Merge branch 'develop' into features/DNS64

2017-08-30 15:20:10 +02:00 · 2017-08-30 15:20:10 +02:00 · cfdaec9dcf
parent 5f6679ec25 fe6d2c9749
commit cfdaec9dcf
102 changed files with 6892 additions and 1826 deletions
--- a/.gitignore
+++ b/.gitignore
@ -39,7 +39,7 @@ src/test/check_getdns_ev
 src/test/scratchpad
 src/test/scratchpad.c
 src/tools/getdns_query
-src/tools/stubby
+src/stubby
 doc/*.3
 src/getdns/getdns.h
 *.log
--- a/.gitmodules
+++ b/.gitmodules
@ -2,3 +2,7 @@
 	path = src/jsmn
 	url = https://github.com/getdnsapi/jsmn.git
 	branch = getdns
+[submodule "stubby"]
+	path = stubby
+	url = https://github.com/getdnsapi/stubby.git
+	branch = develop
--- a/.travis.yml
+++ b/.travis.yml
@ -13,6 +13,7 @@ addons:
    - libev-dev
    - valgrind
    - clang
+    - wget
 script:
  - mkdir tests
  - cd tests
--- a/45
+++ b/45
@ -1,3 +1,48 @@
+* 2017-0?-??: Version 1.1.3
+  * No annotations with the output of getdns_query anymore,
+    unless -V option is given to increase verbosity
+    Thanks Ollivier Robert
+  * getdns_query will now exit with failure status if replies are BOGUS
+  * Bugfix: dnssec_return_validation_chain now also works when fallback
+    to full recursion was needed with dnssec_roadblock_avoidance
+  * More clear build instructions from Paul Hoffman.  Thanks.
+  * Bugfix #320.1: Eliminate multiple closing of file descriptors
+    Thanks Neil Cook
+  * Bugfix #320.2: Array bounds bug in upstream_select
+    Thanks Neil Cook
+  * Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
+    pages.  Thanks James Raftery
+  * Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
+    but does not have it implemented.  Thanks Joel Purra
+  * Compile without Stubby by default.  Stubby now has a git repository
+    of its own.  The new Stubby repository is added as a submodule.
+    Stubby will still be build alongside getdns with the --with-stubby
+    configure option.
+
+* 2017-07-03: Version 1.1.2
+  * Bugfix for parallel make install
+  * Bugfix to trigger event callbacks on socket errors
+  * A getdns_context_set_logfunc() function with which one may
+    register a callback log function for certain library subsystems
+    at certain levels.  Currently this can only be used for
+    upstream stastistics subsystem.
+
+* 2017-06-15: Version 1.1.1
+  * Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
+  * Spelling fix s/receive/receive.  Thanks Andreas Schulze.
+  * Added stubby-setdns-macos.sh script to support Homebrew formula
+  * Include stubby.conf in the districution tarball
+  * Bugfix #286 reschedule reused listening addresses
+  * Bugfix #166 Allow parallel builds and unit-tests
+  * NSAP-PTR, EID and NIMLOC, TALINK, AVC support
+  * Bugfix of TA RR type
+  * OPENPGPKEY and SMIMEA support
+  * Bugfix TAG rdata type presentation format for CAA RR type
+  * Bugfix Zero sized gateways with IPSECKEY gateway_type 0
+  * Guidance for integration with systemd
+  * Also check for memory leaks with advances server capabilities.
+  * Bugfix convert IP string to IP dict with getdns_str2dict() directly.
+
 * 2017-04-13: Version 1.1.0
  * bugfix: Check size of tls_auth_name.
  * Improvements that came from Visual Studio static analysis
--- a/Makefile.in
+++ b/Makefile.in
@ -44,7 +44,7 @@ libdir = @libdir@
 srcdir = @srcdir@
 INSTALL = @INSTALL@

-all : default @GETDNS_QUERY@ @STUBBY@
+all : default @GETDNS_QUERY@

 everything: default
 	cd src/test && $(MAKE)
@ -52,7 +52,10 @@ everything: default
 default:
 	cd src && $(MAKE) $@

-install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@
+install-lib:
+	cd src && $(MAKE) install
+
+install: getdns.pc getdns_ext_event.pc install-lib @INSTALL_GETDNS_QUERY@
 	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
@ -66,8 +69,7 @@ install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBB
 	$(INSTALL) -m 644 getdns_ext_event.pc $(DESTDIR)$(libdir)/pkgconfig
 	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)/spec
 	$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
-	cd src && $(MAKE) $@
-	cd doc && $(MAKE) $@
+	cd doc && $(MAKE) install
 	@echo "***"
 	@echo "***  !!! IMPORTANT !!!!  libgetdns needs a DNSSEC trust anchor!"
 	@echo "***"
@ -86,7 +88,7 @@ install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBB
 	@echo "***  at package installation time from the post-install script."
 	@echo "***"

-uninstall: @UNINSTALL_GETDNS_QUERY@ @UNINSTALL_STUBBY@
+uninstall: @UNINSTALL_GETDNS_QUERY@
 	rm -rf $(DESTDIR)$(docdir)
 	cd doc && $(MAKE) $@
 	cd src && $(MAKE) $@
@ -97,32 +99,32 @@ doc:	FORCE
 example:
 	cd spec/example && $(MAKE) $@

-test:
-	cd src && $(MAKE) $@
+test: default
+	cd src/test && $(MAKE) $@

-getdns_query:
-	cd src && $(MAKE) $@
+getdns_query: default
+	cd src/tools && $(MAKE) $@

 stubby:
 	cd src && $(MAKE) $@

-scratchpad:
-	cd src && $(MAKE) $@
+scratchpad: default
+	cd src/test && $(MAKE) $@

 pad: scratchpad
 	src/test/scratchpad || ./libtool exec gdb src/test/scratchpad

-install-getdns_query:
+install-getdns_query: install-lib
 	cd src/tools && $(MAKE) $@

 uninstall-getdns_query:
 	cd src/tools && $(MAKE) $@

 install-stubby:
-	cd src/tools && $(MAKE) $@
+	cd src && $(MAKE) $@

 uninstall-stubby:
-	cd src/tools && $(MAKE) $@
+	cd src && $(MAKE) $@

 clean:
 	cd src && $(MAKE) $@
@ -190,7 +192,6 @@ $(distdir):
 	mkdir -p $(distdir)/src
 	mkdir -p $(distdir)/src/getdns
 	mkdir -p $(distdir)/src/test
-	mkdir -p $(distdir)/src/test/jsmn
 	mkdir -p $(distdir)/src/extension
 	mkdir -p $(distdir)/src/compat
 	mkdir -p $(distdir)/src/util
@ -200,6 +201,8 @@ $(distdir):
 	mkdir -p $(distdir)/doc
 	mkdir -p $(distdir)/spec
 	mkdir -p $(distdir)/spec/example
+	mkdir -p $(distdir)/stubby
+	mkdir -p $(distdir)/stubby/src
 	cp $(srcdir)/configure.ac $(distdir)
 	cp $(srcdir)/configure $(distdir)
 	cp $(srcdir)/AUTHORS $(distdir)
@ -242,6 +245,11 @@ $(distdir):
 	cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
 	cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
 	cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
+	cp $(srcdir)/stubby/stubby.conf.example $(distdir)/stubby
+	cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
+	cp $(srcdir)/stubby/src/stubby.c $(distdir)/stubby/src
+	cp $(srcdir)/stubby/COPYING $(distdir)/stubby
+	cp $(srcdir)/stubby/README.md $(distdir)/stubby
 	cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
 	cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn
 	cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn
--- a/README.md
+++ b/README.md
@ -25,15 +25,23 @@ getdns also provides an experimental DNS Privacy enabled client called 'stubby'

 The developers are of the opinion that DNSSEC offers a unique global infrastructure for establishing and enhancing cryptographic trust relations.  With the development of this API we intend to offer application developers a modern and flexible interface that enables end-to-end trust in the DNS architecture, and which will inspire application developers to implement innovative security solutions in their applications.

+### API Documentation
+
+Note that this implementation offers additional functionality to supplement that in the [official getdns API](https://getdnsapi.net/documentation/spec/). Some additions are convenient utility functions but other functionality is experimental prior to be being recommended for inclusion in the official API.  The [Doxygen documentation](https://getdnsapi.net/doxygen/modules.html)  provides the details of the full API for this implementation.
+
 ## License

 This implementation is licensed under the New BSD License (BSD-new).

 Obtaining and getting started with getdns
 =========================================
-The project home page at [getdnsapi.net](https://getdnsapi.net) provides documentation, binary downloads, and news regarding the getdns API implementation.  This file captures the goals and direction of the project and the current state of the implementation.
+The project home page at [getdnsapi.net](https://getdnsapi.net) provides documentation, binary downloads, and news regarding the getdns API implementation.  This README file captures the goals and direction of the project and the current state of the implementation.
+
+If you are just getting started with the library take a look at the section below that describes building and handling external dependencies for the library. 
+
+### Examples
+Once it is built you should take a look at src/examples to see how the library is used.

-If you are just getting started with the library take a look at the section below that describes building and handling external dependencies for the library.  Once it is built you should take a look at src/examples to see how the library is used.

 # Download

@ -57,6 +65,8 @@ The following requirements were met as conditions for the present release:

 # Building and External Dependencies

+If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files.  
+
 External dependencies are linked outside the getdns API build tree (we rely on configure to find them).  We would like to keep the dependency tree short.  Please refer to section for building on Windows for separate dependency and build instructions for that platform.

 * [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later.
@ -64,23 +74,25 @@ External dependencies are linked outside the getdns API build tree (we rely on c
 * [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
 * Doxygen is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.

-If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files.  If you checked out from git you need to copy the libtool helper scripts and rebuild configure thus:
+For example, to build on a recent version of Ubuntu, you would need the following packages:

-    # libtoolize -ci (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
-    # autoreconf -fi
+    # apt install build-essential libunbound-dev libidn11-dev libssl-dev libtool m4 autoconf
+
+If you are building from git, you need to do the following before building:

-If you want to make use of the configuration files that utilise a JSON-like format, you must do 

    # git submodule update --init

-before building. 
+    # libtoolize -ci # (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
+    # autoreconf -fi
+

 As well as building the getdns library 2 other tools are installed by default by the above process:

 * getdns_query: a command line test script wrapper for getdns
 * stubby: an experimental DNS Privacy enabled client

-Note: If you only want to build stubby, then use the `--enable-stub-only` and `--without-libidn` options when running 'configure'.
+Note: If you only want to build stubby, then use the `--with-stubby` option when running 'configure'.


 ## Minimizing dependencies
@ -91,7 +103,7 @@ Note: If you only want to build stubby, then use the `--enable-stub-only` and `-

 ## Extensions and Event loop dependencies

-The implementation works with a variety of event loops, each built as a separate shared library.  See [the wiki](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support#wiki-included-event-loop-integrations) for more details.
+The implementation works with a variety of event loops, each built as a separate shared library.  See [this Doxygen page](https://getdnsapi.net/doxygen/group__eventloops.html) and [this man page](https://getdnsapi.net/documentation/manpages/#ASYNCHRONOUS USE) for more details.

 * [libevent](http://libevent.org).  Note: the examples *require* this and should work with either libevent 1.x or 2.x.  2.x is preferred.
 * [libuv](https://github.com/joyent/libuv)
@ -99,15 +111,9 @@ The implementation works with a variety of event loops, each built as a separate

 ## Stubby

-* Stubby is an experimental implementation of a DNS Privacy enabled stub resolver. It is currently suitable for advanced/technical users - all feedback is welcome! Also see [dnsprivacy.org](https://dnsprivacy.org) for more information on DNS Privacy and stubby.
-* By default stubby will attempt to use 'Opportunistic' Privacy for DNS queries.
-* A sample configuration file is available in the source code (src/tools/stubby.conf) which uses 'Strict' Privacy and some of the available test DNS Privacy servers to resolve queries. Note these servers are test servers that offer no service guarantees. The location of a configuration file can be specified with the '-C' flag
-* RECOMMENDED: Minimal logging output from Stubby is available  (e.g. which servers are used and connection level statistics) by also using the '--enable-debug-daemon' flag when running 'configure'.
-
-To use stubby
-* Start stubby from the command line
-* Test it by doing, for example, 'dig @127.0.0.1 www.example.com'
-* Alter the default DNS resolvers on your system to point at localhost (127.0.0.1, ::1)
+* Stubby is an experimental implementation of a DNS Privacy enabled stub resolver than encrypts DNS queries using TLS. It is currently suitable for advanced/technical users - all feedback is welcome! 
+* Details on how to use Stubby can be found in the [Stubby Reference Guide](https://getdnsapi.net/blog/dns-privacy-daemon-stubby).
+* Also see [dnsprivacy.org](https://dnsprivacy.org) for more information on DNS Privacy.

 ## Regression Tests

@ -136,20 +142,20 @@ execute the following steps as root:
 Support
 =======

-# Mailing lists
+## Mailing lists

 We have a [getdns users list](https://getdnsapi.net/mailman/listinfo/users) for this implementation.

 The [getdns-api mailing list](https://getdnsapi.net/mailman/listinfo/spec) is a good place to engage in discussions regarding the design of the API.

-# Tickets and Bug Reports
+## Tickets and Bug Reports

 Tickets and bug reports should be reported via the [GitHub issues list](https://github.com/getdnsapi/getdns/issues).

 Features of this release
 ========================

-# Goals
+## Goals

 The goals of this implementation of the getdns API are:

@ -165,35 +171,30 @@ Non-goals (things we will not be doing at least initially) include:

 * implementation of the traditional DNS related routines (gethostbyname, etc.)

-# Official and Additional API
-
-Note that this implementation offers additional functionality to supplement that in the official getdns API. Some additions are convenient utility functions but other functionality is experimental prior to be being recommended for inclusion in the official API.  The 'Modules' page in the doxygen documentation provides a guide to both the official API and the additional functionality.
-
-# Language Bindings
+## Language Bindings

 In parallel, the team is actively developing bindings for various languages.
-For more information, visit the
-[wiki](https://github.com/getdnsapi/getdns/wiki/Language-Bindings).
+For more information, visit this
+[webpage](https://getdnsapi.net/bindings/).

-# Unsupported getDNS Features
+## Unsupported getDNS Features

 The following API calls are documented in getDNS but *not supported* by the implementation at this time:

-* Disabling following of `CNAME`s with `getdns_context_set_follow_redirects()`
 * Detecting changes to resolv.conf and hosts
 * MDNS, NIS and NetBIOS namespaces (only DNS and LOCALFILES are supported)

-## Minor omissions
+### Minor omissions

 The following minor implementation omissions are noted:

 Recursive mode does not support:
 * TLS as a transport
 * Non-zero connection idle timeouts or query pipelining
+* Anything other than query_type and resolution_type in the return_call_reporting extension

 Stub mode does not support:
 * Non zero idle timeouts for synchronous calls
-* Limit on number of outstanding queries

 # Known Issues

@ -267,7 +268,7 @@ build the packages; this is simply the one we chose to use.

 If you're using [Homebrew](http://brew.sh/), you may run `brew install getdns`.  By default, this will only build the core library without any 3rd party event loop support.

-To install the [event loop integration libraries](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev`.  All switches are optional.
+To install the [event loop integration libraries](https://getdnsapi.net/doxygen/group__eventloops.html) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev`.  All switches are optional.

 Note that in order to compile the examples, the `--with-libevent` switch is required.

