2016-06-30 12:26:09 -05:00
getdns
======
# Overview of getdns
2013-06-11 07:37:29 -05:00
2014-02-26 09:43:37 -06:00
* GitHub: < https: // github . com / getdnsapi / getdns >
2013-06-11 07:51:35 -05:00
2014-06-19 09:37:20 -05:00
getdns is an implementation of a modern asynchronous DNS API specification
2015-01-14 07:33:21 -06:00
originally edited by Paul Hoffman. It is intended to make all types of DNS
2014-06-19 09:37:20 -05:00
information easily available to application developers and non-DNS experts.
2015-01-14 07:33:21 -06:00
The project home page at [getdnsapi.net ](https://getdnsapi.net ) provides
2016-06-30 12:26:09 -05:00
documentation, binary downloads and news regarding the getdns API
2014-06-19 09:37:20 -05:00
implementation. This implementation is licensed under the New BSD License
2014-05-22 13:16:34 -05:00
(BSD-new).
2013-09-11 17:41:23 -05:00
2016-06-30 12:26:09 -05:00
This file captures the goals and direction of the project and the current state
of the implementation.
If you are just getting started with the library take a look at the section
below that describes building and handling external dependencies for the
library. Once it is built you should take a look at src/examples to see how
the library is used.
## Download
2014-06-30 14:13:01 -05:00
Download the sources from our [github repo ](https://github.com/getdnsapi/getdns )
2015-01-14 07:33:21 -06:00
or from [getdnsapi.net ](https://getdnsapi.net ) and verify the download using
2014-06-30 14:13:01 -05:00
the checksums (SHA1 or MD5) or using gpg to verify the signature. Our keys are
2015-12-30 08:36:28 -06:00
available from the [pgp keyservers ](https://keyserver.pgp.com )
2014-06-30 14:13:01 -05:00
* willem@nlnetlabs.nl, key id E5F8F8212F77A498
* gwiley@verisign.com, key id 9DC3D572A6B73532
2016-06-30 12:26:09 -05:00
## Mailing lists
We have a [getdns users list ](https://getdnsapi.net/mailman/listinfo/spec ) for this implementation.
2015-12-30 08:36:28 -06:00
The [getdns-api mailing list ](https://getdnsapi.net/mailman/listinfo/spec )
2014-05-22 13:16:34 -05:00
is a good place to engage in discussions regarding the design of the API.
2013-06-24 13:10:42 -05:00
2016-06-30 12:26:09 -05:00
## Motivation for providing the API
2014-02-10 18:59:45 -06:00
2016-06-30 12:26:09 -05:00
The developers are of the opinion that DNSSEC offers a unique global
infrastructure for establishing and enhancing cryptographic trust relations.
With the development of this API we intend to offer application developers a
modern and flexible way that enables end-to-end trust in the DNS architecture
and will inspire application developers towards innovative security solutions
in their applications.
## Goals
2013-06-24 13:10:42 -05:00
2013-07-02 16:00:20 -05:00
The goals of this implementation of the getdns API are:
2013-06-24 13:10:42 -05:00
2015-01-14 07:33:21 -06:00
* Provide an open source implementation, in C, of the formally described getdns API by getdns API team at < https: // getdnsapi . net / spec . html >
2014-02-25 20:17:33 -06:00
* Initial support for FreeBSD, OSX, Linux (CentOS/RHEL, Ubuntu) via functional "configure" script
2015-11-22 21:38:13 -06:00
* Initial support for Windows 8.1
2013-06-28 07:44:23 -05:00
* Initial support to include the Android platform
2013-06-24 13:10:42 -05:00
* Include examples and tests as part of the build
* Document code using doxygen
* Leverage github as much as possible for project coordination
2013-07-19 15:19:22 -05:00
* Coding style/standards follow the BSD coding style < ftp: // ftp . netbsd . org / pub / NetBSD / NetBSD-current / src / share / misc / style >
2014-02-25 20:05:18 -06:00
2014-02-10 18:59:45 -06:00
Non-goals (things we will not be doing at least initially) include:
2013-07-02 16:00:20 -05:00
* implementation of the traditional DNS related routines (gethostbyname, etc.)
2016-06-30 12:26:09 -05:00
## Official and Additional API
Note that this implementation offers additional functionality to supplement that
in the official getdns API. Some additions are convenient utility functions but other functionality
is experimental prior to be being recommended for inclusion in the official API.
The 'Modules' page in the doxygen documentation provides a guide to both the
official API and the additional functionality.
