interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added DNSSEC, OPT narratives, cleaned up language, alphabetized return codes

This commit is contained in:
Glen Wiley 2014-03-10 18:19:28 -04:00
parent 8e144d5648
commit 02d318a8ea
5 changed files with 275 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
doc/getdns_address.3.in
View File

@ -68,12 +68,12 @@ getdns_dict **response)
.SH DESCRIPTION
.LP
The getdns_address(3) and getdns_address_sync functions provide public entry points into the getdns API library to retrieve the address given a host name. It always returns both IPv4 and IPv6 addresses.
The getdns_address(3) and getdns_address_sync functions provide public entry points into the getdns API library to retrieve the address given a host name. They always returns both IPv4 and IPv6 addresses. This function will use all of the namespaces from the context (to better emulate getaddrinfo (3)).
.HP 3
.I context
.RP
see getdns_context (3)
A pointer to the previously created DNS context that is to be used with this DNS request. see getdns_context (3)
.HP 3
.I name
@ -98,7 +98,10 @@ populated by the API and used to identify the callback (for example to getdns_ca
.HP 3
.I callbackfn
.RP
pointer to a callback function defined by the application, typically used to process the response, may not be NULL. Only the asynchronous signature accepts a callback function, the synchronous signature does not include a callback.
non-NULL pointer to a callback function defined by the application, typically
used to process the response. Only the asynchronous signature accepts a
callback function, the synchronous signature does not include a callback. See
libgetdns (3) for a more detailed discussion of callback functions.
.HP 3
.I response
@ -114,10 +117,7 @@ Upon successful completion the functions return
.LP
.B GETDNS_RETURN_BAD_CONTEXT
if the context pointer is invalid
.LP
.B GETDNS_RETURN_INVALID PARAMETER
one or more parameters has an invalid value
if the context pointer is invalid or the context has internal deficiencies
.LP
.B GETDNS_RETURN_BAD_DOMAIN_NAME
if the domain name passed to the function is invalid
@ -125,27 +125,33 @@ if the domain name passed to the function is invalid
.B GETDNS_RETURN_EXTENSION_MISFORMAT
if the data type specified in one or more of the extensions does not match the specifications
.LP
.B GETDNS_RETURN_GENERIC_ERROR
if some problem was encountered in the function not addressed by one of the more
specific return codes
.LP
.B GETDNS_RETURN_INVALID PARAMETER
if one or more parameters has an invalid value
.LP
.B GETDNS_RETURN_MEMORY_ERROR
if unable to allocate the memory required
.LP
.B GETDNS_RETURN_NO_SUCH_EXTENSION
if one or more of the strings specified in the extensions are not valid
.LP
.B GETDNS_RETURN_GENERIC_ERROR
some problem was encountered in the function not addressed by one of the more
specific return codes
The values of status in the response include:
The values of status included in the response parameter are:
.LP
.B GETDNS_RESPSTATUS_GOOD
At least one response was returned
if at least one response was returned
.LP
.B GETDNS_RESPSTATUS_NO_NAME
Queries for the name yielded all negative responses
if queries for the name yielded all negative responses
.LP
.B GETDNS_RESPSTATUS_ALL_TIMEOUT
All queries for the name timed out
if all queries for the name timed out
.LP
.B GETDNS_RESPSTATUS_NO_SECURE_ANSWERS
only secure replies accepted (per context), at least one response was received but no DNS responses were secure through DNSSEC
if only secure replies accepted (per context) and at least one response was received but no DNS responses were secure through DNSSEC
.LP
For a more detailed explanation of the response object see

