49 -05:00
2014-05-15 09:11:32 -05:00
2014-03-24 12:00:59 -05:00
* 2014-03-24 : Version 0.1.1
* default to NOT build extensions (libev, libuv, libevent), handle
2014-10-30 09:17:06 -05:00
--with/--without options to configure for them
* Fixed some build/make nits
* respect configure --docdir=X
2014-03-04 03:14:38 -06:00
* Documentation/man page updates
2014-03-06 13:08:10 -06:00
* Fix install and cpp guards in getdns_extra.h
* Add method to switch between threads and fork mode for unbound
* Fixes for libuv integration (saghul)
* Fixes for calling getdns_destroy_context within a callback
* Fixed signal related defines/decls
2014-03-04 03:14:38 -06:00
* 2014-02-25 : Version 0.1.0
* Initial public release of the getdns API