2014-02-25 20:06:13 -06:00
## Language Bindings
2014-05-22 13:16:34 -05:00
In parallel, the team is actively developing bindings for various languages.
For more information, visit the
[wiki ](https://github.com/getdnsapi/getdns/wiki/Language-Bindings ).
2014-02-10 18:59:45 -06:00
2014-02-25 20:05:18 -06:00
2013-11-03 07:47:19 -06:00
Releases
========
2014-05-22 13:16:34 -05:00
Release numbering follows the [Semantic Versioning ](http://semver.org/ )
approach. The code is currently under active development.
2013-11-03 07:47:19 -06:00
2014-02-25 20:05:18 -06:00
The following requirements were met as conditions for the present release:
2013-11-03 07:47:19 -06:00
2014-05-22 13:16:34 -05:00
* code compiles cleanly on at least the primary target platforms: OSX, RHEL/CentOS Linux, FreeBSD
* examples must compile and run clean
2013-11-04 13:59:42 -06:00
* clearly document supported/unsupported elements of the API
2013-11-03 07:47:19 -06:00
2014-02-10 18:59:45 -06:00
2013-11-03 07:47:19 -06:00
Tickets/Bug Reports
===================
2014-02-26 09:44:39 -06:00
Tickets and bug reports should be reported via the [GitHub issues list ](https://github.com/getdnsapi/getdns/issues ).
2013-11-03 07:47:19 -06:00
2014-02-25 20:05:18 -06:00
Additionally, we have a mailing list at users@getdns.net.
2013-06-24 13:10:42 -05:00
2013-11-03 15:40:24 -06:00
2014-02-25 20:05:18 -06:00
Building/External Dependencies
==============================
2013-11-03 07:47:19 -06:00
External dependencies are linked outside the getdns API build tree (we rely on configure to find them). We would like to keep the dependency tree short.
2015-11-22 21:38:13 -06:00
Please refer to section for building on Windows for separate dependency and build instructions.
2013-06-24 13:10:42 -05:00
2015-10-22 04:32:20 -05:00
* [libunbound from NLnet Labs ](https://unbound.net/ ) version 1.4.16 or later.
* [libidn from the FSF ](https://www.gnu.org/software/libidn/ ) version 1.
* [libssl and libcrypto from the OpenSSL Project ](https://www.openssl.org/ ) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
2013-11-03 15:40:24 -06:00
* Doxygen is used to generate documentation, while this is not technically necessary for the build it makes things a lot more pleasant.
2013-11-29 08:41:06 -06:00
You have to install the library and also the library-devel (or -dev) for your
package management system to install the compile time files. If you checked
2015-09-04 03:37:02 -05:00
out our git you need to copy the libtool helper scripts and rebuild configure
with:
2016-02-24 10:03:01 -06:00
# libtoolize -ci (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
2015-09-04 09:19:33 -05:00
# autoreconf -fi
2013-11-29 08:41:06 -06:00
2016-06-30 12:26:09 -05:00
If you want to make use of the configuration files that utilise a JSON-like format, you must do
# git submodule update --init
before building.
If you want to use the getdns_query command line wrapper script for testing or to enable getdns as a daemon then you must build it using
# make getdns_query
2015-10-22 04:32:20 -05:00
## Minimal dependencies
* getdns can be configured for stub resolution mode only with the `--enable-stub-only` option to configure. This removed the dependency on `libunbound` .
* Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel` . If you do not need these functions, getdns can be configured to compile without them with the `--without-libidn` option to configure.
2016-04-02 09:48:22 -05:00
* When both `--enable-stub-only` and `--without-libidn` options are used, getdns has only one dependency left, which is OpenSSL.
2015-10-22 04:32:20 -05:00
2014-02-25 20:05:18 -06:00
## Extensions / Event loop dependencies
2014-02-26 09:44:39 -06:00
The implementation works with a variety of event loops, each built as a separate shared library. See [the wiki ](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support#wiki-included-event-loop-integrations ) for more details.
2014-02-25 20:05:18 -06:00
* [libevent ](http://libevent.org ). Note: the examples *require* this and should work with either libevent 1.x or 2.x. 2.x is preferred.
* [libuv ](https://github.com/joyent/libuv )
* [libev ](http://software.schmorp.de/pkg/libev.html )
2015-11-22 21:38:13 -06:00
NOTE: The current Windows implementation does not support the above.