44
doc/getdns_general.3.in
View File

@ -72,12 +72,16 @@ getdns_dict **response)
.SH DESCRIPTION
.LP
The getdns_general(3) and getdns_general_sync functions provide public entry points into the getdns API library to retrieve any valid responses to a query from the DNS.
The getdns_general(3) and getdns_general_sync functions provide public entry
points into the getdns API library to retrieve any valid responses to a query
from the DNS (note that other namespaces in the context are not used). Most
typical use cases for applications are probably satisifed via calls to
getdns_address(3) which would replace getaddrinfo(3).
.HP 3
.I context
.RP
see getdns_context (3)
A pointer to the previsouly created DNS context that is to be used with this DNS request. see getdns_context (3)
.HP 3
.I name
@ -94,6 +98,7 @@ Specifies the RRtype for the query; the RRtype numbers are listed in the IANA re
.HP 3
.I extensions
.RP
extensions for this request, NULL if no extensions, see libgetnds (3) for a detailed description of extensions
.HP 3
@ -109,7 +114,10 @@ populated by the API and used to identify the callback (for example to getdns_ca
.HP 3
.I callbackfn
.RP
pointer to a callback function defined by the application, typically used to process the response, may not be NULL. Only the asynchronous signature accepts a callback function, the synchronous signature does not include a callback.
non-NULL pointer to a callback function defined by the application, typically
used to process the response. Only the asynchronous signature accepts a
callback function, the synchronous signature does not include a callback. See
libgetdns (3) for a more detailed discussion of callback functions.
.HP 3
.I response
@ -125,10 +133,7 @@ Upon successful completion the functions return
.LP
.B GETDNS_RETURN_BAD_CONTEXT
if the context pointer is invalid
.LP
.B GETDNS_RETURN_INVALID PARAMETER
one or more parameters has an invalid value
if the context pointer is invalid or the context has internal deficiencies
.LP
.B GETDNS_RETURN_BAD_DOMAIN_NAME
if the domain name passed to the function is invalid
@ -136,27 +141,33 @@ if the domain name passed to the function is invalid
.B GETDNS_RETURN_EXTENSION_MISFORMAT
if the data type specified in one or more of the extensions does not match the specifications
.LP
.B GETDNS_RETURN_GENERIC_ERROR
if some problem was encountered in the function not addressed by one of the more
specific return codes
.LP
.B GETDNS_RETURN_INVALID PARAMETER
if one or more parameters has an invalid value
.LP
.B GETDNS_RETURN_MEMORY_ERROR
if unable to allocate the memory required
.LP
.B GETDNS_RETURN_NO_SUCH_EXTENSION
if one or more of the strings specified in the extensions are not valid
.LP
.B GETDNS_RETURN_GENERIC_ERROR
some problem was encountered in the function not addressed by one of the more
specific return codes
The values of status included in the response parameter are:
.LP
.B GETDNS_RESPSTATUS_GOOD
At least one response was returned
if at least one response was returned
.LP
.B GETDNS_RESPSTATUS_NO_NAME
Queries for the name yielded all negative responses
if queries for the name yielded all negative responses
.LP
.B GETDNS_RESPSTATUS_ALL_TIMEOUT
All queries for the name timed out
if all queries for the name timed out
.LP
.B GETDNS_RESPSTATUS_NO_SECURE_ANSWERS
only secure replies accepted (per context), at least one response was received but no DNS responses were secure through DNSSEC
if only secure replies accepted (per context) and at least one response was received but no DNS responses were secure through DNSSEC
.LP
For a more detailed explanation of the response object see
@ -258,11 +269,8 @@ TBD
.SH SEE ALSO
.BR libgetdns (3),
.BR getdns_address (3),
.BR getdns_address_sync (3),
.BR getdns_context (3),
.BR getdns_free_sync_request_memory (3),
.BR getdns_hostname (3),
.BR getdns_hostname_sync (3),
.BR getdns_service (3),
.BR getdns_service_sync (3)