--- a/configure.ac
+++ b/configure.ac
@ -36,8 +36,12 @@ sinclude(./m4/acx_getaddrinfo.m4)
 sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)

-AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
-AC_SUBST(RELEASE_CANDIDATE, [])
+AC_INIT([getdns], [1.1.3], [users@getdnsapi.net], [], [https://getdnsapi.net])
+
+# Dont forget to put a dash in front of the release candidate!!!
+# That is how it is done with semantic versioning!
+#
+AC_SUBST(RELEASE_CANDIDATE, [-rc1])

 # Set current date from system if not set
 AC_ARG_WITH([current-date],
@ -47,7 +51,7 @@ AC_ARG_WITH([current-date],
  [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])

 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01010000])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010102c1])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@ -77,10 +81,13 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
 # getdns-0.5.0 had libversion 4:0:3
 # getdns-0.5.1 had libversion 4:1:3 (but should have been getdns-0.6.0)
 # getdns-0.9.0 had libversion 5:0:4
-# getdns-1.0.0 had  libversion 5:1:4
-# getdns-1.1.0 will have libversion 6:0:0
+# getdns-1.0.0 had libversion 5:1:4
+# getdns-1.1.0 had libversion 6:0:0
+# getdns-1.1.1 had libversion 6:1:0
+# getdns-1.1.2 has libversion 7:0:1
+# getdns-1.1.3 will have libversion 7:1:1
 #
-GETDNS_LIBVERSION=6:0:0
+GETDNS_LIBVERSION=7:1:1

 AC_SUBST(GETDNS_COMPILATION_COMMENT)
 AC_SUBST(GETDNS_LIBVERSION)
@ -296,7 +303,7 @@ fi
 AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method DSA_SIG_set0 EVP_dss1 SSL_CTX_set_min_proto_version])
+AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_min_proto_version])
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
 AC_INCLUDES_DEFAULT
 #ifdef HAVE_OPENSSL_ERR_H
@ -499,6 +506,24 @@ case "$enable_dsa" in
      ;;
 esac

+AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support]))
+use_ed25519="no"
+case "$enable_ed25519" in
+    no)
+      ;;
+    *)
+      if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
+              AC_CHECK_DECLS([NID_ED25519], [
+                AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
+                use_ed25519="yes"
+              ], [ if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.])
+                fi ], [AC_INCLUDES_DEFAULT
+#include <openssl/evp.h>
+              ])
+      fi
+      ;;
+esac
+
 AC_ARG_ENABLE(all-drafts, AC_HELP_STRING([--enable-all-drafts], [Enables the draft mdns client support]))
 case "$enable_all_drafts" in
 	yes)
@ -985,17 +1010,17 @@ AC_SUBST(GETDNS_QUERY)
 AC_SUBST(INSTALL_GETDNS_QUERY)
 AC_SUBST(UNINSTALL_GETDNS_QUERY)

-AC_ARG_WITH(stubby, AS_HELP_STRING([--without-stubby],
-	[Do not compile and install stubby, the (stub) resolver daemon]),
-	[], [withval="yes"])
-if test x_$withval = x_no; then
-	STUBBY=""
-	INSTALL_STUBBY=""
-	UNINSTALL_STUBBY=""
-else
+AC_ARG_WITH(stubby, AS_HELP_STRING([--with-stubby],
+	[Compile and install stubby, the (stub) resolver daemon]),
+	[], [withval="no"])
+if test x_$withval = x_yes; then
 	STUBBY="stubby"
 	INSTALL_STUBBY="install-stubby"
 	UNINSTALL_STUBBY="uninstall-stubby"
+else
+	STUBBY=""
+	INSTALL_STUBBY=""
+	UNINSTALL_STUBBY=""
 fi
 AC_SUBST(STUBBY)
 AC_SUBST(INSTALL_STUBBY)
@ -1144,6 +1169,7 @@ esac
 AC_SUBST(C99COMPATFLAGS)

 AC_DEFINE_UNQUOTED([MAX_CNAME_REFERRALS], [100], [The maximum number of cname referrals.])
+AC_DEFINE_UNQUOTED([DRAFT_RRTYPES], [1], [Define this to enable all rrtypes in gldns.])

 AH_BOTTOM([

@ -1159,9 +1185,14 @@ AH_BOTTOM([
  * See: https://support.microsoft.com/en-us/kb/111855
  */
 # ifndef FD_SETSIZE
-# define FD_SETSIZE 1024
+#  define FD_SETSIZE 1024
 # endif
 # define PRIsz "%Iu"
+
+ /* Windows wants us to use _strdup instead of strdup */
+# ifndef strdup
+#  define strdup _strdup
+# endif
 #else
 # define PRIsz "%zu"
 #endif
--- a/spec/index.html
+++ b/spec/index.html
@ -875,7 +875,7 @@ names:</p>
 <li><code>query_name</code> (a bindata) is the name that was sent</li>
 <li><code>query_type</code> (an int) is the type that was queried for</li>
 <li><code>query_to</code> (a bindata) is the address to which the query was sent</li>
-<li><code>run_time</code> (a bindata) is the difference between the time the successful
+<li><code>run_time/ms</code> (a bindata) is the difference between the time the successful
 query started and ended in milliseconds, represented
 as a uint32_t (this does not include time taken for connection set up
 or transport fallback)</li>
--- a/src/Doxyfile.in
+++ b/src/Doxyfile.in
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -35,16 +35,23 @@ libversion = @GETDNS_LIBVERSION@
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 bindir = @bindir@
+sbindir = @sbindir@
 libdir = @libdir@
 includedir = @includedir@
+sysconfdir = @sysconfdir@
+localstatedir = @localstatedir@
+runstatedir = @runstatedir@
+stubbyconfdir = $(sysconfdir)/stubby
 have_libevent = @have_libevent@
 have_libuv = @have_libuv@
 have_libev = @have_libev@
 # datarootdir is here to please some checkers
 datarootdir=@datarootdir@
 INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@

 srcdir = @srcdir@
+stubbysrcdir = $(srcdir)/../stubby
 LIBTOOL = ../libtool

 CC=@CC@
@ -75,6 +82,8 @@ GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
 GLDNS_OBJ=keyraw.lo gbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
 	str2wire.lo

+PROGRAMS=@STUBBY@
+
 LIBOBJDIR=
 LIBOBJS=@LIBOBJS@
 COMPAT_OBJ=$(LIBOBJS:.o=.lo)
@ -97,7 +106,7 @@ NON_C99_OBJS=context.lo libuv.lo

 default: all

-all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB)
+all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB) $(PROGRAMS)

 $(GETDNS_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/$(@:.lo=.c) -o $@
@ -123,25 +132,35 @@ context.lo:
 libuv.lo:
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo

-install:	libgetdns.la
+install-headers: getdns/getdns.h getdns/getdns_extra.h
 	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/getdns
 	$(INSTALL) -m 644 getdns/getdns.h $(DESTDIR)$(includedir)/getdns/getdns.h
 	$(INSTALL) -m 644 getdns/getdns_extra.h $(DESTDIR)$(includedir)/getdns/getdns_extra.h
+	if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; fi
+	if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; fi
+	if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; fi
+
+uninstall-headers:
+	rm -rf $(DESTDIR)$(includedir)/getdns
+
+install-libs: libgetdns.la
 	$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
 	$(LIBTOOL) --mode=install cp libgetdns.la $(DESTDIR)$(libdir)
-	if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
-	if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
-	if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
-
+	if test $(have_libevent) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
+	if test $(have_libuv) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
+	if test $(have_libev) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
 	$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)

-uninstall:
-	rm -rf $(DESTDIR)$(includedir)/getdns
-	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
+uninstall-libs:
 	if test $(have_libevent) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEVENT_LIB) ; fi
 	if test $(have_libuv) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBUV_LIB) ; fi
 	if test $(have_libev) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEV_LIB) ; fi
+	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
+
+install: install-libs install-headers @INSTALL_STUBBY@
+
+uninstall: @UNINSTALL_STUBBY@ uninstall-headers uninstall-libs

 libgetdns_ext_event.la: libgetdns.la libevent.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
@ -157,16 +176,32 @@ libgetdns_ext_ev.la: libgetdns.la libev.lo
 libgetdns.la: $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ)
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols

-test:	all
+test: default
 	cd test && $(MAKE) $@

-getdns_query:	all
+getdns_query: default
 	cd tools && $(MAKE) $@

-stubby:	all
-	cd tools && $(MAKE) $@
+stubby.lo: $(stubbysrcdir)/src/stubby.c
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -DSTUBBYCONFDIR=\"$(sysconfdir)/stubby\" -DRUNSTATEDIR=\"$(runstatedir)\" -c $< -o $@

-scratchpad:	all
+stubby: stubby.lo libgetdns.la 
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(LDFLAGS) libgetdns.la
+
+install-stubby: stubby $(stubbysrcdir)/stubby.conf.example $(stubbysrcdir)/stubby-setdns-macos.sh
+	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
+	$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
+	$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
+	$(INSTALL) -m 755  $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
+	$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
+	test -f $(DESTDIR)$(stubbyconfdir)/stubby.conf || \
+		$(INSTALL_DATA) $(stubbysrcdir)/stubby.conf.example $(DESTDIR)$(stubbyconfdir)/stubby.conf
+
+uninstall-stubby:
+	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
+	rm -f $(DESTDIR)$(sbindir)/stubby-setdns-macos.sh
+
+scratchpad: default
 	cd test && $(MAKE) $@