2015-10-22 04:32:20 -05:00
## Regression Tests
2014-02-10 18:59:45 -06:00
A suite of regression tests are included with the library, if you make changes or just
want to sanity check things on your system take a look at src/test. You will need
2016-03-14 04:41:32 -05:00
to install [libcheck ](https://libcheck.github.io/check/ ). The check library is also available from
2014-02-10 18:59:45 -06:00
many of the package repositories for the more popular operating systems.
2015-11-22 21:38:13 -06:00
NOTE: The current Windows implementation does not support the above.
2014-02-20 08:17:27 -06:00
## DNSSEC
For the library to be DNSSEC capable, it needs to know the root trust anchor.
The library will try to load the root trust anchor from
`/etc/unbound/getdns-root.key` by default. This file is expected to have one
or more `DS` or `DNSKEY` resource records in presentation (i.e. zone file)
format. Note that this is different than the format of BIND.keys.
The best way to setup or update the root trust anchor is by using
2015-12-30 08:36:28 -06:00
[`unbound-anchor` ](https://www.unbound.net/documentation/unbound-anchor.html ).
2014-02-20 08:17:27 -06:00
To setup the library with the root trust anchor at the default location,
execute the following steps as root:
2014-02-26 07:35:45 -06:00
# mkdir -p /etc/unbound
# unbound-anchor -a /etc/unbound/getdns-root.key
2014-02-20 08:17:27 -06:00
2016-06-30 12:26:09 -05:00
# Unsupported Features
2013-12-04 12:26:11 -06:00
The following API calls are documented in getDNS but *not supported* by the implementation at this time:
2015-12-30 08:36:28 -06:00
* Disabling following of `CNAME` s with `getdns_context_set_follow_redirects()`
2013-12-04 12:26:11 -06:00
* Detecting changes to resolv.conf and hosts
2015-12-30 08:36:28 -06:00
* MDNS, NIS and NetBIOS namespaces (only DNS and LOCALFILES are supported)
2013-12-04 12:26:11 -06:00
2016-07-02 09:44:32 -05:00
## Non-uniform implementation
The following minor implementation omissions are noted:
Recursive mode does not support:
* TLS as a transport
* Non-zero connection idle timeouts or query pipelining
Stub mode does not support:
* Non zero idle timeouts for synchronous calls
* Limit on number of outstanding queries
2016-06-30 12:26:09 -05:00
# Known Issues
2014-02-20 07:45:10 -06:00
There are a few known issues which we have summarized below - the most recent
and helpful list is being maintained in the git issues list in the repository.
2014-06-02 17:02:10 -05:00
Other known issues are being managed in the git repository issue list.
2014-02-20 07:45:10 -06:00
2014-07-01 16:50:28 -05:00
* When doing a synchronous lookup with a context that has outstanding asynchronous lookups, the callbacks for the asynchronous lookups might get called as a side effect of the synchronous lookup.
2014-05-23 11:15:53 -05:00
2016-06-30 12:26:09 -05:00
# Supported Platforms
2013-11-03 07:47:19 -06:00
The primary platforms targeted are Linux and FreeBSD, other platform are supported as we get time. The names listed here are intended to help ensure that we catch platform specific breakage, not to limit the work that folks are doing.
2014-06-02 17:02:10 -05:00
* RHEL/CentOS 6.4
* OSX 10.8
2014-09-03 14:25:41 -05:00
* Ubuntu 14.04
2015-11-22 21:38:13 -06:00
* Microsoft Windows 8.1 (initial support for DNSSEC but no TLS provided for version 0.5.1)
2013-11-03 07:47:19 -06:00
2015-11-22 21:38:13 -06:00
We intend to add Android and other platforms to the releases as we have time to port it.
2014-02-10 18:59:45 -06:00
2016-06-30 12:26:09 -05:00
## Platform Specific Build Reports
2013-11-03 07:47:19 -06:00
2014-02-26 10:08:27 -06:00
[![Build Status ](https://travis-ci.org/getdnsapi/getdns.png?branch=master )](https://travis-ci.org/getdnsapi/getdns)
2014-02-25 17:35:54 -06:00
2016-06-30 12:26:09 -05:00
### FreeBSD
2014-03-04 07:16:26 -06:00
2015-12-30 08:36:28 -06:00
If you're using [FreeBSD ](https://www.freebsd.org/ ), you may install getdns via the [ports tree ](https://www.freshports.org/dns/getdns/ ) by running: `cd /usr/ports/dns/getdns && make install clean`
2014-03-04 07:16:26 -06:00
2015-01-14 07:33:21 -06:00
If you are using FreeBSD 10 getdns can be intalled via 'pkg install getdns'.