41
doc/getdns_hostname.3.in
View File

@ -72,12 +72,10 @@ The getdns_hostname(3) and getdns_hostname_sync functions provide public entry p
.HP 3
.I context
see getdns_context (3)
A pointer to the previously created DNS context that is to be used with this DNS request. see getdns_context (3)
.HP 3
.I address
a getdns_dict structure containing two names: address_type (whose value is bindata and is either "IPv4" or "IPv6") and address_data whose value is bindata
.HP 3
@ -98,7 +96,10 @@ populated by the API and used to identify the callback (for example to getdns_ca
.HP 3
.I callbackfn
.RP
pointer to a callback function defined by the application, typically used to process the response, may not be NULL. Only the asynchronous signature accepts a callback function, the synchronous signature does not include a callback.
non-NULL pointer to a callback function defined by the application, typically
used to process the response. Only the asynchronous signature accepts a
callback function, the synchronous signature does not include a callback. See
libgetdns (3) for a more detailed discussion of callback functions.
.HP 3
.I response
@ -114,10 +115,7 @@ Upon successful completion the functions return
.LP
.B GETDNS_RETURN_BAD_CONTEXT
if the context pointer is invalid
.LP
.B GETDNS_RETURN_INVALID PARAMETER
one or more parameters has an invalid value
if the context pointer is invalid or the context has internal deficiencies
.LP
.B GETDNS_RETURN_BAD_DOMAIN_NAME
if the domain name passed to the function is invalid
@ -125,27 +123,33 @@ if the domain name passed to the function is invalid
.B GETDNS_RETURN_EXTENSION_MISFORMAT
if the data type specified in one or more of the extensions does not match the specifications
.LP
.B GETDNS_RETURN_GENERIC_ERROR
if some problem was encountered in the function not addressed by one of the more
specific return codes
.LP
.B GETDNS_RETURN_INVALID PARAMETER
if one or more parameters has an invalid value
.LP
.B GETDNS_RETURN_MEMORY_ERROR
if unable to allocate the memory required
.LP
.B GETDNS_RETURN_NO_SUCH_EXTENSION
if one or more of the strings specified in the extensions are not valid
.LP
.B GETDNS_RETURN_GENERIC_ERROR
some problem was encountered in the function not addressed by one of the more
specific return codes
The values of status in the response include:
The values of status included in the response parameter are:
.LP
.B GETDNS_RESPSTATUS_GOOD
At least one response was returned
if at least one response was returned
.LP
.B GETDNS_RESPSTATUS_NO_NAME
Queries for the name yielded all negative responses
if queries for the name yielded all negative responses
.LP
.B GETDNS_RESPSTATUS_ALL_TIMEOUT
All queries for the name timed out
if all queries for the name timed out
.LP
.B GETDNS_RESPSTATUS_NO_SECURE_ANSWERS
only secure replies accepted (per context), at least one response was received but no DNS responses were secure through DNSSEC
if only secure replies accepted (per context) and at least one response was received but no DNS responses were secure through DNSSEC
.LP
For a more detailed explanation of the response object see
@ -167,9 +171,6 @@ TBD
.BR getdns_context (3),
.BR getdns_free_sync_request_memory (3),
.BR getdns_general (3),
.BR getdns_general_sync (3),
.BR getdns_address (3),
.BR getdns_address_sync (3),
.BR getdns_service (3),
.BR getdns_service_sync (3)

39
doc/getdns_service.3.in
View File

@ -73,7 +73,7 @@ The getdns_service (3) and getdns_service_sync functions provide public entry po
.HP 3
.I context
.RP
see getdns_context (3)
A pointer to the previously created DNS context that is to be used with this DNS request. see getdns_context (3)
.HP 3
.I name
@ -98,7 +98,10 @@ populated by the API and used to identify the callback (for example to getdns_ca
.HP 3
.I callbackfn
.RP
pointer to a callback function defined by the application, typically used to process the response, may not be NULL. Only the asynchronous signature accepts a callback function, the synchronous signature does not include a callback.
non-NULL pointer to a callback function defined by the application, typically
used to process the response. Only the asynchronous signature accepts a
callback function, the synchronous signature does not include a callback. See
libgetdns (3) for a more detailed discussion of callback functions.
.HP 3
.I response
@ -114,10 +117,7 @@ Upon successful completion the functions return
.LP
.B GETDNS_RETURN_BAD_CONTEXT
if the context pointer is invalid
.LP
.B GETDNS_RETURN_INVALID PARAMETER
one or more parameters has an invalid value
if the context pointer is invalid or the context has internal deficiencies
.LP
.B GETDNS_RETURN_BAD_DOMAIN_NAME
if the domain name passed to the function is invalid
@ -125,27 +125,33 @@ if the domain name passed to the function is invalid
.B GETDNS_RETURN_EXTENSION_MISFORMAT
if the data type specified in one or more of the extensions does not match the specifications
.LP
.B GETDNS_RETURN_GENERIC_ERROR
if some problem was encountered in the function not addressed by one of the more
specific return codes
.LP
.B GETDNS_RETURN_INVALID PARAMETER
if one or more parameters has an invalid value
.LP
.B GETDNS_RETURN_MEMORY_ERROR
if unable to allocate the memory required
.LP
.B GETDNS_RETURN_NO_SUCH_EXTENSION
if one or more of the strings specified in the extensions are not valid
.LP
.B GETDNS_RETURN_GENERIC_ERROR
some problem was encountered in the function not addressed by one of the more
specific return codes
The values of status in the response include:
The values of status included in the response parameter are:
.LP
.B GETDNS_RESPSTATUS_GOOD
At least one response was returned
if at least one response was returned
.LP
.B GETDNS_RESPSTATUS_NO_NAME
Queries for the name yielded all negative responses
if queries for the name yielded all negative responses
.LP
.B GETDNS_RESPSTATUS_ALL_TIMEOUT
All queries for the name timed out
if all queries for the name timed out
.LP
.B GETDNS_RESPSTATUS_NO_SECURE_ANSWERS
only secure replies accepted (per context), at least one response was received but no DNS responses were secure through DNSSEC
if only secure replies accepted (per context) and at least one response was received but no DNS responses were secure through DNSSEC
.LP
For a more detailed explanation of the response object see
@ -167,9 +173,6 @@ TBD
.BR getdns_context (3),
.BR getdns_free_sync_request_memory (3),
.BR getdns_general (3),
.BR getdns_general_sync (3),
.BR getdns_hostname (3),
.BR getdns_hostname_sync (3),
.BR getdns_address (3),
.BR getdns_address_sync (3)