 pad: scratchpad
--- a/src/const-info.c
+++ b/src/const-info.c
@ -9,94 +9,101 @@

 static struct const_info consts_info[] = {
 	{   -1, NULL, "/* <unknown getdns value> */" },
-	{    0, "GETDNS_RETURN_GOOD", GETDNS_RETURN_GOOD_TEXT },
-	{    1, "GETDNS_RETURN_GENERIC_ERROR", GETDNS_RETURN_GENERIC_ERROR_TEXT },
-	{  300, "GETDNS_RETURN_BAD_DOMAIN_NAME", GETDNS_RETURN_BAD_DOMAIN_NAME_TEXT },
-	{  301, "GETDNS_RETURN_BAD_CONTEXT", GETDNS_RETURN_BAD_CONTEXT_TEXT },
-	{  302, "GETDNS_RETURN_CONTEXT_UPDATE_FAIL", GETDNS_RETURN_CONTEXT_UPDATE_FAIL_TEXT },
-	{  303, "GETDNS_RETURN_UNKNOWN_TRANSACTION", GETDNS_RETURN_UNKNOWN_TRANSACTION_TEXT },
-	{  304, "GETDNS_RETURN_NO_SUCH_LIST_ITEM", GETDNS_RETURN_NO_SUCH_LIST_ITEM_TEXT },
-	{  305, "GETDNS_RETURN_NO_SUCH_DICT_NAME", GETDNS_RETURN_NO_SUCH_DICT_NAME_TEXT },
-	{  306, "GETDNS_RETURN_WRONG_TYPE_REQUESTED", GETDNS_RETURN_WRONG_TYPE_REQUESTED_TEXT },
-	{  307, "GETDNS_RETURN_NO_SUCH_EXTENSION", GETDNS_RETURN_NO_SUCH_EXTENSION_TEXT },
-	{  308, "GETDNS_RETURN_EXTENSION_MISFORMAT", GETDNS_RETURN_EXTENSION_MISFORMAT_TEXT },
-	{  309, "GETDNS_RETURN_DNSSEC_WITH_STUB_DISALLOWED", GETDNS_RETURN_DNSSEC_WITH_STUB_DISALLOWED_TEXT },
-	{  310, "GETDNS_RETURN_MEMORY_ERROR", GETDNS_RETURN_MEMORY_ERROR_TEXT },
-	{  311, "GETDNS_RETURN_INVALID_PARAMETER", GETDNS_RETURN_INVALID_PARAMETER_TEXT },
-	{  312, "GETDNS_RETURN_NOT_IMPLEMENTED", GETDNS_RETURN_NOT_IMPLEMENTED_TEXT },
-	{  398, "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", GETDNS_RETURN_NO_UPSTREAM_AVAILABLE_TEXT },
-	{  399, "GETDNS_RETURN_NEED_MORE_SPACE", GETDNS_RETURN_NEED_MORE_SPACE_TEXT },
-	{  400, "GETDNS_DNSSEC_SECURE", GETDNS_DNSSEC_SECURE_TEXT },
-	{  401, "GETDNS_DNSSEC_BOGUS", GETDNS_DNSSEC_BOGUS_TEXT },
-	{  402, "GETDNS_DNSSEC_INDETERMINATE", GETDNS_DNSSEC_INDETERMINATE_TEXT },
-	{  403, "GETDNS_DNSSEC_INSECURE", GETDNS_DNSSEC_INSECURE_TEXT },
-	{  404, "GETDNS_DNSSEC_NOT_PERFORMED", GETDNS_DNSSEC_NOT_PERFORMED_TEXT },
-	{  500, "GETDNS_NAMESPACE_DNS", GETDNS_NAMESPACE_DNS_TEXT },
-	{  501, "GETDNS_NAMESPACE_LOCALNAMES", GETDNS_NAMESPACE_LOCALNAMES_TEXT },
-	{  502, "GETDNS_NAMESPACE_NETBIOS", GETDNS_NAMESPACE_NETBIOS_TEXT },
-	{  503, "GETDNS_NAMESPACE_MDNS", GETDNS_NAMESPACE_MDNS_TEXT },
-	{  504, "GETDNS_NAMESPACE_NIS", GETDNS_NAMESPACE_NIS_TEXT },
-	{  520, "GETDNS_RESOLUTION_STUB", GETDNS_RESOLUTION_STUB_TEXT },
-	{  521, "GETDNS_RESOLUTION_RECURSING", GETDNS_RESOLUTION_RECURSING_TEXT },
-	{  530, "GETDNS_REDIRECTS_FOLLOW", GETDNS_REDIRECTS_FOLLOW_TEXT },
-	{  531, "GETDNS_REDIRECTS_DO_NOT_FOLLOW", GETDNS_REDIRECTS_DO_NOT_FOLLOW_TEXT },
-	{  540, "GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP", GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP_TEXT },
-	{  541, "GETDNS_TRANSPORT_UDP_ONLY", GETDNS_TRANSPORT_UDP_ONLY_TEXT },
-	{  542, "GETDNS_TRANSPORT_TCP_ONLY", GETDNS_TRANSPORT_TCP_ONLY_TEXT },
-	{  543, "GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN_TEXT },
-	{  544, "GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN_TEXT },
-	{  545, "GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT },
-	{  550, "GETDNS_APPEND_NAME_ALWAYS", GETDNS_APPEND_NAME_ALWAYS_TEXT },
-	{  551, "GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE_TEXT },
-	{  552, "GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE_TEXT },
-	{  553, "GETDNS_APPEND_NAME_NEVER", GETDNS_APPEND_NAME_NEVER_TEXT },
-	{  554, "GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST", GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST_TEXT },
-	{  600, "GETDNS_CONTEXT_CODE_NAMESPACES", GETDNS_CONTEXT_CODE_NAMESPACES_TEXT },
-	{  601, "GETDNS_CONTEXT_CODE_RESOLUTION_TYPE", GETDNS_CONTEXT_CODE_RESOLUTION_TYPE_TEXT },
-	{  602, "GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS", GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS_TEXT },
-	{  603, "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS_TEXT },
-	{  604, "GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS", GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS_TEXT },
-	{  605, "GETDNS_CONTEXT_CODE_DNS_TRANSPORT", GETDNS_CONTEXT_CODE_DNS_TRANSPORT_TEXT },
-	{  606, "GETDNS_CONTEXT_CODE_LIMIT_OUTSTANDING_QUERIES", GETDNS_CONTEXT_CODE_LIMIT_OUTSTANDING_QUERIES_TEXT },
-	{  607, "GETDNS_CONTEXT_CODE_APPEND_NAME", GETDNS_CONTEXT_CODE_APPEND_NAME_TEXT },
-	{  608, "GETDNS_CONTEXT_CODE_SUFFIX", GETDNS_CONTEXT_CODE_SUFFIX_TEXT },
-	{  609, "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS_TEXT },
-	{  610, "GETDNS_CONTEXT_CODE_EDNS_MAXIMUM_UDP_PAYLOAD_SIZE", GETDNS_CONTEXT_CODE_EDNS_MAXIMUM_UDP_PAYLOAD_SIZE_TEXT },
-	{  611, "GETDNS_CONTEXT_CODE_EDNS_EXTENDED_RCODE", GETDNS_CONTEXT_CODE_EDNS_EXTENDED_RCODE_TEXT },
-	{  612, "GETDNS_CONTEXT_CODE_EDNS_VERSION", GETDNS_CONTEXT_CODE_EDNS_VERSION_TEXT },
-	{  613, "GETDNS_CONTEXT_CODE_EDNS_DO_BIT", GETDNS_CONTEXT_CODE_EDNS_DO_BIT_TEXT },
-	{  614, "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW_TEXT },
-	{  615, "GETDNS_CONTEXT_CODE_MEMORY_FUNCTIONS", GETDNS_CONTEXT_CODE_MEMORY_FUNCTIONS_TEXT },
-	{  616, "GETDNS_CONTEXT_CODE_TIMEOUT", GETDNS_CONTEXT_CODE_TIMEOUT_TEXT },
-	{  617, "GETDNS_CONTEXT_CODE_IDLE_TIMEOUT", GETDNS_CONTEXT_CODE_IDLE_TIMEOUT_TEXT },
-	{  618, "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION_TEXT },
-	{  619, "GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE", GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE_TEXT },
-	{  620, "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE_TEXT },
-	{  621, "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT },
-	{  622, "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT },
-	{  623, "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT },
-	{  624, "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT },
-	{  700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
-	{  701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
-	{  702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
-	{  703, "GETDNS_CALLBACK_ERROR", GETDNS_CALLBACK_ERROR_TEXT },
-	{  800, "GETDNS_NAMETYPE_DNS", GETDNS_NAMETYPE_DNS_TEXT },
-	{  801, "GETDNS_NAMETYPE_WINS", GETDNS_NAMETYPE_WINS_TEXT },
-	{  900, "GETDNS_RESPSTATUS_GOOD", GETDNS_RESPSTATUS_GOOD_TEXT },
-	{  901, "GETDNS_RESPSTATUS_NO_NAME", GETDNS_RESPSTATUS_NO_NAME_TEXT },
-	{  902, "GETDNS_RESPSTATUS_ALL_TIMEOUT", GETDNS_RESPSTATUS_ALL_TIMEOUT_TEXT },
-	{  903, "GETDNS_RESPSTATUS_NO_SECURE_ANSWERS", GETDNS_RESPSTATUS_NO_SECURE_ANSWERS_TEXT },
-	{  904, "GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS", GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS_TEXT },
-	{ 1000, "GETDNS_EXTENSION_TRUE", GETDNS_EXTENSION_TRUE_TEXT },
-	{ 1001, "GETDNS_EXTENSION_FALSE", GETDNS_EXTENSION_FALSE_TEXT },
-	{ 1100, "GETDNS_BAD_DNS_CNAME_IN_TARGET", GETDNS_BAD_DNS_CNAME_IN_TARGET_TEXT },
-	{ 1101, "GETDNS_BAD_DNS_ALL_NUMERIC_LABEL", GETDNS_BAD_DNS_ALL_NUMERIC_LABEL_TEXT },
-	{ 1102, "GETDNS_BAD_DNS_CNAME_RETURNED_FOR_OTHER_TYPE", GETDNS_BAD_DNS_CNAME_RETURNED_FOR_OTHER_TYPE_TEXT },
-	{ 1200, "GETDNS_TRANSPORT_UDP", GETDNS_TRANSPORT_UDP_TEXT },
-	{ 1201, "GETDNS_TRANSPORT_TCP", GETDNS_TRANSPORT_TCP_TEXT },
-	{ 1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT },
-	{ 1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT },
-	{ 1301, "GETDNS_AUTHENTICATION_REQUIRED", GETDNS_AUTHENTICATION_REQUIRED_TEXT },
+	{       0, "GETDNS_RETURN_GOOD", GETDNS_RETURN_GOOD_TEXT },
+	{       1, "GETDNS_RETURN_GENERIC_ERROR", GETDNS_RETURN_GENERIC_ERROR_TEXT },
+	{       2, "GETDNS_LOG_CRIT", GETDNS_LOG_CRIT_TEXT },
+	{       3, "GETDNS_LOG_ERR", GETDNS_LOG_ERR_TEXT },
+	{       4, "GETDNS_LOG_WARNING", GETDNS_LOG_WARNING_TEXT },
+	{       5, "GETDNS_LOG_NOTICE", GETDNS_LOG_NOTICE_TEXT },
+	{       6, "GETDNS_LOG_INFO", GETDNS_LOG_INFO_TEXT },
+	{       7, "GETDNS_LOG_DEBUG", GETDNS_LOG_DEBUG_TEXT },
+	{     300, "GETDNS_RETURN_BAD_DOMAIN_NAME", GETDNS_RETURN_BAD_DOMAIN_NAME_TEXT },
+	{     301, "GETDNS_RETURN_BAD_CONTEXT", GETDNS_RETURN_BAD_CONTEXT_TEXT },
+	{     302, "GETDNS_RETURN_CONTEXT_UPDATE_FAIL", GETDNS_RETURN_CONTEXT_UPDATE_FAIL_TEXT },
+	{     303, "GETDNS_RETURN_UNKNOWN_TRANSACTION", GETDNS_RETURN_UNKNOWN_TRANSACTION_TEXT },
+	{     304, "GETDNS_RETURN_NO_SUCH_LIST_ITEM", GETDNS_RETURN_NO_SUCH_LIST_ITEM_TEXT },
+	{     305, "GETDNS_RETURN_NO_SUCH_DICT_NAME", GETDNS_RETURN_NO_SUCH_DICT_NAME_TEXT },
+	{     306, "GETDNS_RETURN_WRONG_TYPE_REQUESTED", GETDNS_RETURN_WRONG_TYPE_REQUESTED_TEXT },
+	{     307, "GETDNS_RETURN_NO_SUCH_EXTENSION", GETDNS_RETURN_NO_SUCH_EXTENSION_TEXT },
+	{     308, "GETDNS_RETURN_EXTENSION_MISFORMAT", GETDNS_RETURN_EXTENSION_MISFORMAT_TEXT },
+	{     309, "GETDNS_RETURN_DNSSEC_WITH_STUB_DISALLOWED", GETDNS_RETURN_DNSSEC_WITH_STUB_DISALLOWED_TEXT },
+	{     310, "GETDNS_RETURN_MEMORY_ERROR", GETDNS_RETURN_MEMORY_ERROR_TEXT },
+	{     311, "GETDNS_RETURN_INVALID_PARAMETER", GETDNS_RETURN_INVALID_PARAMETER_TEXT },
+	{     312, "GETDNS_RETURN_NOT_IMPLEMENTED", GETDNS_RETURN_NOT_IMPLEMENTED_TEXT },
+	{     398, "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", GETDNS_RETURN_NO_UPSTREAM_AVAILABLE_TEXT },
+	{     399, "GETDNS_RETURN_NEED_MORE_SPACE", GETDNS_RETURN_NEED_MORE_SPACE_TEXT },
+	{     400, "GETDNS_DNSSEC_SECURE", GETDNS_DNSSEC_SECURE_TEXT },
+	{     401, "GETDNS_DNSSEC_BOGUS", GETDNS_DNSSEC_BOGUS_TEXT },
+	{     402, "GETDNS_DNSSEC_INDETERMINATE", GETDNS_DNSSEC_INDETERMINATE_TEXT },
+	{     403, "GETDNS_DNSSEC_INSECURE", GETDNS_DNSSEC_INSECURE_TEXT },
+	{     404, "GETDNS_DNSSEC_NOT_PERFORMED", GETDNS_DNSSEC_NOT_PERFORMED_TEXT },
+	{     500, "GETDNS_NAMESPACE_DNS", GETDNS_NAMESPACE_DNS_TEXT },
+	{     501, "GETDNS_NAMESPACE_LOCALNAMES", GETDNS_NAMESPACE_LOCALNAMES_TEXT },
+	{     502, "GETDNS_NAMESPACE_NETBIOS", GETDNS_NAMESPACE_NETBIOS_TEXT },
+	{     503, "GETDNS_NAMESPACE_MDNS", GETDNS_NAMESPACE_MDNS_TEXT },
+	{     504, "GETDNS_NAMESPACE_NIS", GETDNS_NAMESPACE_NIS_TEXT },
+	{     520, "GETDNS_RESOLUTION_STUB", GETDNS_RESOLUTION_STUB_TEXT },
+	{     521, "GETDNS_RESOLUTION_RECURSING", GETDNS_RESOLUTION_RECURSING_TEXT },
+	{     530, "GETDNS_REDIRECTS_FOLLOW", GETDNS_REDIRECTS_FOLLOW_TEXT },
+	{     531, "GETDNS_REDIRECTS_DO_NOT_FOLLOW", GETDNS_REDIRECTS_DO_NOT_FOLLOW_TEXT },
+	{     540, "GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP", GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP_TEXT },
+	{     541, "GETDNS_TRANSPORT_UDP_ONLY", GETDNS_TRANSPORT_UDP_ONLY_TEXT },
+	{     542, "GETDNS_TRANSPORT_TCP_ONLY", GETDNS_TRANSPORT_TCP_ONLY_TEXT },
+	{     543, "GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN_TEXT },
+	{     544, "GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN_TEXT },
+	{     545, "GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT },
+	{     550, "GETDNS_APPEND_NAME_ALWAYS", GETDNS_APPEND_NAME_ALWAYS_TEXT },
+	{     551, "GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE_TEXT },
+	{     552, "GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE_TEXT },
+	{     553, "GETDNS_APPEND_NAME_NEVER", GETDNS_APPEND_NAME_NEVER_TEXT },
+	{     554, "GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST", GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST_TEXT },
+	{     600, "GETDNS_CONTEXT_CODE_NAMESPACES", GETDNS_CONTEXT_CODE_NAMESPACES_TEXT },
+	{     601, "GETDNS_CONTEXT_CODE_RESOLUTION_TYPE", GETDNS_CONTEXT_CODE_RESOLUTION_TYPE_TEXT },
+	{     602, "GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS", GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS_TEXT },
+	{     603, "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS_TEXT },
+	{     604, "GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS", GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS_TEXT },
+	{     605, "GETDNS_CONTEXT_CODE_DNS_TRANSPORT", GETDNS_CONTEXT_CODE_DNS_TRANSPORT_TEXT },
+	{     606, "GETDNS_CONTEXT_CODE_LIMIT_OUTSTANDING_QUERIES", GETDNS_CONTEXT_CODE_LIMIT_OUTSTANDING_QUERIES_TEXT },
+	{     607, "GETDNS_CONTEXT_CODE_APPEND_NAME", GETDNS_CONTEXT_CODE_APPEND_NAME_TEXT },
+	{     608, "GETDNS_CONTEXT_CODE_SUFFIX", GETDNS_CONTEXT_CODE_SUFFIX_TEXT },
+	{     609, "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS_TEXT },
+	{     610, "GETDNS_CONTEXT_CODE_EDNS_MAXIMUM_UDP_PAYLOAD_SIZE", GETDNS_CONTEXT_CODE_EDNS_MAXIMUM_UDP_PAYLOAD_SIZE_TEXT },
+	{     611, "GETDNS_CONTEXT_CODE_EDNS_EXTENDED_RCODE", GETDNS_CONTEXT_CODE_EDNS_EXTENDED_RCODE_TEXT },
+	{     612, "GETDNS_CONTEXT_CODE_EDNS_VERSION", GETDNS_CONTEXT_CODE_EDNS_VERSION_TEXT },
+	{     613, "GETDNS_CONTEXT_CODE_EDNS_DO_BIT", GETDNS_CONTEXT_CODE_EDNS_DO_BIT_TEXT },
+	{     614, "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW_TEXT },
+	{     615, "GETDNS_CONTEXT_CODE_MEMORY_FUNCTIONS", GETDNS_CONTEXT_CODE_MEMORY_FUNCTIONS_TEXT },
+	{     616, "GETDNS_CONTEXT_CODE_TIMEOUT", GETDNS_CONTEXT_CODE_TIMEOUT_TEXT },
+	{     617, "GETDNS_CONTEXT_CODE_IDLE_TIMEOUT", GETDNS_CONTEXT_CODE_IDLE_TIMEOUT_TEXT },
+	{     618, "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION_TEXT },
+	{     619, "GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE", GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE_TEXT },
+	{     620, "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE_TEXT },
+	{     621, "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT },
+	{     622, "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT },
+	{     623, "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT },
+	{     624, "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT },
+	{     700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
+	{     701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
+	{     702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
+	{     703, "GETDNS_CALLBACK_ERROR", GETDNS_CALLBACK_ERROR_TEXT },
+	{     800, "GETDNS_NAMETYPE_DNS", GETDNS_NAMETYPE_DNS_TEXT },
+	{     801, "GETDNS_NAMETYPE_WINS", GETDNS_NAMETYPE_WINS_TEXT },
+	{     900, "GETDNS_RESPSTATUS_GOOD", GETDNS_RESPSTATUS_GOOD_TEXT },
+	{     901, "GETDNS_RESPSTATUS_NO_NAME", GETDNS_RESPSTATUS_NO_NAME_TEXT },
+	{     902, "GETDNS_RESPSTATUS_ALL_TIMEOUT", GETDNS_RESPSTATUS_ALL_TIMEOUT_TEXT },
+	{     903, "GETDNS_RESPSTATUS_NO_SECURE_ANSWERS", GETDNS_RESPSTATUS_NO_SECURE_ANSWERS_TEXT },
+	{     904, "GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS", GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS_TEXT },
+	{    1000, "GETDNS_EXTENSION_TRUE", GETDNS_EXTENSION_TRUE_TEXT },
+	{    1001, "GETDNS_EXTENSION_FALSE", GETDNS_EXTENSION_FALSE_TEXT },
+	{    1100, "GETDNS_BAD_DNS_CNAME_IN_TARGET", GETDNS_BAD_DNS_CNAME_IN_TARGET_TEXT },
+	{    1101, "GETDNS_BAD_DNS_ALL_NUMERIC_LABEL", GETDNS_BAD_DNS_ALL_NUMERIC_LABEL_TEXT },
+	{    1102, "GETDNS_BAD_DNS_CNAME_RETURNED_FOR_OTHER_TYPE", GETDNS_BAD_DNS_CNAME_RETURNED_FOR_OTHER_TYPE_TEXT },
+	{    1200, "GETDNS_TRANSPORT_UDP", GETDNS_TRANSPORT_UDP_TEXT },
+	{    1201, "GETDNS_TRANSPORT_TCP", GETDNS_TRANSPORT_TCP_TEXT },
+	{    1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT },
+	{    1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT },
+	{    1301, "GETDNS_AUTHENTICATION_REQUIRED", GETDNS_AUTHENTICATION_REQUIRED_TEXT },
+	{    4096, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
 };

 static int const_info_cmp(const void *a, const void *b)
@ -175,6 +182,15 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_DNSSEC_SECURE", 400 },
 	{ "GETDNS_EXTENSION_FALSE", 1001 },
 	{ "GETDNS_EXTENSION_TRUE", 1000 },
+	{ "GETDNS_LOG_ALERT", 1 },
+	{ "GETDNS_LOG_CRIT", 2 },
+	{ "GETDNS_LOG_DEBUG", 7 },
+	{ "GETDNS_LOG_EMERG", 0 },
+	{ "GETDNS_LOG_ERR", 3 },
+	{ "GETDNS_LOG_INFO", 6 },
+	{ "GETDNS_LOG_NOTICE", 5 },
+	{ "GETDNS_LOG_UPSTREAM_STATS", 4096 },
+	{ "GETDNS_LOG_WARNING", 4 },
 	{ "GETDNS_NAMESPACE_DNS", 500 },
 	{ "GETDNS_NAMESPACE_LOCALNAMES", 501 },
 	{ "GETDNS_NAMESPACE_MDNS", 503 },
@ -244,6 +260,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_ANY", 255 },
 	{ "GETDNS_RRTYPE_APL", 42 },
 	{ "GETDNS_RRTYPE_ATMA", 34 },
+	{ "GETDNS_RRTYPE_AVC", 258 },
 	{ "GETDNS_RRTYPE_AXFR", 252 },
 	{ "GETDNS_RRTYPE_CAA", 257 },
 	{ "GETDNS_RRTYPE_CDNSKEY", 60 },
@ -283,6 +300,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_NINFO", 56 },
 	{ "GETDNS_RRTYPE_NS", 2 },
 	{ "GETDNS_RRTYPE_NSAP", 22 },
+	{ "GETDNS_RRTYPE_NSAP_PTR", 23 },
 	{ "GETDNS_RRTYPE_NSEC", 47 },
 	{ "GETDNS_RRTYPE_NULL", 10 },
 	{ "GETDNS_RRTYPE_NXT", 30 },
@ -296,6 +314,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_RT", 21 },
 	{ "GETDNS_RRTYPE_SIG", 24 },
 	{ "GETDNS_RRTYPE_SINK", 40 },
+	{ "GETDNS_RRTYPE_SMIMEA", 53 },
 	{ "GETDNS_RRTYPE_SOA", 6 },
 	{ "GETDNS_RRTYPE_SPF", 99 },
 	{ "GETDNS_RRTYPE_SRV", 33 },
--- a/src/context.c
+++ b/src/context.c
@ -61,6 +61,7 @@ typedef unsigned short in_port_t;

 #include <assert.h>
 #include <ctype.h>
+#include <stdarg.h>

 #ifdef HAVE_PTHREAD
 #include <pthread.h>
@ -241,7 +242,6 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 }
 #endif

-#if !defined(STUB_NATIVE_DNSSEC) || (defined(DAEMON_DEBUG) && DAEMON_DEBUG)
 static uint8_t*
 upstream_addr(getdns_upstream *upstream)
 {
@ -249,8 +249,6 @@ upstream_addr(getdns_upstream *upstream)
 	    ? (void *)&((struct sockaddr_in*)&upstream->addr)->sin_addr
 	    : (void *)&((struct sockaddr_in6*)&upstream->addr)->sin6_addr;
 }
-#endif
-

 static in_port_t
 upstream_port(getdns_upstream *upstream)
@ -655,6 +653,7 @@ upstreams_create(getdns_context *context, size_t size)
 	r->current_stateful = 0;
 	r->tls_backoff_time = context->tls_backoff_time;
 	r->tls_connection_retries = context->tls_connection_retries;
+	r->log = context->log;
 	return r;
 }

@ -719,6 +718,22 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 	GETDNS_FREE(upstreams->mf, upstreams);
 }

+void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
+    getdns_loglevel_type level, const char *fmt, ...)
+{
+	va_list args;
+
+	if (!upstream || !upstream->upstreams || !upstream->upstreams->log.func
+	    || !(upstream->upstreams->log.system & system)
+	    || level > upstream->upstreams->log.level)
+		return;
+
+	va_start(args, fmt);
+	upstream->upstreams->log.func(
+	    upstream->upstreams->log.userarg, system, level, fmt, args);
+	va_end(args);
+}
+
 void
 _getdns_upstream_shutdown(getdns_upstream *upstream)
 {
@ -732,23 +747,24 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	/* Keep track of the best auth state this upstream has had*/
 	if (upstream->tls_auth_state > upstream->best_tls_auth_state)
 		upstream->best_tls_auth_state = upstream->tls_auth_state;
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s %-40s : Conn closed   : Transport=%s - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
-	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	    "%-40s : Conn closed   : Transport=%s - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
+	             upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
 	             _getdns_auth_str(upstream->tls_auth_state), (int)upstream->keepalive_timeout);
-	DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
-	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	    "%-40s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
+	             upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
 	             _getdns_auth_str(upstream->best_tls_auth_state));
-	DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
-	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	    "%-40s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
+	             upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
 	             (int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
-#endif