2014-05-22 13:16:34 -05:00
2016-06-30 12:26:09 -05:00
### CentOS/RHEL 6.5
2014-02-25 17:35:54 -06:00
We rely on the most excellent package manager fpm to build the linux packages which
means that the packaging platform requires ruby 2.1.0. There are other ways to
build the packages, this is simplythe one we chose to use.
2014-02-26 07:35:45 -06:00
# cat /etc/redhat-release
CentOS release 6.5 (Final)
# uname -a
Linux host-10-1-1-6 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
2015-05-13 16:24:36 -05:00
# cd getdns-0.2.0rc1
2014-02-26 07:35:45 -06:00
# ./configure --prefix=/home/deploy/build
# make; make install
# cd /home/deploy/build
# mv lib lib64
# . /usr/local/rvm/config/alias
2016-03-14 04:41:32 -05:00
# fpm -x "*.la" -a native -s dir -t rpm -n getdns -v 0.2.0rc1 -d "unbound" -d "libevent" -d "libidn" --prefix /usr --vendor "Verisign Inc., NLnet Labs" --license "BSD New" --url "https://getdnsapi.net" --description "Modern asynchronous API to the DNS" .
2014-02-25 17:35:54 -06:00
2016-06-30 12:26:09 -05:00
### OSX
2014-02-25 17:35:54 -06:00
2014-02-26 07:35:45 -06:00
# sw_vers
ProductName: Mac OS X
ProductVersion: 10.8.5
BuildVersion: 12F45
2014-02-28 08:08:54 -06:00
2014-04-02 08:19:56 -05:00
Built using PackageMaker, libevent2.
2014-04-18 15:55:07 -05:00
# ./configure --with-libevent --prefix=$HOME/getdnsosx/export
2014-04-02 08:19:56 -05:00
# make
# make install
edit/fix hardcoded paths in lib/*.la to reference /usr/local
update getdns.pmdoc to match release info
build package using PackageMaker
create dmg
2013-11-03 07:47:19 -06:00
2015-09-04 03:56:30 -05:00
A self-compiled version of OpenSSL or the version installed via Homebrew is required.
Note: If using a self-compiled version manual configuration of certificates into /usr/local/etc/openssl/certs is required for TLS authentication to work.
2014-02-28 08:08:54 -06:00
#### Homebrew
2014-04-01 12:58:11 -05:00
If you're using [Homebrew ](http://brew.sh/ ), you may run `brew install getdns` . By default, this will only build the core library without any 3rd party event loop support.
To install the [event loop integration libraries ](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support ) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev` . All switches are optional.
Note that in order to compile the examples, the `--with-libevent` switch is required.
2014-02-28 08:08:54 -06:00
2015-10-16 12:31:57 -05:00
As of the 0.2.0 release, when installing via Homebrew, the trust anchor is expected to be located at `$(brew --prefix)/etc/getdns-root.key` . Additionally, the OpenSSL library installed by Homebrew is linked against. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
2015-06-03 14:39:16 -05:00
2015-11-22 21:38:13 -06:00
### Microsoft Windows 8.1
2015-12-04 16:01:10 -06:00
This section has some Windows specific build instructions.
2016-02-02 23:17:07 -06:00
Build tested using the following:
32 bit only Mingw: [Mingw(3.21.0) and Msys 1.0 ](http://www.mingw.org/ ) on Windows 8.1
32 bit build on a 64 bit Mingw [Download latest from: http://mingw-w64.org/doku.php/download/mingw-builds and http://msys2.github.io/]. IMPORTANT: Install tested ONLY on the "x86_64" for 64-bit installer of msys2.
2015-12-04 15:23:05 -06:00
Dependencies:
2016-02-02 23:17:07 -06:00
The following dependencies are
openssl-1.0.2e
2015-12-04 15:23:05 -06:00
libidn
2016-02-02 23:17:07 -06:00
Instructions to build openssl-1.0.2e:
Open the mingw32_shell.bat from msys2 in order to build:
If necessary, install the following using pacman:
pacman -S pkg-config libtool automake
pacman -S autoconf automake-wrapper
tar -xvf openssl-1.0.2e.tar
cd openssl-1.0.2e/
./Configure --prefix=${LOCALDESTDIR} --openssldir=${LOCALDESTDIR}/etc/ssl --libdir=lib shared zlib-dynamic mingw
make
make install
2015-11-22 21:38:13 -06:00
To configure:
2015-12-30 08:42:24 -06:00
2016-02-02 23:17:07 -06:00
./configure --enable-stub-only --with-trust-anchor="c:\\\MinGW\\\msys\\\1.0\\\etc\\\unbound\\\getdns-root.key" --with-ssl=< location of openssl from above > --with-getdns_query
2015-11-22 21:38:13 -06:00
The trust anchor is also installed by unbound on c:\program Files (X86)\unbound\root.key and can be referenced from there
or anywhere else that the user chooses to configure it.