188
doc/libgetdns.3.in
View File

@ -394,6 +394,183 @@ Set to GETDNS_EXTENSION_TRUE to add the name
.LP
This implementation of the getdns API is licensed under the BSD license.
.SH DNSSEC
.LP
If an application wants the API to do DNSSEC validation for a request, it must
set one or more DNSSEC-related extensions. Note that the default is for none of
these extensions to be set and the API will not perform DNSSEC. Note that
getting DNSSEC results can take longer in a few circumstances.
.LP
To return the DNSSEC status for each DNS record in the replies_tree list, use
the dnssec_return_status extension. The extension's value (an int) is set to
GETDNS_EXTENSION_TRUE to cause the returned status to have the name
dnssec_status (an int) added to the other names in the record's dict ("header",
"question", and so on). The values for that name are GETDNS_DNSSEC_SECURE,
GETDNS_DNSSEC_BOGUS, GETDNS_DNSSEC_INDETERMINATE, and GETDNS_DNSSEC_INSECURE.
Thus, a reply might look like:
.Bd -literal -compact
{ # This is the first reply
"dnssec_status": GETDNS_DNSSEC_INDETERMINATE,
"header": { "id": 23456, "qr": 1, "opcode": 0, ... },
. . .
.Ed
.LP
If instead of returning the status, you want to only see secure results, use
the dnssec_return_only_secure extension. The extension's value (an int) is set
to GETDNS_EXTENSION_TRUE to cause only records that the API can validate as
secure with DNSSEC to be returned in the replies_tree and replies_full lists.
No additional names are added to the dict of the record; the change is that
some records might not appear in the results. When this context option is set,
if the API receives DNS replies but none are determined to be secure, the error
code at the top level of the response object is
GETDNS_RESPSTATUS_NO_SECURE_ANSWERS.
.LP
Applications that want to do their own validation will want to have the
DNSSEC-related records for a particular response. Use the
dnssec_return_validation_chain extension. The extension's value (an int) is set
to GETDNS_EXTENSION_TRUE to cause a set of additional DNSSEC-related records
needed for validation to be returned in the response object. This set comes as
validation_chain (a list) at the top level of the response object. This list
includes all resource record dicts for all the resource records (DS, DNSKEY and
their RRSIGs) that are needed to perform the validation from the root up. Thus,
a reply might look like:
.Bd -literal -compact
{ # This is the response object
"validation_chain":
[ { "name": <bindata for .>,
"type": GETDNS_RRTYPE_DNSKEY,
"rdata": { "flags": 256, . . . },
. . .
},
{ "name": <bindata for .>,
"type": GETDNS_RRTYPE_DNSKEY,
"rdata": { "flags": 257, . . . },
. . .
},
{ "name": <bindata for .>,
"type": GETDNS_RRTYPE_RRSIG,
"rdata": { "signers_name": <bindata for .>,
"type_covered": GETDNS_RRTYPE_DNSKEY,
. . .
},
},
{ "name": <bindata for com.>,
"type": GETDNS_RRTYPE_DS,
. . .
},
{ "name": <bindata for com.>,
"type": GETDNS_RRTYPE_RRSIG
"rdata": { "signers_name": <bindata for .>,
"type_covered": GETDNS_RRTYPE_DS,
. . .
},
. . .
},
{ "name": <bindata for com.>,
"type": GETDNS_RRTYPE_DNSKEY
"rdata": { "flags": 256, . . . },
. . .
},
{ "name": <bindata for com.>,
"type": GETDNS_RRTYPE_DNSKEY
"rdata": { "flags": 257, . . . },
. . .
},
{ "name": <bindata for com.>,
"type": GETDNS_RRTYPE_RRSIG
"rdata": { "signers_name": <bindata for com.>,
"type_covered": GETDNS_RRTYPE_DNSKEY,