 	/* Back off connections that never got up service at all (probably no
 	   TCP service or incompatible TLS version/cipher). 
@ -771,11 +787,11 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 		upstream->conn_setup_failed = 0;
 		upstream->conn_shutdowns = 0;
 		upstream->conn_backoffs++;
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-		DEBUG_DAEMON("%s %-40s : !Backing off this upstream    - Will retry as new upstream at %s",
-		            STUB_DEBUG_DAEMON, upstream->addr_str,
+
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		    "%-40s : !Backing off this upstream    - Will retry as new upstream at %s",
+		            upstream->addr_str,
 		            asctime(gmtime(&upstream->conn_retry_time)));
-#endif
 	}
 	// Reset per connection counters
 	upstream->queries_sent = 0;
@ -920,10 +936,8 @@ upstream_init(getdns_upstream *upstream,

 	upstream->addr_len = ai->ai_addrlen;
 	(void) memcpy(&upstream->addr, ai->ai_addr, ai->ai_addrlen);
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	inet_ntop(upstream->addr.ss_family, upstream_addr(upstream), 
 	          upstream->addr_str, INET6_ADDRSTRLEN);
-#endif

 	/* How is this upstream doing on connections? */
 	upstream->conn_completed = 0;
@ -1366,6 +1380,11 @@ getdns_context_create_with_extended_memory_functions(
 	result->update_callback2 = NULL_update_callback;
 	result->update_userarg   = NULL;

+	result->log.func    = NULL;
+	result->log.userarg = NULL;
+	result->log.system  = 0;
+	result->log.level   = GETDNS_LOG_ERR;
+
 	result->mf.mf_arg         = userarg;
 	result->mf.mf.ext.malloc  = malloc;
 	result->mf.mf.ext.realloc = realloc;
@ -1694,6 +1713,37 @@ getdns_context_get_update_callback(getdns_context *context, void **userarg,
 	return GETDNS_RETURN_GOOD;
 }

+getdns_return_t
+getdns_context_set_logfunc(getdns_context *context, void *userarg,
+    uint64_t system, getdns_loglevel_type level, getdns_logfunc_type log)
+{
+	if (!context)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	context->log.func = log;
+	context->log.userarg = userarg;
+	context->log.system = system;
+	context->log.level = level;
+	if (context->upstreams) {
+		context->upstreams->log = context->log;
+	}
+	return GETDNS_RETURN_GOOD;
+}
+
+void _getdns_context_log(getdns_context *context, uint64_t system,
+    getdns_loglevel_type level, const char *fmt, ...)
+{
+	va_list args;
+
+	if (!context || !context->log.func || !(context->log.system & system)
+	    || level > context->log.level)
+		return;
+
+	va_start(args, fmt);
+	context->log.func(context->log.userarg, system, level, fmt, args);
+	va_end(args);
+}
+
 #ifdef HAVE_LIBUNBOUND
 /*
 * Helpers to set options on the unbound ctx
--- a/src/context.h
+++ b/src/context.h
@ -127,9 +127,7 @@ typedef struct getdns_upstream {

 	socklen_t                addr_len;
 	struct sockaddr_storage  addr;
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	char                     addr_str[INET6_ADDRSTRLEN];
-#endif

 	/**
 	 * How is this upstream doing over UDP?
@ -238,6 +236,13 @@ typedef struct getdns_upstream {

 } getdns_upstream;

+typedef struct getdns_log_config {
+	getdns_logfunc_type  func;
+	void                *userarg;
+	uint64_t             system;
+	getdns_loglevel_type level;
+} getdns_log_config;
+
 typedef struct getdns_upstreams {
 	struct mem_funcs mf;
 	size_t referenced;
@ -246,6 +251,7 @@ typedef struct getdns_upstreams {
 	size_t current_stateful;
 	uint16_t tls_backoff_time;
 	uint16_t tls_connection_retries;
+	getdns_log_config log;
 	getdns_upstream upstreams[];
 } getdns_upstreams;

@ -296,6 +302,8 @@ struct getdns_context {
 	getdns_update_callback2 update_callback2;
 	void                   *update_userarg;

+	getdns_log_config log;
+
 	int processing;
 	int destroying;

@ -397,6 +405,13 @@ struct getdns_context {
 #endif /* HAVE_MDNS_SUPPORT */
 }; /* getdns_context */

+void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
+    getdns_loglevel_type level, const char *fmt, ...);
+
+void _getdns_context_log(getdns_context *context, uint64_t system,
+    getdns_loglevel_type level, const char *fmt, ...);
+
+
 /** internal functions **/
 /**
 * Sets up the unbound contexts with stub or recursive behavior
--- a/src/convert.c
+++ b/src/convert.c
@ -57,15 +57,6 @@
 #include "convert.h"
 #include "debug.h"

-/* strdup is marked deprecated by the Windows compiler */
-#ifndef STRDUP
-#ifdef GETDNS_ON_WINDOWS
-#define STRDUP(x) _strdup(x)
-#else
-#define STRDUP(x) strdup(x)
-#endif
-#endif
-
 getdns_return_t
 getdns_convert_dns_name_to_fqdn(
    const getdns_bindata *dns_name_wire_fmt, char **fqdn_as_string)
@ -212,7 +203,7 @@ getdns_display_ip_address(const struct getdns_bindata
 		    buff,
 		    256);
 		if (ipStr) {
-			return STRDUP(ipStr);
+			return strdup(ipStr);
 		}
 	} else if (bindata_of_ipv4_or_ipv6_address->size == 16) {
 		const char *ipStr = inet_ntop(AF_INET6,
@ -220,7 +211,7 @@ getdns_display_ip_address(const struct getdns_bindata
 		    buff,
 		    256);
 		if (ipStr) {
-			return STRDUP(ipStr);
+			return strdup(ipStr);
 		}
 	}
 	return NULL;
@ -1682,8 +1673,18 @@ getdns_str2dict(const char *str, getdns_dict **dict)
 		str++;

 	if (*str != '{') {
+		char value_buf[3072], *value_str = value_buf;
+
+		if (strlen(str) > sizeof(value_str) - 1)
+			value_str = strdup(str);
+		else
+			(void)strncpy(value_buf, str, sizeof(value_buf));
+
 		getdns_dict *dict_r = _getdns_ipaddr_dict_mf(
-		    &_getdns_plain_mem_funcs, str);
+		    &_getdns_plain_mem_funcs, value_str);
+
+		if (value_str != value_buf)
+			free(value_str);

 		if (dict_r) {
 			*dict = dict_r;
--- a/src/debug.h
+++ b/src/debug.h
@ -44,7 +44,6 @@
 #define STUB_DEBUG_READ      "------- READ:   "
 #define STUB_DEBUG_WRITE     "------- WRITE:  "
 #define STUB_DEBUG_CLEANUP   "--- CLEANUP:    "
-#define STUB_DEBUG_DAEMON    "GETDNS_DAEMON:  "

 #ifdef GETDNS_ON_WINDOWS
 #define DEBUG_ON(...) do { \
--- a/src/dict.c
+++ b/src/dict.c
@ -66,7 +66,7 @@ static char *_json_ptr_first(const struct mem_funcs *mf,
 	if (!(next_ref = strchr(jptr, '/')))
 		next_ref = strchr(jptr, '\0');

-	if ((unsigned)(next_ref - jptr + 1) > first_sz || !first)
+	if ((ssize_t)(next_ref - jptr + 1) > first_sz || !first)
 		first = GETDNS_XMALLOC(*mf, char, next_ref - jptr + 1);

 	for (j = first, k = jptr; k < next_ref; j++, k++)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@ -550,16 +550,31 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
 		/* Also, try to prevent adding double rrsets */
 		if (   rrset->rr_class == head->rrset.rr_class
 		    && rrset->rr_type  == head->rrset.rr_type
-		    && rrset->pkt      == head->rrset.pkt
-		    && rrset->pkt_len  == head->rrset.pkt_len
-		    && _dname_equal(rrset->name, head->rrset.name))
-			return NULL;
+		    && _dname_equal(rrset->name, head->rrset.name)) {

+			if (rrset->pkt == head->rrset.pkt &&
+			    rrset->pkt_len == head->rrset.pkt_len)
+				return NULL;
+			else {
+				/* Anticipate resubmissions due to
+				 * roadblock avoidance */
+				head->rrset.pkt = rrset->pkt;
+				head->rrset.pkt_len = rrset->pkt_len;
+				return head;
+			}
+		}
+
+		if (   rrset->rr_class == head->rrset.rr_class
+		    && rrset->rr_type  == head->rrset.rr_type
+		    && rrset->pkt      != head->rrset.pkt
+		    && _dname_equal(rrset->name, head->rrset.name)) {
+			return NULL;
+		}
 		for (label = labels; label < last_label; label++) {
 			if (! _dname_is_parent(*label, head->rrset.name))
 				break;
 		}
-		if ((unsigned)(label - labels) > max_labels) {
+		if ((ssize_t)(label - labels) > max_labels) {
 			max_labels = label - labels;
 			max_head = head;
 		}
@ -1050,6 +1065,7 @@ static void val_chain_node_cb(getdns_dns_req *dnsreq)
 	                           break;
 	case GETDNS_RRTYPE_DNSKEY: node->dnskey.pkt     = netreq->response;
 	                           node->dnskey.pkt_len = netreq->response_len;
+		                   /* fallthrough */
 	default                  : check_chain_complete(node->chains);
 				   return;
 	}
@ -2416,6 +2432,7 @@ static int key_proves_nonexistance(
 	 * ========================+
 	 * First find the closest encloser.
 	 */
+	if (*rrset->name)
 	for ( nc_name = rrset->name, ce_name = rrset->name + *rrset->name + 1
 	    ; *ce_name ; nc_name = ce_name, ce_name += *ce_name + 1) {

@ -2678,6 +2695,7 @@ static int chain_head_validate(struct mem_funcs *mf, time_t now, uint32_t skew,
 	if (_getdns_rrset_has_rrs(&ds_ta)) {
 		switch (chain_head_validate_with_ta(mf,now,skew,head,&ds_ta)) {
 		case GETDNS_DNSSEC_SECURE  : s = GETDNS_DNSSEC_SECURE;
+		                             /* fallthrough */
 		case GETDNS_DNSSEC_INSECURE: if (s != GETDNS_DNSSEC_SECURE)
 						     s = GETDNS_DNSSEC_INSECURE;
 					     break;
@ -3029,19 +3047,50 @@ static void check_chain_complete(chain_head *chain)
 	    && !dnsreq->avoid_dnssec_roadblocks
 	    &&  dnsreq->netreqs[0]->dnssec_status == GETDNS_DNSSEC_BOGUS) {

-		int r = GETDNS_RETURN_GOOD;
 		getdns_network_req **netreq_p, *netreq;
 		uint64_t now_ms = 0;

 		dnsreq->avoid_dnssec_roadblocks = 1;
+		dnsreq->chain->lock += 1;

 		for ( netreq_p = dnsreq->netreqs
-		    ; !r && (netreq = *netreq_p)
+		    ; (netreq = *netreq_p)
 		    ; netreq_p++) {

 			_getdns_netreq_change_state(netreq, NET_REQ_NOT_SENT);
+			netreq->dnssec_status = 
+				GETDNS_DNSSEC_INDETERMINATE;
 			netreq->owner = dnsreq;
-			r = _getdns_submit_netreq(netreq, &now_ms);
+			(void) _getdns_submit_netreq(netreq, &now_ms);
+		}
+		if (!dnsreq->dnssec_return_validation_chain)
+			return;
+
+		for ( head = chain; head ; head = next ) {
+			next = head->next;
+			for ( node_count = head->node_count
+			    , node = head->parent
+			    ; node_count
+			    ; node_count--, node = node->parent ) {
+
+				if (node->dnskey_req) {
+					_getdns_netreq_change_state(
+					    node->dnskey_req,
+					    NET_REQ_NOT_SENT);
+					node->dnskey_req->owner->
+					    avoid_dnssec_roadblocks = 1;
+					(void) _getdns_submit_netreq(
+					    node->dnskey_req, &now_ms);
+				}
+				if (node->ds_req) {
+					_getdns_netreq_change_state(
+					    node->ds_req, NET_REQ_NOT_SENT);
+					node->ds_req->owner->
+					    avoid_dnssec_roadblocks = 1;
+					(void) _getdns_submit_netreq(
+					    node->ds_req, &now_ms);
+				}
+			}
 		}
 		return;
 	}
@ -3185,11 +3234,16 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
 	getdns_network_req *netreq, **netreq_p;
 	chain_head *chain = NULL, *chain_p;

-	if (dnsreq->validating)
+	if (dnsreq->avoid_dnssec_roadblocks) {
+		chain = dnsreq->chain;
+
+	} else if (dnsreq->validating)
 		return;
 	dnsreq->validating = 1;

-	for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
+	if (dnsreq->avoid_dnssec_roadblocks && chain->lock == 0)
+		; /* pass */
+	else for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
 		if (!  netreq->response
 		    || netreq->response_len < GLDNS_HEADER_SIZE
 		    || ( GLDNS_RCODE_WIRE(netreq->response)
@ -3217,6 +3271,9 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
 			if (chain_p->lock) chain_p->lock--;
 		}
 		dnsreq->chain = chain;
+		if (dnsreq->avoid_dnssec_roadblocks && chain->lock)
+			chain->lock -= 1;
+
 		check_chain_complete(chain);
 	} else {
 		dnsreq->validating = 0;
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@ -435,13 +435,13 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 			poll_loop->pfds[i].fd = -1;
 		}
 		if (poll_loop->fd_events[j].event->write_cb &&
-		    poll_loop->pfds[j].revents & POLLOUT)
+		    poll_loop->pfds[j].revents & (POLLOUT|POLLERR|POLLHUP|POLLNVAL))
 			poll_write_cb( poll_loop->pfds[j].fd
 			             , poll_loop->fd_events[j].event);

 		if (poll_loop->fd_events[j].event &&
 		    poll_loop->fd_events[j].event->read_cb &&
-		    poll_loop->pfds[j].revents & POLLIN)
+		    poll_loop->pfds[j].revents & (POLLIN|POLLERR|POLLHUP|POLLNVAL))
 			poll_read_cb( poll_loop->pfds[j].fd
 			            , poll_loop->fd_events[j].event);
 	}
--- a/src/general.c
+++ b/src/general.c
@ -59,6 +59,9 @@ void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
 {
 	_getdns_context_clear_outbound_request(dnsreq);

+#if defined(REQ_DEBUG) && REQ_DEBUG
+	debug_req(__FUNC__, *dnsreq->netreqs);
+#endif
 	if (dnsreq->user_callback) {
 		dnsreq->context->processing = 1;
 		dnsreq->user_callback(dnsreq->context,
@ -211,6 +214,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)

 #ifdef STUB_NATIVE_DNSSEC
 	    || (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
+	        && !dns_req->avoid_dnssec_roadblocks
 	        && (dns_req->dnssec_return_status ||
 	            dns_req->dnssec_return_only_secure ||
 	            dns_req->dnssec_return_all_statuses
@ -228,6 +232,9 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 		    NULL, NULL, (getdns_eventloop_callback)
 		    _getdns_validation_chain_timeout));

+#if defined(REQ_DEBUG) && REQ_DEBUG
+		debug_req("getting validation chain for ", *dns_req->netreqs);
+#endif
 		_getdns_get_validation_chain(dns_req);
 	} else
 		_getdns_call_user_callback(
--- a/src/getdns/getdns.h.in
+++ b/src/getdns/getdns.h.in
@ -47,12 +47,12 @@ extern "C" {

 #define GETDNS_COMPILATION_COMMENT "@GETDNS_COMPILATION_COMMENT@"

-/** \defgroup getdnsAPI Official getdns API 
- *  @{
+/**
+ * \defgroup functions Functions
+ * \defgroup valuesandtexts Values and texts
 */

-
-/** \defgroup valuesandtexts Values and texts
+/** \addtogroup valuesandtexts Values and texts
 *  @{
 */