2015-12-30 08:42:24 -06:00
After configuring, do a `make` and `make install` to build getdns for Windows.
2015-11-22 21:38:13 -06:00
2015-12-04 16:01:10 -06:00
Example test queries:
2015-12-30 08:42:24 -06:00
2015-12-30 08:36:28 -06:00
./getdns_query.exe -s gmadkat.com A @64 .6.64.6 +return_call_reporting (UDP)
./getdns_query.exe -s gmadkat.com A @64 .6.64.6 -T +return_call_reporting (TCP)
./getdns_query.exe -s gmadkat.com A -l L @185 .49.141.37 +return_call_reporting (TLS without authentication)
./getdns_query.exe -s www.huque.com A +dnssec_return_status +return_call_reporting (DNSSEC)
2015-11-22 21:38:13 -06:00
2013-11-03 07:47:19 -06:00
Contributors
============
2015-08-27 06:59:20 -05:00
* Theogene Bucuti
2015-10-22 04:32:20 -05:00
* Andrew Cathrow, Verisign Labs
2015-12-30 08:36:28 -06:00
* Neil Cook
2015-09-29 07:03:48 -05:00
* Saúl Ibarra Corretgé
2014-02-26 08:33:17 -06:00
* Craig Despeaux, Verisign, Inc.
2014-10-27 08:39:04 -05:00
* John Dickinson, Sinodun
* Sara Dickinson, Sinodun
2015-09-29 07:03:48 -05:00
* Angelique Finan, Verisign, Inc.
* Daniel Kahn Gillmor
2013-11-03 07:47:19 -06:00
* Neel Goyal, Verisign, Inc.
2015-09-29 07:03:48 -05:00
* Bryan Graham, Verisign, Inc.
* Paul Hoffman
2015-05-13 16:24:36 -05:00
* Scott Hollenbeck, Verising, Inc.
2014-10-27 08:39:04 -05:00
* Shumon Huque, Verisign Labs
2015-09-29 07:03:48 -05:00
* Shane Kerr
* Anthony Kirby
2014-02-26 10:27:53 -06:00
* Olaf Kolkman, NLnet Labs
2015-05-13 16:24:36 -05:00
* Sanjay Mahurpawar, Verisign, Inc.
2014-02-25 20:05:18 -06:00
* Allison Mankin, Verisign, Inc. - Verisign Labs.
2015-08-27 06:59:20 -05:00
* Sai Mogali, Verisign, Inc.
2015-05-20 09:14:08 -05:00
* Benno Overeinder, NLnet Labs
2015-09-29 07:03:48 -05:00
* Joel Purra
2015-05-13 16:24:36 -05:00
* Prithvi Ranganath, Verisign, Inc.
2015-05-14 02:13:06 -05:00
* Rushi Shah, Verisign, Inc.
2015-09-29 07:03:48 -05:00
* Vinay Soni, Verisign, Inc.
2013-11-03 07:47:19 -06:00
* Melinda Shore, No Mountain Software LLC
2015-08-27 06:59:20 -05:00
* Bob Steagall, Verisign, Inc.
2014-02-24 08:26:20 -06:00
* Willem Toorop, NLnet Labs
2014-10-27 08:39:04 -05:00
* Gowri Visweswaran, Verisign Labs
2014-02-24 08:26:20 -06:00
* Wouter Wijngaards, NLnet Labs
2014-02-26 08:33:17 -06:00
* Glen Wiley, Verisign, Inc.
2015-09-29 07:03:48 -05:00
* Paul Wouters
2013-06-24 13:10:42 -05:00
2016-06-30 12:26:09 -05:00
2014-02-25 20:05:18 -06:00
Acknowledgements
================
2015-12-30 08:36:28 -06:00
The development team explicitly acknowledges Paul Hoffman for his initiative and efforts to develop a consensus based DNS API. We would like to thank the participants of the [mailing list ](https://getdnsapi.net/mailman/listinfo/spec ) for their contributions.