. . .
},
. . .
},
{ "name": <bindata for example.com.>,
"type": GETDNS_RRTYPE_DS,
. . .
},
{ "name": <bindata for example.com.>,
"type": GETDNS_RRTYPE_RRSIG
"rdata": { "signers_name": <bindata for com.>,
"type_covered": GETDNS_RRTYPE_DS,
. . .
},
. . .
},
{ "name": <bindata for example.com.>,
"type": GETDNS_RRTYPE_DNSKEY
"rdata": { "flags": 257, ... },
. . .
},
. . .
]
"replies_tree":
[
. . .
.Ed
.LP
If a request is using a context in which stub resolution is set, and that
request also has any of the dnssec_return_status, dnssec_return_only_secure, or
dnssec_return_validation_chain extensions specified, the API will not perform
the request and will instead return an error of
GETDNS_RETURN_DNSSEC_WITH_STUB_DISALLOWED.
.SH OPT RESOURCE RECORDS
.LP
For lookups that need an OPT resource record in the Additional Data section,
use the add_opt_parameters extension. The extension's value (a dict) contains
the parameters; these are described in more detail in RFC 2671. They are:
.HP 3
.I maximum_udp_payload_size
.RP
(an int) between 512 and 65535; if not specified, this defaults to those from the DNS context
.HP 3
.I extended_rcode
.RP
(an int) between 0 and 255; if not specified, this defaults to those from the DNS context
.HP 3
.I version
.RP
(an int) between 0 and 255; if not specified, this defaults to 0
.HP 3
.I do_bit
.RP
(an int) between 0 and 1; if not specified, this defaults to those from the DNS context
.HP 3
.I options
.RP
(a list) contains dicts for each option to be specified. Each list time
contains two names: option_code (an int) and option_data (a bindata). The API
marshalls the entire set of options into a properly-formatted RDATA for the
resource record.
.LP
It is very important to note that the OPT resource record specified in the
add_opt_parameters extension might not be the same the one that the API sends
in the query. For example, if the application also includes any of the DNSSEC
extensions, the API will make sure that the OPT resource record sets the
resource record appropriately, making the needed changes to the settings from
the add_opt_parameters extension.
.LP
The use of this extension can conflict with the values in the DNS context. For
example, the default for an OS might be a maximum payload size of 65535, but
the extension might specify 1550. In such a case, the API will honor the values
stated in the extension, but will honor the values from the DNS context if
values are not given in the extension.
.SH RESPONSE DATA
.LP
@ -574,7 +751,10 @@ The requested action had an error; response is NULL
.HP 3
.I response
.RP
A response object with the response data. This is described below. The response object is part of the API's memory space, and will be freed by the API with the callback returns.
A response object with the response data. This is described in the section
titled "RESPONSE DATA" elsewhere in this manual page. The response object is
part of the API's memory space, and will be freed by the API with the callback
returns.
.HP 3
.I userarg
@ -639,13 +819,15 @@ The getdns API was documented by Paul Hoffman. This implementation of the getdn
.LP
.RS 3
.br
Carig Despeaux, Verisign Inc.
.br
Neel Goyal, Verisign Inc.
.br
Melinda Shore, No Mountain Software, LLC
.br
Willem Toorop, NLNet Labs
Willem Toorop, NLnet Labs
.br
Wouter Wijngaards, NLNet Labs
Wouter Wijngaards, NLnet Labs
.br
Glen Wiley, Verisign Inc.
.RE