@ -120,6 +120,7 @@ typedef enum getdns_return_t {
 * \defgroup namespacetypestext Namespace types and texts
 * @{
 */
+
 typedef enum getdns_namespace_t {
 	GETDNS_NAMESPACE_DNS = 500,
 	GETDNS_NAMESPACE_LOCALNAMES = 501,
@ -376,6 +377,7 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RRTYPE_ISDN      20
 #define GETDNS_RRTYPE_RT        21
 #define GETDNS_RRTYPE_NSAP      22
+#define GETDNS_RRTYPE_NSAP_PTR  23
 #define GETDNS_RRTYPE_SIG       24
 #define GETDNS_RRTYPE_KEY       25
 #define GETDNS_RRTYPE_PX        26
@ -405,6 +407,7 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RRTYPE_NSEC3     50
 #define GETDNS_RRTYPE_NSEC3PARAM 51
 #define GETDNS_RRTYPE_TLSA      52
+#define GETDNS_RRTYPE_SMIMEA    53
 #define GETDNS_RRTYPE_HIP       55
 #define GETDNS_RRTYPE_NINFO     56
 #define GETDNS_RRTYPE_RKEY      57
@ -433,6 +436,7 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RRTYPE_ANY       255
 #define GETDNS_RRTYPE_URI       256
 #define GETDNS_RRTYPE_CAA       257
+#define GETDNS_RRTYPE_AVC       258
 #define GETDNS_RRTYPE_TA        32768
 #define GETDNS_RRTYPE_DLV       32769
 /** @}
@ -546,31 +550,27 @@ typedef struct getdns_list getdns_list;
 */


-/** \defgroup functions Functions
+/** \addtogroup functions Functions
 *  @{
 */
 /* Specify the order of the following groups manually here so they appear in 
   a better order in doxygen */

 /**
- * \defgroup list_create getdns_list creation/destruction functions
- * \defgroup getdns_list_set getdns_list_set functions
- * \defgroup getdns_list_get_functions getdns_list_get functions
- * \defgroup dict_create getdns_dict creation/destruction functions
- * \defgroup getdns_dict_set getdns_dict_set functions
- * \defgroup getdns_dict_get_functions getdns_dict_get functions
- * \defgroup context_create getdns_context creation/destruction functions
- * \defgroup context_set getdns_context_set functions
- * \defgroup callbackfns getdns_callback functions
- * \defgroup eventloops  getdns event loop extension functions
- * \defgroup funcs Asynchronous API functions
- * \defgroup syncfuncs Synchronous API functions that do not use callbacks
+ * \defgroup getdns_context Creating, destroying, configuring and reading configuration from getdns_contexts
+ * \defgroup getdns_dict Creating, destroying, reading from and manipulating getdns_dicts
+ * \defgroup getdns_list Creating, destroying, reading from and manipulating getdns_lists
+ * \defgroup asyncfuncs Scheduling asynchronous requests
+ * \defgroup syncfuncs Performing synchronous requests
+ * \defgroup eventloops  Event loop extension functions
+ * \defgroup versionfuncs Version functions
+ * \defgroup dnssecfuncs DNSSEC functions
 * \defgroup utils Utility functions
 */


 /**
- * \addtogroup getdns_list_get_functions getdns_list_get functions
+ * \addtogroup getdns_list
 * @{
 */

@ -649,7 +649,7 @@ getdns_return_t getdns_list_get_int(const getdns_list *list, size_t index,


 /**
- * \addtogroup getdns_dict_get_functions getdns_dict_get functions
+ * \addtogroup getdns_dict
 * @{
 */

@ -723,7 +723,7 @@ getdns_return_t getdns_dict_get_int(const getdns_dict *dict,


 /**
- * \addtogroup list_create getdns_list creation/destruction functions
+ * \addtogroup getdns_list
 * @{
 */

@ -793,7 +793,7 @@ void getdns_list_destroy(getdns_list *list);


 /**
- * \addtogroup getdns_list_set getdns_list_set functions
+ * \addtogroup getdns_list
 * @{
 */

@ -843,7 +843,7 @@ getdns_return_t getdns_list_set_int(getdns_list *list, size_t index,


 /**
- * \addtogroup dict_create getdns_dict creation/destruction functions
+ * \addtogroup getdns_dict
 * @{
 */

@ -910,7 +910,7 @@ void getdns_dict_destroy(getdns_dict *dict);


 /**
- * \addtogroup getdns_dict_set getdns_dict_set functions
+ * \addtogroup getdns_dict
 * @{
 */

@ -954,6 +954,14 @@ getdns_return_t getdns_dict_set_bindata(getdns_dict *dict,
 */
 getdns_return_t getdns_dict_set_int(getdns_dict *dict, const char *name,
    uint32_t child_uint32);
+
+/**
+ * creates a string that describes the dictionary in a human readable form
+ * one line per item in the dictionary
+ * @param some_dict dictionary to pretty print
+ * @return character array (caller must free this) containing pretty string
+ */
+char *getdns_pretty_print_dict(const getdns_dict *some_dict);
 /** @}
 */

@ -968,14 +976,15 @@ getdns_return_t getdns_dict_set_int(getdns_dict *dict, const char *name,
 */
 getdns_return_t getdns_dict_remove_name(getdns_dict *dict, const char *name);

-
 /**
- * \addtogroup callbackfns getdns_callback functions
+ * \addtogroup asyncfuncs
+ * @{
 */
 /**
 * The type of the callback function that must be registered when scheduling
 * asynchronous requests.  The registered function will be called from the
 * eventloop with the following parameters.
+ * @see callbacktype
 * @param context The DNS context that was used in the calling function
 * @param callback_type Supplies the reason for the callback.
 *                      This will be one of:
@ -1002,13 +1011,11 @@ typedef void (*getdns_callback_t) (getdns_context *context,
    getdns_dict * response,
    void *userarg, getdns_transaction_t transaction_id);

-/**
- * \addtogroup funcs Asynchronous API functions
- * @{
- */

 /**
 * retrieve general DNS data
+ * @see rrtypes
+ * @see getdns_general_sync
 * @param context pointer to a previously created context to be used for this call
 * @param name the ASCII based domain name to lookup
 * @param request_type RR type for the query, e.g. GETDNS_RR_TYPE_NS
@ -1028,6 +1035,7 @@ getdns_general(getdns_context *context,

 /**
 * retrieve address assigned to a DNS name
+ * @see getdns_address_sync
 * @param context pointer to a previously created context to be used for this call
 * @param name the ASCII based domain name to lookup
 * @param extensions dict data structures, NULL to use no extensions
@ -1045,6 +1053,7 @@ getdns_address(getdns_context *context,

 /**
 * retrieve hostname assigned to an IP address
+ * @see getdns_hostname_sync
 * @param context pointer to a previously created context to be used for this call
 * @param address the address to look up
 * @param extensions dict data structures, NULL to use no extensions
@ -1062,6 +1071,7 @@ getdns_hostname(getdns_context *context,

 /**
 * retrieve a service assigned to a DNS name
+ * @see getdns_service_sync
 * @param context pointer to a previously created context to be used for this call
 * @param name the ASCII based domain name to lookup
 * @param extensions dict data structures, NULL to use no extensions
@ -1081,7 +1091,7 @@ getdns_service(getdns_context *context,


 /**
- * \addtogroup context_create getdns_context creation/destruction functions
+ * \addtogroup getdns_context
 * @{
 */

@ -1091,7 +1101,6 @@ getdns_service(getdns_context *context,
 * (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
 * @param context context that can be used immediately with other API calls
 * @param set_from_os set to 1 to initialize the context with os defaults
- *                    the second bit set (2) prevents OpenSSL library initialization.
 * @return GETDNS_RETURN_GOOD on success
 */
 getdns_return_t
@ -1104,7 +1113,6 @@ getdns_context_create(getdns_context ** context, int set_from_os);
 * (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
 * @param context context that can be used immediately with other API calls
 * @param set_from_os set to 1 to initialize the context with os defaults
- *                    the second bit set (2) prevents OpenSSL library initialization.
 * @param malloc custom malloc function
 * @param realloc custom realloc function
 * @param free custom free function
@ -1126,7 +1134,6 @@ getdns_context_create_with_memory_functions(
 * (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
 * @param context context that can be used immediately with other API calls
 * @param set_from_os set to 1 to initialize the context with os defaults
- *                    the second bit set (2) prevents OpenSSL library initialization.
 * @param userarg parameter passed to the custom malloc, realloc and free functions
 * @param malloc custom malloc function
 * @param realloc custom realloc function
@ -1153,7 +1160,7 @@ void getdns_context_destroy(getdns_context *context);


 /**
- * \addtogroup callbackfns getdns_callback functions
+ * \addtogroup asyncfuncs
 * @{
 */
 /**
@ -1169,7 +1176,7 @@ getdns_cancel_callback(getdns_context *context,


 /**
- * \addtogroup syncfuncs Synchronous API functions that do not use callbacks
+ * \addtogroup syncfuncs
 * @{
 */
 /** These functions do not use callbacks, when the application calls one of these
@ -1180,6 +1187,8 @@ getdns_cancel_callback(getdns_context *context,

 /**
 * retrieve general DNS data
+ * @see rrtypes
+ * @see getdns_general
 * @param context pointer to a previously created context to be used for this call
 * @param name the ASCII based domain name to lookup
 * @param request_type RR type for the query, e.g. GETDNS_RR_TYPE_NS
@ -1196,6 +1205,7 @@ getdns_general_sync(getdns_context *context,

 /**
 * retrieve address assigned to a DNS name
+ * @see getdns_address
 * @param context pointer to a previously created context to be used for this call
 * @param name the ASCII based domain name to lookup
 * @param extensions dict data structures, NULL to use no extensions
@ -1210,6 +1220,7 @@ getdns_address_sync(getdns_context *context,

 /**
 * retrieve hostname assigned to an IP address
+ * @see getdns_hostname
 * @param context pointer to a previously created context to be used for this call
 * @param address the address to look up
 * @param extensions dict data structures, NULL to use no extensions
@ -1224,6 +1235,7 @@ getdns_hostname_sync(getdns_context *context,

 /**
 * retrieve a service assigned to a DNS name
+ * @see getdns_service
 * @param context pointer to a previously created context to be used for this call
 * @param name the ASCII based domain name to lookup
 * @param extensions dict data structures, NULL to use no extensions
@ -1293,9 +1305,18 @@ char *getdns_convert_ulabel_to_alabel(const char *ulabel);
 */ 
 char *getdns_convert_alabel_to_ulabel(const char *alabel);

+/** @}
+ */
+
+/**
+ * \addtogroup dnssecfuncs
+ *  @{
+ */
+
 /**
 * Offline DNSSEC validate Resource Records with the help of support
 * records and a DNSSEC trust anchor.
+ * @see dnssecvalues
 * @param to_validate This is a list of reply_dicts to validate (as can
 *                    be seen under "replies_tree" in a response dict), or
 *                    an RRset with signatures represented as a list of
@ -1333,13 +1354,13 @@ getdns_validate_dnssec(getdns_list *to_validate,
 */
 getdns_list *getdns_root_trust_anchor(time_t *utc_date_of_anchor);

-/**
- * creates a string that describes the dictionary in a human readable form
- * one line per item in the dictionary
- * @param some_dict dictionary to pretty print
- * @return character array (caller must free this) containing pretty string
+/** @}
+ */
+
+/**
+ * \addtogroup utils
+ *  @{
 */
-char *getdns_pretty_print_dict(const getdns_dict *some_dict);

 /**
 * Converts a getdns_bindata representing an IPv4 or IPv6 address to a 
@ -1356,7 +1377,7 @@ char *getdns_display_ip_address(const getdns_bindata


 /**
- * \addtogroup context_set getdns_context_set functions
+ * \addtogroup getdns_context
 * @{
 */

@ -1365,6 +1386,7 @@ char *getdns_display_ip_address(const getdns_bindata
 * Note that this implementation has an extended version of this function
 * in which an additional userarg parameter can be registered:
 * #getdns_context_set_update_callback .
+ * @see contextcodetypestext
 * @param context The context for which to monitor changes
 * @param value The callback function that will be called when any context is
 *              changed. A update callback function can be deregistered by
@ -1383,6 +1405,7 @@ getdns_context_set_context_update_callback(
 * Specify whether DNS queries are performed with recursive lookups or as a
 * stub resolver. The default value is GETDNS_RESOLUTION_RECURSING.
 * @see getdns_context_get_resolution_type
+ * @see resolutiontypestext
 * @param context The context to configure
 * @param value GETDNS_RESOLUTION_RECURSING or GETDNS_RESOLUTION_STUB.
 * @return GETDNS_RETURN_GOOD when successful
@ -1402,6 +1425,7 @@ getdns_context_set_resolution_type(getdns_context *context,
 * When a normal lookup is done, the API does the lookups in the order given
 * and stops when it gets the first result
 * @see getdns_context_get_namespaces
+ * @see namespacetypestext
 * @param context The context to configure
 * @param namespace_count The number of values in the namespaces list.
 * @param namespaces An ordered list of namespaces that will be queried.
@ -1427,8 +1451,8 @@ getdns_context_set_namespaces(getdns_context *context,
 * is discouraged.  Please use #getdns_context_set_dns_transport_list()
 * instead of this function.  
 * @see getdns_context_get_dns_transport
+ * @see transporttypestext
 * @see getdns_context_set_dns_transport_list
- * @see getdns_context_get_dns_transport_list
 * @param context The context to configure
 * @param value The transport to use for DNS lookups.
 *              The value is GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP,
@ -1450,8 +1474,8 @@ getdns_context_set_dns_transport(getdns_context *context,
 * return information on the actual transport used to fulfill the request in
 * the response dict, when the return_call_reporting extension is used.
 * @see getdns_context_get_dns_transport_list
+ * @see transportlisttypestext
 * @see getdns_context_set_dns_transport
- * @see getdns_context_get_dns_transport
 * @param context The context to configure
 * @param transport_count The number of values in the transports list.
 * @param transports An ordered list of transports that will be used for DNS
@ -1529,6 +1553,7 @@ getdns_context_set_timeout(getdns_context *context, uint64_t timeout);
 * found through following redirects.  The setting will do this with answers
 * provided by an upstream in stub resolution mode too.
 * @see getdns_context_get_follow_redirects
+ * @see redirectpoliciestext
 * @param context The context to configure
 * @param value GETDNS_REDIRECTS_FOLLOW for normal following of redirects
 *              through CNAME and DNAME; or GETDNS_REDIRECTS_DO_NOT_FOLLOW to
@ -1570,6 +1595,7 @@ getdns_context_set_dns_root_servers(getdns_context *context,
 * The non-standard implementation default is
 * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST.
 * @see getdns_context_get_append_name
+ * @see suffixappendtypestext
 * @param context The context to configure
 * @param value GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST,
 *              GETDNS_APPEND_NAME_ALWAYS,
@ -1790,9 +1816,6 @@ getdns_context_get_api_information(getdns_context* context);
 /** @}
 */
 
-/** @}
- */
-
 #ifdef __cplusplus
 }
 #endif
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@ -39,21 +39,18 @@
 #include <sys/time.h>
 #include <stdio.h>
 #include <time.h>
+#include <stdarg.h>

 #ifdef __cplusplus
 extern "C" {
 #endif

-/** \defgroup UnofficialgetdnsAPI Additional API for getdns implementation
- *  @{
- */
-
-/** \defgroup Uvaluesandtexts Additional values and texts
+/** \addtogroup valuesandtexts Values and texts
 *  @{
 */

 /**
- * \defgroup Ureturnvaluesandtext Additional return values and texts
+ * \addtogroup returntypestext Return values and texts
 *  @{
 */
 #define GETDNS_RETURN_NO_UPSTREAM_AVAILABLE ((getdns_return_t) 398 )
@ -65,7 +62,7 @@ extern "C" {


 /**
- * \defgroup Ucontextcodes Additional context codes and texts
+ * \addtogroup contextcodetypestext Context code values and texts
 *  @{
 */
 #define GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION 618
@ -87,7 +84,7 @@ extern "C" {


 /**
- * \defgroup versions Additional version values
+ * \defgroup versions Version values
 *  @{
 */
 #define GETDNS_VERSION "@GETDNS_VERSION@"
@ -102,7 +99,7 @@ extern "C" {
 #define GETDNS_AUTHENTICATION_HOSTNAME GETDNS_AUTHENTICATION_REQUIRED

 /**
-  * \defgroup authvaulesandtext Additional authentication values and texts
+  * \defgroup authvaulesandtext Authentication values and texts
  * @{
  */
 /* Authentication options used when doing TLS */
@ -118,7 +115,7 @@ typedef enum getdns_tls_authentication_t {


 /**
- * \defgroup appendname Additional append name values and texts
+ * \addtogroup suffixappendtypestext Suffix appending values and texts
 *  @{
 */
 #define GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST ((getdns_append_name_t) 554 )
@ -127,11 +124,12 @@ typedef enum getdns_tls_authentication_t {
  */

 /**
- * \defgroup Uvaluesandtextsdepricated Additional transport values and texts (will be deprecated)
+ * \addtogroup transporttypestext Transport arrangements and texts
 *  @{
 */

-/** WARNING! Do not use the constants below.  They will be removed from future
+/**
+ * WARNING! Do not use the constants below.  They will be removed from future
 * releases.  Please use the getdns_context_set_dns_transport_list with the
 * GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP and GETDNS_TRANSPORT_TLS
 * constants instead.
@ -148,12 +146,12 @@ typedef enum getdns_tls_authentication_t {


 /**
- * \defgroup Ufunctions Additional functions
+ * \addtogroup functions Functions
 *  @{
 */

 /**
- * \defgroup Ueventloops Additional event loop extension functions
+ * \addtogroup eventloops Event loop extension functions
 *  @{
 */

@ -261,7 +259,7 @@ typedef getdns_return_t (*getdns_eventloop_schedule)(getdns_eventloop *loop,
 * ev->ev) in the underlying event loop and make ev->ev NULL when done.
 * getdns will test for this value to determine if events are scheduled or not.
 * @param loop The event loop for which to event needs to be cleared.
- * @param ev [in,out] The event with the ev->ev attribute referring to the
+ * @param[in,out] ev The event with the ev->ev attribute referring to the
 *           underlying event. ev->ev must be set to NULL after the event
 *           was cleared.
 * @return GETDNS_RETURN_GOOD when successful and an error code otherwise.
@ -340,8 +338,8 @@ getdns_context_set_eventloop(getdns_context* context,
 * compatible with all the event loop systems for which there is an extension
 * (i.e. libevent, libev and libuv).
 * @see getdns_context_set_eventloop
- * @param context [in] The context to get the eventloop from
- * @param eventloop [out] The currently active  event loop abstraction extension
+ * @param[in]  context The context to get the eventloop from
+ * @param[out] eventloop The currently active  event loop abstraction extension
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or evenloop were NULL
 */
@ -365,13 +363,14 @@ getdns_context_run(getdns_context *context);


 /**
- * \defgroup Ucontextset Additional getdns_context_set functions
+ * \addtogroup getdns_context
 *  @{
 */

 /**
 * Register a callback function for context changes.
 * @see getdns_context_set_context_update_callback
+ * @see contextcodetypestext
 * @param context The context to monitor for changes
 * @param userarg A user defined argument that will be passed to the callback
 *                function.
@ -400,6 +399,7 @@ getdns_return_t getdns_context_set_return_dnssec_status(
 * Configure context for oppertunistic or scrict usage profile with DNS
 * over TLS.
 * @see getdns_context_get_tls_authentication
+ * @see authvaulesandtext
 * @param context The context to configure
 * @param value is either GETDNS_AUTHENTICATION_REQUIRED for the strict
 *              usage profile or GETDNS_AUTHENTICATION_NONE for opportunistic
@ -502,20 +502,48 @@ getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t
 */
 getdns_return_t
 getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context);
-/** @}
- */

- /**
-  * \defgroup Ucontextget Additional getdns_context_get functions
-  *  @{
-  */
+
+typedef enum getdns_loglevel_type {
+	GETDNS_LOG_EMERG   = 0,
+	GETDNS_LOG_ALERT   = 1,
+	GETDNS_LOG_CRIT    = 2,
+	GETDNS_LOG_ERR     = 3,
+	GETDNS_LOG_WARNING = 4,
+	GETDNS_LOG_NOTICE  = 5,
+	GETDNS_LOG_INFO    = 6,
+	GETDNS_LOG_DEBUG   = 7
+} getdns_loglevel_type;
+
+#define GETDNS_LOG_EMERG_TEXT   "System is unusable"
+#define GETDNS_LOG_ALERT_TEXT   "Action must be taken immediately"
+#define GETDNS_LOG_CRIT_TEXT    "Critical conditions"
+#define GETDNS_LOG_ERR_TEXT     "Error conditions"
+#define GETDNS_LOG_WARNING_TEXT "Warning conditions"
+#define GETDNS_LOG_NOTICE_TEXT  "normal, but significant, condition"
+#define GETDNS_LOG_INFO_TEXT    "Informational message"
+#define GETDNS_LOG_DEBUG_TEXT   "Debug-level message"
+
+#define GETDNS_LOG_UPSTREAM_STATS 4096
+#define GETDNS_LOG_UPSTREAM_STATS_TEXT "Log messages about upstream statistics"
+
+typedef void (*getdns_logfunc_type) (void *userarg, uint64_t log_systems,
+    getdns_loglevel_type, const char *, va_list ap);
+
+/**
+ *
+ */
+getdns_return_t
+getdns_context_set_logfunc(getdns_context *context, void *userarg,
+    uint64_t system, getdns_loglevel_type level, getdns_logfunc_type func);

 /**
 * Get the current resolution type setting from this context.
 * @see getdns_context_set_resolution_type
- * @param context [in] The context from which to get the setting
- * @param value [out] The resolution type, either GETDNS_RESOLUTION_RECURSING
- *              or GETDNS_RESOLUTION_STUB.
+ * @see resolutiontypestext
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value The resolution type, either GETDNS_RESOLUTION_RECURSING
+ *             or GETDNS_RESOLUTION_STUB.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -527,9 +555,10 @@ getdns_context_get_resolution_type(getdns_context *context,
 * Get a copy of the namespaces list setting from this context.
 * Users must call free on the resulting namespaces if not NULL
 * @see getdns_context_set_namespaces
- * @param context [in] The context from which to get the setting
- * @param namespace_count [out] The length of the list.
- * @param namespaces [out] The returned namespaces list.
+ * @see namespacetypestext
+ * @param[in]  context The context from which to get the setting
+ * @param[out] namespace_count The length of the list.
+ * @param[out] namespaces The returned namespaces list.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
 */
@ -540,10 +569,10 @@ getdns_context_get_namespaces(getdns_context *context,
 /**
 * Get what transports are used for DNS lookups.
 * @see getdns_context_set_dns_transport
+ * @see transporttypestext
 * @see getdns_context_get_dns_transport_list
- * @see getdns_context_set_dns_transport_list
- * @param context [in] The context from which to get the setting
- * @param value [out] The transport to use for DNS lookups.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value The transport to use for DNS lookups.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
 */
@ -555,11 +584,11 @@ getdns_context_get_dns_transport(getdns_context *context,
 * Get a copy of the transports list setting from this context.
 * Users must call free on the resulting transports if not NULL
 * @see getdns_context_set_dns_transport_list
+ * @see transportlisttypestext
 * @see getdns_context_get_dns_transport
- * @see getdns_context_set_dns_transport
- * @param context [in] The context from which to get the setting
- * @param transport_count [out] The length of the list.
- * @param transports [out] The returned transports list.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] transport_count The length of the list.
+ * @param[out] transports The returned transports list.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
 */
@ -570,8 +599,8 @@ getdns_context_get_dns_transport_list(getdns_context *context,
 /**
 * Get the current limit for oustanding queries setting from this context.
 * @see getdns_context_set_limit_outstanding_queries
- * @param context [in] The context from which to get the setting
- * @param limit [out] The current limit for oustanding queries
+ * @param[in]  context The context from which to get the setting
+ * @param[out] limit The current limit for oustanding queries
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
 */
@ -583,9 +612,9 @@ getdns_context_get_limit_outstanding_queries(getdns_context *context,
 * Get the current number of milliseconds the API will wait for request
 * to return setting from this context.
 * @see getdns_context_set_timeout
- * @param context [in] The context from which to get the setting
- * @param timeout [out] The number of milliseconds the API will wait for a
- *                      response.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] timeout The number of milliseconds the API will wait for a
+ *                     response.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
 */
@ -597,9 +626,9 @@ getdns_context_get_timeout(getdns_context *context, uint64_t* timeout);
 * connection open for (idle means no outstanding responses and no pending
 * queries).
 * @see getdns_context_set_idle_timeout
- * @param context [in] The context from which to get the setting
- * @param timeout [out] The number of milliseconds the API will leave an idle TCP
-  *                     or TLS connection open for
+ * @param[in]  context The context from which to get the setting
+ * @param[out] timeout The number of milliseconds the API will leave an idle TCP
+  *                    or TLS connection open for
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or timeout was NULL.
 */
@ -609,8 +638,9 @@ getdns_context_get_idle_timeout(getdns_context *context, uint64_t* timeout);
 /**
 * Get the setting that says whether or not DNS queries follow redirects.
 * @see getdns_context_set_follow_redirects
- * @param context [in] The context from which to get the setting
- * @param value [out] Either GETDNS_REDIRECTS_FOLLOW or GETDNS_REDIRECTS_DO_NOT_FOLLOW
+ * @see redirectpoliciestext
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value Either GETDNS_REDIRECTS_FOLLOW or GETDNS_REDIRECTS_DO_NOT_FOLLOW
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -624,10 +654,10 @@ getdns_context_get_follow_redirects(getdns_context *context,
 * Callers are responsible for deallocating the returned list with
 * #getdns_list_destroy()
 * @see getdns_context_set_dns_root_servers
- * @param context [in] The context from which to get the setting
- * @param addresses [out] A copy of the list of dns root servers in use for
- *                        looking up top level domains.  The caller must 
- *                        destroy this list.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] addresses A copy of the list of dns root servers in use for
+ *                       looking up top level domains.  The caller must 
+ *                       destroy this list.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or adresses was NULL.
 * @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
@ -640,8 +670,9 @@ getdns_context_get_dns_root_servers(getdns_context *context,
 * Get whether, how and when a suffix is appended to a query string with
 * the context.
 * @see getdns_context_set_append_name
- * @param context [in] The context from which to get the setting
- * @param value [out] GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST,
+ * @see suffixappendtypestext
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST,
 *              GETDNS_APPEND_NAME_ALWAYS,
 *              GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE,
 *              GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE,
@ -659,9 +690,9 @@ getdns_context_get_append_name(getdns_context *context,
 * Callers are responsible for deallocating the returned list with
 * #getdns_list_destroy()
 * @see getdns_context_set_suffix
- * @param context [in] The context from which to get the setting
- * @param value [out] A copy of the list of suffixes. The caller must destroy
- *                    this list.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value A copy of the list of suffixes. The caller must destroy
+ *                   this list.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 * @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
@ -674,9 +705,9 @@ getdns_context_get_suffix(getdns_context *context, getdns_list **value);
 * Callers are responsible for deallocating the returned list with
 * #getdns_list_destroy()
 * @see getdns_context_set_dnssec_trust_anchors
- * @param context [in] The context from which to get the setting
- * @param value [out] A copy of the list of DNSSEC trust anchors.
- *                    The caller must destroy this list.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value A copy of the list of DNSSEC trust anchors.
+ *                   The caller must destroy this list.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 * @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
@ -688,10 +719,10 @@ getdns_context_get_dnssec_trust_anchors(getdns_context *context,
 /**
 * Get the allowed DNSSEC skew setting from context
 * @see getdns_context_set_dnssec_allowed_skew
- * @param context [in] The context from which to get the setting
- * @param value [out] The number of seconds of skew that is allowed in either
- *              direction when checking an RRSIG's Expiration and Inception
- *              fields.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value The number of seconds of skew that is allowed in either
+ *             direction when checking an RRSIG's Expiration and Inception
+ *             fields.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -705,8 +736,8 @@ getdns_context_get_dnssec_allowed_skew(getdns_context *context,
 * Callers are responsible for deallocating the returned list with
 * #getdns_list_destroy()
 * @see getdns_context_set_upstream_recursive_servers
- * @param context [in] The context from which to get the setting
- * @param upstream_list [out] A copy of the list of upstreams.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] upstream_list A copy of the list of upstreams.
 *                    The caller must destroy this list.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
@ -721,8 +752,8 @@ getdns_context_get_upstream_recursive_servers(getdns_context *context,
 * setting from context
 * @see getdns_context_set_edns_maximum_udp_payload_size
 * @see getdns_context_unset_edns_maximum_udp_payload_size
- * @param context [in] The context from which to get the setting
- * @param value [out] the maximum UDP payload size advertised in an EDNS0
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value the maximum UDP payload size advertised in an EDNS0
 *                    OPT record.  When the value is unset, 0 is returned.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
@ -734,8 +765,8 @@ getdns_context_get_edns_maximum_udp_payload_size(getdns_context *context,
 /**
 * Get the rcode advertised in an EDNS0 OPT record setting from context
 * @see getdns_context_set_edns_extended_rcode
- * @param context [in] The context from which to get the setting
- * @param value [out] The rcode advertised in an EDNS0 OPT record
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value The rcode advertised in an EDNS0 OPT record
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -746,8 +777,8 @@ getdns_context_get_edns_extended_rcode(getdns_context *context,
 /**
 * Get the version advertised in an EDNS0 OPT record setting from context
 * @see getdns_context_set_edns_version
- * @param context [in] The context from which to get the setting
- * @param value [out] The version advertised in an EDNS0 OPT record
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value The version advertised in an EDNS0 OPT record
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -757,9 +788,9 @@ getdns_context_get_edns_version(getdns_context *context, uint8_t* value);
 /**
 * Get the DO bit advertised in an EDNS0 OPT record setting from context
 * @see getdns_context_set_edns_do_bit
- * @param context [in] The context from which to get the setting
- * @param value [out] 1 if the DO bit is advertised in EDNS0 OPT records,
- *                    0 otherwise.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value 1 if the DO bit is advertised in EDNS0 OPT records,
+ *                   0 otherwise.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -771,8 +802,8 @@ getdns_context_get_edns_do_bit(getdns_context *context, uint8_t* value);
 * option set to hide the originating network when resolving in stub 
 * resolution.
 * @see getdns_context_set_edns_do_bit
- * @param context [in] The context from which to get the setting
- * @param value [out] 1 if the setting is on, 0 otherwise
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value 1 if the setting is on, 0 otherwise
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -782,8 +813,8 @@ getdns_context_get_edns_client_subnet_private(getdns_context *context, uint8_t*
 /**
 * Get the blocksize that will be used to pad outgoing queries over TLS.
 * @see getdns_context_set_tls_query_padding_blocksize
- * @param context [in] The context from which to get the setting
- * @param value [out] The padding blocksize, or 0 if padding is disabled,
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value The padding blocksize, or 0 if padding is disabled,
 *                    or 1 if the setting is to pad using a sensible policy.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
@ -794,8 +825,9 @@ getdns_context_get_tls_query_padding_blocksize(getdns_context *context, uint16_t
 /**
 * Get whether the upstream needs to be authenticated whith DNS over TLS.
 * @see getdns_context_set_tls_authentication
- * @param context [in] The context from which to get the setting
- * @param value [out] is either GETDNS_AUTHENTICATION_REQUIRED if
+ * @see authvaulesandtext
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value is either GETDNS_AUTHENTICATION_REQUIRED if
 *                    authentication is required, or GETDNS_AUTHENTICATION_NONE
 *                    if authentication is optional.  When credentials are
 *                    available, the API will still try to authenticate the
@ -813,8 +845,8 @@ getdns_context_get_tls_authentication(getdns_context *context,
 * Get whether the context is configured to round robin queries over the available
 * upstreams.
 * @see getdns_context_get_round_robin_upstreams
- * @param context [in] The context from which to get the setting
- * @param value [out] 1 if the setting is on, 0 otherwise
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value 1 if the setting is on, 0 otherwise
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -826,10 +858,10 @@ getdns_context_get_round_robin_upstreams(getdns_context *context,
 * Get the amount of seconds a TLS connection should not be tried with
 * an upstream when it has never been tried before.
 * @see getdns_context_set_tls_backoff_time
- * @param context [in] The context from which to get the setting
- * @param value [out] Number of seconds before an attempt to setup DNS over TLS,
- *              with an upstream for which setting up an TLS connection has
- *              never been successful before, will be retried.
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value Number of seconds before an attempt to setup DNS over TLS,
+ *             with an upstream for which setting up an TLS connection has
+ *             never been successful before, will be retried.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
 */
@ -842,8 +874,8 @@ getdns_context_get_tls_backoff_time(getdns_context *context,
 * specific upstream, before it decides to give up for tls_backoff_time
 * seconds.
 * @see getdns_context_set_tls_connection_retries
- * @param context [in] The context from which to get the setting
- * @param value [out] Number of attempts to retry setting up a DNS over TLS
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value Number of attempts to retry setting up a DNS over TLS
 *              connection before giving up.
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
@ -855,9 +887,10 @@ getdns_context_get_tls_connection_retries(getdns_context *context,
 /**
 * Get the currently registered callback function and user defined argument
 * for context changes.
- * Combined with getdns_context_set_update_callback this can be used to
+ * Combined with #getdns_context_set_update_callback this can be used to
 * "chain" context update callbacks and in this way create a subscription
 * service catering multiple interested parties.
+ * @see contextcodetypestext
 * @param context The context to monitor for changes
 * @param userarg A user defined argument to be passed to the callback
 *                 function.
@ -874,18 +907,20 @@ getdns_context_get_update_callback(getdns_context *context, void **userarg,


 /**
- * \defgroup Uutilityfunctions Additional utility functions
+ * \addtogroup versionfuncs Version functions
 *  @{
 */

 /**
 * Get the version number of this implementation.
+ * @see versions
 * @return The version number as string.  For example "@GETDNS_VERSION@".
 */
 const char *getdns_get_version(void);

 /**
 * Get the version number of this implementation as number.
+ * @see versions
 * @return The version number as number.  For example @GETDNS_NUMERIC_VERSION@.
 *         - The most significant byte of this uint32_t is the Major version.
 *         - The second most significant byte is the Minor version.
@ -896,6 +931,7 @@ uint32_t getdns_get_version_number(void);
 /**
 * Get the version of the getdns API specification this library implements
 * as a string.
+ * @see versions
 * @return The API specification version as string. For example "@API_VERSION@"
 */
 const char *getdns_get_api_version(void);
@ -903,6 +939,7 @@ const char *getdns_get_api_version(void);
 /**
 * Get the version of the getdns API specification this library implements
 * as a number.
+ * @see versions
 * @return The API specification version as number. For example "@API_NUMERIC_VERSION@"
 *         - The most significant 16 bits represent the year.
 *         - The third most significant byte the day.
@ -910,6 +947,14 @@ const char *getdns_get_api_version(void);

 uint32_t getdns_get_api_version_number(void);

+/** @}
+ */
+
+/**
+ * \addtogroup utils Utility functions
+ *  @{
+ */
+
 /**
 * Returns a text describing the getdns error code, or NULL when the error
 * code is unkown.
@ -919,6 +964,15 @@ uint32_t getdns_get_api_version_number(void);
 */
 const char *getdns_get_errorstr_by_id(uint16_t err);

+/** @}
+ */
+
+
+/**
+ * \addtogroup getdns_dict
+ *  @{
+ */
+
 /**
 * Create a new entry in the dictionary, or replace the value of an existing
 * entry, with a getdns_bindata representing a string.  The string will be
@ -949,9 +1003,19 @@ getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value);
 getdns_return_t
 getdns_dict_util_get_string(getdns_dict * dict, char *name, char **result);

+/** @}
+ */
+
+
+/**
+ * \addtogroup dnssecfuncs
+ *  @{
+ */
+
 /**
 * Validate replies or resource records.
 *
+ * @see dnssecvalues
 * @param  to_validate     A list of RR-dicts with companion RRSIG-RR-dicts
 *                         which will be validated.  Or a list of reply-dicts
 *                         that will be validated.  The "replies_tree" list
@ -983,6 +1047,16 @@ getdns_validate_dnssec2(getdns_list *to_validate,
    getdns_list *trust_anchors,
    time_t validation_time, uint32_t skew);

+
+/** @}
+ */
+
+
+/**
+ * \addtogroup utils
+ *  @{
+ */
+
 /**
 * Public Key Pinning functionality:
 * 
@ -1035,6 +1109,15 @@ getdns_return_t getdns_pubkey_pinset_sanity_check(
 	const getdns_list* pinset,
 	getdns_list* errorlist);

+/** @}
+ */
+
+
+/**
+ * \addtogroup getdns_context
+ *  @{
+ */
+
 /**
 * Configure a context with settings given in a getdns_dict.
 *
@ -1077,7 +1160,7 @@ getdns_context_config(getdns_context *context, const getdns_dict *config_dict);
 */

 /**
- * \defgroup UXTRAPrettyPrinting Pretty printing of getdns dicts and lists
+ * \addtogroup getdns_dict
 *  @{
 */

@ -1094,27 +1177,6 @@ getdns_context_config(getdns_context *context, const getdns_dict *config_dict);
 int
 getdns_pretty_snprint_dict(char *str, size_t size, const getdns_dict *dict);

-/**
- * creates a string that describes the list in a human readable form.
- * @param some_list list to pretty print
- * @return character array (caller must free this) containing pretty string
- */
-char *
-getdns_pretty_print_list(const getdns_list *some_list);
-
-/**
- * Pretty print the getdns_list in a given buffer snprintf style.
- * @param str pointer to the buffer to print to
- * @param size size of the given buffer. No more than size bytes (including
- *             the terminating null byte) will be written to str.
- * @param list getdns_list to print
- * @return The number of characters written excluding the terminating null byte
- * or the number of characters which would have been written if enough space
- * had been available.
- */
-int
-getdns_pretty_snprint_list(char *str, size_t size, const getdns_list *list);
-
 /**
 * creates a string containing a json representation of some_dict.
 * bindatas are converted to strings when possible, including bindatas for 
@ -1145,6 +1207,35 @@ int
 getdns_snprint_json_dict(
    char *str, size_t size, const getdns_dict *dict, int pretty);

+/** @}
+ */
+
+/**
+ * \addtogroup getdns_list
+ *  @{
+ */
+
+/**
+ * creates a string that describes the list in a human readable form.
+ * @param some_list list to pretty print
+ * @return character array (caller must free this) containing pretty string
+ */
+char *
+getdns_pretty_print_list(const getdns_list *some_list);
+
+/**
+ * Pretty print the getdns_list in a given buffer snprintf style.
+ * @param str pointer to the buffer to print to
+ * @param size size of the given buffer. No more than size bytes (including
+ *             the terminating null byte) will be written to str.
+ * @param list getdns_list to print
+ * @return The number of characters written excluding the terminating null byte
+ * or the number of characters which would have been written if enough space
+ * had been available.
+ */
+int
+getdns_pretty_snprint_list(char *str, size_t size, const getdns_list *list);
+
 /**
 * creates a string containing a json representation of some_list.
 * bindatas are converted to strings when possible, including bindatas for 
@ -1180,7 +1271,7 @@ getdns_snprint_json_list(
 */

 /**
- * \defgroup UDNSDataConversionFunctions Functions for converting between getdns DNS dicts, DNS wire format and DNS presentation format
+ * \defgroup UDNSDataConversionFunctions Converting between getdns DNS dicts, DNS wire format and DNS presentation format
 *  @{
 */

@ -1501,7 +1592,7 @@ getdns_msg_dict2str_scan(
 */

 /**
- * \defgroup Ustring2getdns_data Functions for converting strings to getdns data structures
+ * \defgroup Ustring2getdns_data Converting strings to getdns data structures
 *  @{
 */

@ -1598,7 +1689,7 @@ getdns_str2int(const char *str, uint32_t *value);
 */

 /**
- * \defgroup UServerFunctions Functions for creating simple DNS servers
+ * \defgroup UServerFunctions Creating simple DNS servers
 *  @{
 */

@ -1671,7 +1762,7 @@ getdns_reply(getdns_context *context,


 /**
- * \defgroup Uutilityfunctionsdeprecated  Additional utility functions (will be deprecated)
+ * \defgroup Uutilityfunctionsdeprecated  Deptricated utility functions
 *  @{
 */
 /**
@ -1728,9 +1819,6 @@ getdns_return_t getdns_context_set_use_threads(getdns_context* context,
 */
 /** @}
 */
-/** @}
- */
-
 #ifdef __cplusplus
 }
 #endif
--- a/src/gldns/gbuffer.c
+++ b/src/gldns/gbuffer.c
@ -50,6 +50,8 @@ gldns_buffer_new_frm_data(gldns_buffer *buffer, void *data, size_t size)
 	buffer->_limit = buffer->_capacity = size;
 	buffer->_fixed = 0;
 	buffer->_vfixed = 0;
+	if (!buffer->_fixed && buffer->_data)
+		free(buffer->_data);
 	buffer->_data = malloc(size);
 	if(!buffer->_data) {
 		buffer->_status_err = 1;
--- a/src/gldns/gbuffer.h
+++ b/src/gldns/gbuffer.h
@ -469,6 +469,30 @@ gldns_buffer_write_at(gldns_buffer *buffer, size_t at, const void *data, size_t
 	memcpy(buffer->_data + at, data, count);
 }

+/**
+ * set the given byte to the buffer at the specified position
+ * \param[in] buffer the buffer
+ * \param[in] at the position (in number of bytes) to write the data at
+ * \param[in] c the byte to set to the buffer
+ * \param[in] count the number of bytes of bytes to write
+ */
+
+INLINE void
+gldns_buffer_set_at(gldns_buffer *buffer, size_t at, int c, size_t count)
+{
+    if (!buffer->_vfixed)
+        assert(gldns_buffer_available_at(buffer, at, count));
+    else if (gldns_buffer_remaining_at(buffer, at) == 0)
+        return;
+    else if (count > gldns_buffer_remaining_at(buffer, at)) {
+        memset(buffer->_data + at, c,
+            gldns_buffer_remaining_at(buffer, at));
+        return;
+    }
+	memset(buffer->_data + at, c, count);
+}
+
+
 /**
 * writes count bytes of data to the current position of the buffer
 * \param[in] buffer the buffer
--- a/src/gldns/keyraw.c
+++ b/src/gldns/keyraw.c
@ -388,6 +388,27 @@ gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
 }
 #endif /* USE_ECDSA */

+#ifdef USE_ED25519
+EVP_PKEY*
+gldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
+{
+	/* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */
+	uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+		0x70, 0x03, 0x21, 0x00};
+	int pre_len = 12;
+	uint8_t buf[256];
+	EVP_PKEY *evp_key;
+	/* pp gets modified by d2i() */
+	const unsigned char* pp = (unsigned char*)buf;
+	if(keylen != 32 || keylen + pre_len > sizeof(buf))
+		return NULL; /* wrong length */
+	memmove(buf, pre, pre_len);
+	memmove(buf+pre_len, key, keylen);
+	evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
+	return evp_key;
+}
+#endif /* USE_ED25519 */
+
 int
 gldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
 	const EVP_MD* md)
--- a/src/gldns/keyraw.h
+++ b/src/gldns/keyraw.h
@ -92,6 +92,15 @@ EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
 */
 RSA *gldns_key_buf2rsa_raw(unsigned char* key, size_t len);

+/**
+ * Converts a holding buffer with key material to EVP PKEY in openssl.
+ * Only available if ldns was compiled with ED25519.
+ * \param[in] key the uncompressed wireformat of the key.
+ * \param[in] len length of key data
+ * \return the key or NULL on error.
+ */
+EVP_PKEY* gldns_ed255192pkey_raw(const unsigned char* key, size_t len);
+
 /**
 * Utility function to calculate hash using generic EVP_MD pointer.
 * \param[in] data the data to hash.
--- a/src/gldns/parse.c
+++ b/src/gldns/parse.c
@ -120,6 +120,10 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
+			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+				*t = '\0';
+				return -1;
+			}
 			*t++ = ' ';
 			prev_c = c;
 			continue;
--- a/src/gldns/parseutil.c
+++ b/src/gldns/parseutil.c
@ -402,10 +402,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,

 		/* ........ ........ ....4444 4....... ........ */
 			 c =  src[3]         >> 7 ;
+		/* fallthrough */
 	case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c];

 		/* ........ .......3 3333.... ........ ........ */
 			 c =  src[2]         >> 4 ;
+		/* fallthrough */
 	case 2:	dst[3] = b32[(src[1] & 0x01) << 4 | c];

 		/* ........ ..22222. ........ ........ ........ */
@ -413,6 +415,7 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,

 		/* .....111 11...... ........ ........ ........ */
 			 c =  src[1]         >> 6 ;
+		/* fallthrough */
 	case 1:	dst[1] = b32[(src[0] & 0x07) << 2 | c];

 		/* 00000... ........ ........ ........ ........ */
@ -423,9 +426,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
 		switch (src_sz) {
 			case 1: dst[2] = '=';
 				dst[3] = '=';
+				/* fallthrough */
 			case 2: dst[4] = '=';
+				/* fallthrough */
 			case 3: dst[5] = '=';
 				dst[6] = '=';
+				/* fallthrough */
 			case 4: dst[7] = '=';
 		}
 	}
@ -537,15 +543,18 @@ gldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz,
 			/* ........ ........ ........ .55555.. ........ */
 			/* ........ ........ ....4444 4....... ........ */
 			dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
+			/* fallthrough */

 		case 5: /* ........ ........ ....4444 4....... ........ */
 			/* ........ .......3 3333.... ........ ........ */
 			dst[2] = buf[3] << 4 | buf[4] >> 1;
+			/* fallthrough */

 		case 4: /* ........ .......3 3333.... ........ ........ */
 			/* ........ ..22222. ........ ........ ........ */
 			/* .....111 11...... ........ ........ ........ */
 			dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
+			/* fallthrough */

 		case 2: /* .....111 11...... ........ ........ ........ */
 			/* 00000... ........ ........ ........ ........ */
--- a/src/gldns/rrdef.c
+++ b/src/gldns/rrdef.c
@ -175,7 +175,7 @@ static const gldns_rdf_type type_tkey_wireformat[] = {
 	GLDNS_RDF_TYPE_TIME,
 	GLDNS_RDF_TYPE_TIME,
 	GLDNS_RDF_TYPE_INT16,
-	GLDNS_RDF_TYPE_INT16,
+	GLDNS_RDF_TYPE_TSIGERROR,
 	GLDNS_RDF_TYPE_INT16_DATA,
 	GLDNS_RDF_TYPE_INT16_DATA,
 };
@ -185,7 +185,7 @@ static const gldns_rdf_type type_tsig_wireformat[] = {
 	GLDNS_RDF_TYPE_INT16,
 	GLDNS_RDF_TYPE_INT16_DATA,
 	GLDNS_RDF_TYPE_INT16,
-	GLDNS_RDF_TYPE_INT16,
+	GLDNS_RDF_TYPE_TSIGERROR,
 	GLDNS_RDF_TYPE_INT16_DATA
 };
 static const gldns_rdf_type type_tlsa_wireformat[] = {
@ -341,8 +341,12 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 	{GLDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* 52 */
 	{GLDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-
+	/*53 */
+#ifdef DRAFT_RRTYPES
+	{GLDNS_RR_TYPE_SMIMEA, "SMIMEA", 4, 4, type_tlsa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+#else
 {GLDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+#endif
 {GLDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
        /* 55
 	 * Hip ends with 0 or more Rendezvous Servers represented as dname's.
@ -600,6 +604,12 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 	{GLDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* 257 */
 	{GLDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+#ifdef DRAFT_RRTYPES
+	/* 258 */
+	{GLDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, GLDNS_RDF_TYPE_STR, GLDNS_RR_NO_COMPRESS, 0 },
+#else
+{GLDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+#endif

 /* split in array, no longer contiguous */

--- a/src/gldns/rrdef.h
+++ b/src/gldns/rrdef.h
@ -38,7 +38,7 @@ extern "C" {
 #define GLDNS_KEY_REVOKE_KEY 0x0080 /* used to revoke KSK, rfc 5011 */

 /* The first fields are contiguous and can be referenced instantly */
-#define GLDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258
+#define GLDNS_RDATA_FIELD_DESCRIPTORS_COMMON 259

 /** lookuptable for rr classes  */
 extern struct gldns_struct_lookup_table* gldns_rr_classes;
@ -226,6 +226,7 @@ enum gldns_enum_rr_type
 	GLDNS_RR_TYPE_ANY = 255,
 	GLDNS_RR_TYPE_URI = 256, /* RFC 7553 */
 	GLDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
+	GLDNS_RR_TYPE_AVC = 258,

 	/** DNSSEC Trust Authorities */
 	GLDNS_RR_TYPE_TA = 32768,
@ -350,6 +351,9 @@ enum gldns_enum_rdf_type
         */
        GLDNS_RDF_TYPE_LONG_STR,

+	/** TSIG extended 16bit error value */
+	GLDNS_RDF_TYPE_TSIGERROR,
+
        /* Aliases */
        GLDNS_RDF_TYPE_BITMAP = GLDNS_RDF_TYPE_NSEC
 };
@ -422,7 +426,7 @@ enum gldns_enum_edns_option
 	GLDNS_EDNS_DAU = 5, /* RFC6975 */
 	GLDNS_EDNS_DHU = 6, /* RFC6975 */
 	GLDNS_EDNS_N3U = 7, /* RFC6975 */
-	GLDNS_EDNS_CLIENT_SUBNET = 8, /* draft-vandergaast-edns-client-subnet */
+	GLDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */
 	GLDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/
 	GLDNS_EDNS_PADDING = 12 /* RFC7830 */
 };
@ -430,6 +434,15 @@ typedef enum gldns_enum_edns_option gldns_edns_option;

 #define GLDNS_EDNS_MASK_DO_BIT 0x8000

+/** TSIG and TKEY extended rcodes (16bit), 0-15 are the normal rcodes. */
+#define GLDNS_TSIG_ERROR_NOERROR  0
+#define GLDNS_TSIG_ERROR_BADSIG   16
+#define GLDNS_TSIG_ERROR_BADKEY   17
+#define GLDNS_TSIG_ERROR_BADTIME  18
+#define GLDNS_TSIG_ERROR_BADMODE  19
+#define GLDNS_TSIG_ERROR_BADNAME  20
+#define GLDNS_TSIG_ERROR_BADALG   21
+
 /**
 * Contains all information about resource record types.
 *
--- a/src/gldns/str2wire.c
+++ b/src/gldns/str2wire.c
@ -664,6 +664,14 @@ rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
 					&pre_data_pos, delimiters,
 					rdftype, &token_strlen))
 					break;
+			} else if(rdftype == GLDNS_RDF_TYPE_INT16_DATA &&
+				strcmp(token, "0")!=0) {
+				/* affix len and b64 fields */
+				if(!gldns_affix_token(strbuf, token,
+					&token_len, &quoted, &parens,
+					&pre_data_pos, delimiters,
+					rdftype, &token_strlen))
+					break;
 			}

 			/* normal RR */
@ -861,6 +869,8 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
 	/* we can have the situation, where we've read ok, but still got
 	 * no bytes to play with, in this case size is 0 */
 	if(size == 0) {
+		if(*len > 0)
+			rr[0] = 0;
 		*len = 0;
 		*dname_len = 0;
 		return GLDNS_WIREPARSE_ERR_OK;
@ -868,6 +878,7 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,

 	if(strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) {
 		int s;
+		strlcpy((char*)rr, line, *len);
 		*len = 0;
 		*dname_len = 0;
 		if(!parse_state) return GLDNS_WIREPARSE_ERR_OK;
@ -878,12 +889,19 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
 		return s;
 	} else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) {
 		const char* end = NULL;
+		strlcpy((char*)rr, line, *len);
 		*len = 0;
 		*dname_len = 0;
 		if(!parse_state) return GLDNS_WIREPARSE_ERR_OK;
 		parse_state->default_ttl = gldns_str2period(
 			gldns_strip_ws(line+5), &end);
 	} else if (strncmp(line, "$INCLUDE", 8) == 0) {
+		strlcpy((char*)rr, line, *len);
+		*len = 0;
+		*dname_len = 0;
+		return GLDNS_WIREPARSE_ERR_INCLUDE;
+	} else if (strncmp(line, "$", 1) == 0) {
+		strlcpy((char*)rr, line, *len);
 		*len = 0;
 		*dname_len = 0;
 		return GLDNS_WIREPARSE_ERR_INCLUDE;
@ -940,6 +958,8 @@ int gldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
 		return gldns_str2wire_time_buf(str, rd, len);
 	case GLDNS_RDF_TYPE_PERIOD:
 		return gldns_str2wire_period_buf(str, rd, len);
+	case GLDNS_RDF_TYPE_TSIGTIME:
+		return gldns_str2wire_tsigtime_buf(str, rd, len);
 	case GLDNS_RDF_TYPE_LOC:
 		return gldns_str2wire_loc_buf(str, rd, len);
 	case GLDNS_RDF_TYPE_WKS:
@ -964,6 +984,8 @@ int gldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
 		return gldns_str2wire_tag_buf(str, rd, len);
 	case GLDNS_RDF_TYPE_LONG_STR:
 		return gldns_str2wire_long_str_buf(str, rd, len);
+	case GLDNS_RDF_TYPE_TSIGERROR:
+		return gldns_str2wire_tsigerror_buf(str, rd, len);
 	case GLDNS_RDF_TYPE_HIP:
 		return gldns_str2wire_hip_buf(str, rd, len);
 	case GLDNS_RDF_TYPE_INT16_DATA:
@ -1168,6 +1190,10 @@ int gldns_str2wire_b64_buf(const char* str, uint8_t* rd, size_t* len)
 {
 	size_t sz = gldns_b64_pton_calculate_size(strlen(str));
 	int n;
+	if(strcmp(str, "0") == 0) {
+		*len = 0;
+		return GLDNS_WIREPARSE_ERR_OK;
+	}
 	if(*len < sz)
 		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
 	n = gldns_b64_pton(str, rd, *len);
@ -1201,6 +1227,10 @@ int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
 			s++;
 			continue;
 		}
+		if(dlen == 0 && *s == '0' && *(s+1) == 0) {
+			*len = 0;
+			return GLDNS_WIREPARSE_ERR_OK;
+		}
 		if(!isxdigit((unsigned char)*s))
 			return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str);
 		if(*len < dlen/2 + 1)
@ -1341,6 +1371,21 @@ int gldns_str2wire_alg_buf(const char* str, uint8_t* rd, size_t* len)
 	return GLDNS_WIREPARSE_ERR_OK;
 }

+int gldns_str2wire_tsigerror_buf(const char* str, uint8_t* rd, size_t* len)
+{
+	gldns_lookup_table *lt = gldns_lookup_by_name(gldns_tsig_errors, str);
+	if(*len < 2)
+		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
+	if(lt) {
+		gldns_write_uint16(rd, (uint16_t)lt->id);
+		*len = 2;
+	} else {
+		/* try as-is (a number) */
+		return gldns_str2wire_int16_buf(str, rd, len);
+	}
+	return GLDNS_WIREPARSE_ERR_OK;
+}
+
 int gldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len)
 {
 	/* convert a time YYYYDDMMHHMMSS to wireformat */
@ -1383,6 +1428,24 @@ int gldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len)
 	return GLDNS_WIREPARSE_ERR_OK;
 }

+int gldns_str2wire_tsigtime_buf(const char* str, uint8_t* rd, size_t* len)
+{
+	char* end;
+	uint64_t t = (uint64_t)strtol((char*)str, &end, 10);
+	uint16_t high;
+	uint32_t low;
+	if(*end != 0)
+		return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_TIME, end-str);
+	if(*len < 6)
+		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
+	high = (uint16_t)(t>>32);
+	low = (uint32_t)(t);
+	gldns_write_uint16(rd, high);
+	gldns_write_uint32(rd+2, low);
+	*len = 6;
+	return GLDNS_WIREPARSE_ERR_OK;
+}
+
 int gldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len)
 {
 	const char* end;
@ -2008,16 +2071,29 @@ int gldns_str2wire_hip_buf(const char* str, uint8_t* rd, size_t* len)

 int gldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len)
 {
-	size_t sz = gldns_b64_pton_calculate_size(strlen(str));
+	char* s;
 	int n;
-	if(*len < sz+2)
+	n = strtol(str, &s, 10);
+	if(*len < ((size_t)n)+2)
 		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-	if(sz > 65535)
+	if(n > 65535)
 		return GLDNS_WIREPARSE_ERR_LABEL_OVERFLOW;
-	n = gldns_b64_pton(str, rd+2, (*len)-2);
+
+	if(n == 0) {
+		gldns_write_uint16(rd, 0);
+		*len = 2;
+		return GLDNS_WIREPARSE_ERR_OK;
+	}
+	if(*s != ' ')
+		return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_INT, s-(char*)str);
+	s++;
+	while(*s == ' ')
+		s++;
+
+	n = gldns_b64_pton(s, rd+2, (*len)-2);
 	if(n < 0)
 		return GLDNS_WIREPARSE_ERR_SYNTAX_B64;
 	gldns_write_uint16(rd, (uint16_t)n);
-	*len = (size_t)n;
+	*len = ((size_t)n)+2;
 	return GLDNS_WIREPARSE_ERR_OK;
 }
--- a/src/gldns/str2wire.h
+++ b/src/gldns/str2wire.h
@ -237,6 +237,8 @@ struct gldns_file_parse_state {
 * @param rr: this is malloced by the user and the result is stored here,
 * 	if an RR is read.  If no RR is read this is signalled with the
 * 	return len set to 0 (for ORIGIN, TTL directives).
+ * 	The read line is available in the rr_buf (zero terminated), for
+ * 	$DIRECTIVE style elements.
 * @param len: on input, the length of the rr buffer.  on output the rr len.
 * 	Buffer size of 64k should be enough.
 * @param dname_len: returns the length of the dname initial part of the rr.
@ -417,6 +419,24 @@ int gldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len);
 */
 int gldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len);

+/**
+ * Convert rdf of type GLDNS_RDF_TYPE_TSIGTIME from string to wireformat.
+ * @param str: the text to convert for this rdata element.
+ * @param rd: rdata buffer for the wireformat.
+ * @param len: length of rd buffer on input, used length on output.
+ * @return 0 on success, error on failure.
+ */
+int gldns_str2wire_tsigtime_buf(const char* str, uint8_t* rd, size_t* len);
+
+/**
+ * Convert rdf of type GLDNS_RDF_TYPE_TSIGERROR from string to wireformat.
+ * @param str: the text to convert for this rdata element.
+ * @param rd: rdata buffer for the wireformat.
+ * @param len: length of rd buffer on input, used length on output.
+ * @return 0 on success, error on failure.
+ */
+int gldns_str2wire_tsigerror_buf(const char* str, uint8_t* rd, size_t* len);
+
 /**
 * Convert rdf of type GLDNS_RDF_TYPE_LOC from string to wireformat.
 * @param str: the text to convert for this rdata element.
--- a/src/gldns/wire2str.c
+++ b/src/gldns/wire2str.c
@ -173,6 +173,28 @@ static gldns_lookup_table gldns_edns_options_data[] = {
 };
 gldns_lookup_table* gldns_edns_options = gldns_edns_options_data;

+static gldns_lookup_table gldns_tsig_errors_data[] = {
+	{ GLDNS_TSIG_ERROR_NOERROR, "NOERROR" },
+	{ GLDNS_RCODE_FORMERR, "FORMERR" },
+	{ GLDNS_RCODE_SERVFAIL, "SERVFAIL" },
+	{ GLDNS_RCODE_NXDOMAIN, "NXDOMAIN" },
+	{ GLDNS_RCODE_NOTIMPL, "NOTIMPL" },
+	{ GLDNS_RCODE_REFUSED, "REFUSED" },
+	{ GLDNS_RCODE_YXDOMAIN, "YXDOMAIN" },
+	{ GLDNS_RCODE_YXRRSET, "YXRRSET" },
+	{ GLDNS_RCODE_NXRRSET, "NXRRSET" },
+	{ GLDNS_RCODE_NOTAUTH, "NOTAUTH" },
+	{ GLDNS_RCODE_NOTZONE, "NOTZONE" },
+	{ GLDNS_TSIG_ERROR_BADSIG, "BADSIG" },
+	{ GLDNS_TSIG_ERROR_BADKEY, "BADKEY" },
+	{ GLDNS_TSIG_ERROR_BADTIME, "BADTIME" },
+	{ GLDNS_TSIG_ERROR_BADMODE, "BADMODE" },
+	{ GLDNS_TSIG_ERROR_BADNAME, "BADNAME" },
+	{ GLDNS_TSIG_ERROR_BADALG, "BADALG" },
+	{ 0, NULL }
+};
+gldns_lookup_table* gldns_tsig_errors = gldns_tsig_errors_data;
+
 char* gldns_wire2str_pkt(uint8_t* data, size_t len)
 {
 	size_t slen = (size_t)gldns_wire2str_pkt_buf(data, len, NULL, 0);
@ -195,22 +217,14 @@ char* gldns_wire2str_type(uint16_t rrtype)
 {
 	char buf[16];
 	gldns_wire2str_type_buf(rrtype, buf, sizeof(buf));
-#ifndef USE_WINSOCK
 	return strdup(buf);
-#else
-	return _strdup(buf);
-#endif
 }

 char* gldns_wire2str_class(uint16_t rrclass)
 {
 	char buf[16];
 	gldns_wire2str_class_buf(rrclass, buf, sizeof(buf));
-#ifndef USE_WINSOCK
 	return strdup(buf);
-#else
-	return _strdup(buf);
-#endif
 }

 char* gldns_wire2str_dname(uint8_t* dname, size_t dname_len)
@ -226,11 +240,7 @@ char* gldns_wire2str_rcode(int rcode)
 {
 	char buf[16];
 	gldns_wire2str_rcode_buf(rcode, buf, sizeof(buf));
-#ifndef USE_WINSOCK
 	return strdup(buf);
-#else
-	return _strdup(buf);
-#endif
 }

 int gldns_wire2str_pkt_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
@ -285,6 +295,12 @@ int gldns_wire2str_rcode_buf(int rcode, char* s, size_t slen)
 	return gldns_wire2str_rcode_print(&s, &slen, rcode);
 }

+int gldns_wire2str_opcode_buf(int opcode, char* s, size_t slen)
+{
+	/* use arguments as temporary variables */
+	return gldns_wire2str_opcode_print(&s, &slen, opcode);
+}
+
 int gldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
 {
 	/* use arguments as temporary variables */
@ -982,6 +998,8 @@ int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 		return gldns_wire2str_tag_scan(d, dlen, s, slen);
 	case GLDNS_RDF_TYPE_LONG_STR:
 		return gldns_wire2str_long_str_scan(d, dlen, s, slen);
+	case GLDNS_RDF_TYPE_TSIGERROR:
+		return gldns_wire2str_tsigerror_scan(d, dlen, s, slen);
 	}
 	/* unknown rdf type */
 	return -1;
@ -1202,11 +1220,17 @@ static int gldns_wire2str_b64_scan_num(uint8_t** d, size_t* dl, char** s,

 int gldns_wire2str_b64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 {
+	if(*dl == 0) {
+		return gldns_str_print(s, sl, "0");
+	}
 	return gldns_wire2str_b64_scan_num(d, dl, s, sl, *dl);
 }

 int gldns_wire2str_hex_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 {
+	if(*dl == 0) {
+		return gldns_str_print(s, sl, "0");
+	}
 	return print_remainder_hex("", d, dl, s, sl);
 }

@ -1580,6 +1604,7 @@ int gldns_wire2str_hip_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)

 int gldns_wire2str_int16_data_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 {
+	int w;
 	uint16_t n;
 	if(*dl < 2)
 		return -1;
@ -1588,7 +1613,12 @@ int gldns_wire2str_int16_data_scan(uint8_t** d, size_t* dl, char** s, size_t* sl
 		return -1;
 	(*d)+=2;
 	(*dl)-=2;
-	return gldns_wire2str_b64_scan_num(d, dl, s, sl, n);
+	if(n == 0) {
+		return gldns_str_print(s, sl, "0");
+	}
+	w = gldns_str_print(s, sl, "%u ", (unsigned)n);
+	w += gldns_wire2str_b64_scan_num(d, dl, s, sl, n);
+	return w;
 }

 int gldns_wire2str_nsec3_next_owner_scan(uint8_t** d, size_t* dl, char** s,
@ -1645,10 +1675,10 @@ int gldns_wire2str_tag_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 	if(*dl < 1+n)
 		return -1;
 	for(i=0; i<n; i++)
-		if(!isalnum((unsigned char)(*d)[i]))
+		if(!isalnum((unsigned char)(*d)[i+1]))
 			return -1;
 	for(i=0; i<n; i++)
-		w += gldns_str_print(s, sl, "%c", (char)(*d)[i]);
+		w += gldns_str_print(s, sl, "%c", (char)(*d)[i+1]);
 	(*d)+=n+1;
 	(*dl)-=(n+1);
 	return w;
@ -1667,6 +1697,21 @@ int gldns_wire2str_long_str_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 	return w;
 }

+int gldns_wire2str_tsigerror_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
+{
+	gldns_lookup_table *lt;
+	int data, w;
+	if(*dl < 2) return -1;
+	data = (int)gldns_read_uint16(*d);
+	lt = gldns_lookup_by_id(gldns_tsig_errors, data);
+	if(lt && lt->name)
+		w = gldns_str_print(s, sl, "%s", lt->name);
+	else 	w = gldns_str_print(s, sl, "%d", data);
+	(*dl)-=2;
+	(*d)+=2;
+	return w;
+}
+
 int gldns_wire2str_edns_llq_print(char** s, size_t* sl, uint8_t* data,
 	size_t len)
 {
--- a/src/gldns/wire2str.h
+++ b/src/gldns/wire2str.h
@ -38,6 +38,8 @@ extern struct gldns_struct_lookup_table* gldns_edns_flags;
 extern struct gldns_struct_lookup_table* gldns_edns_options;
 /** error string from wireparse */
 extern struct gldns_struct_lookup_table* gldns_wireparse_errors;
+/** tsig errors are the rcodes with extra (higher) values */
+extern struct gldns_struct_lookup_table* gldns_tsig_errors;

 /**
 * Convert wireformat packet to a string representation
@ -441,6 +443,17 @@ int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len);
 */
 int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len);

+/**
+ * Convert host format opcode to a string. 'QUERY', 'NOTIFY', 'UPDATE'.
+ * With user buffer.
+ * @param opcode: opcode as integer in host order
+ * @param str: the string to write to.
+ * @param len: length of str.
+ * @return the number of characters for this element, excluding zerobyte.
+ * 	Is larger or equal than str_len if output was truncated.
+ */
+int gldns_wire2str_opcode_buf(int opcode, char* str, size_t len);
+
 /**
 * Convert wire dname to a string, "example.com.".  With user buffer.
 * @param dname: the dname in uncompressed wireformat.
@ -796,6 +809,19 @@ int gldns_wire2str_hip_scan(uint8_t** data, size_t* data_len, char** str,
 int gldns_wire2str_int16_data_scan(uint8_t** data, size_t* data_len, char** str,
 	size_t* str_len);

+/**
+ * Scan wireformat tsigerror field to string, with user buffers.
+ * It shifts the arguments to move along (see gldns_wire2str_pkt_scan).
+ * @param data: wireformat data.
+ * @param data_len: length of data buffer.
+ * @param str: string buffer.
+ * @param str_len: length of string buffer.
+ * @return number of characters (except null) needed to print.
+ * 	Can return -1 on failure.
+ */
+int gldns_wire2str_tsigerror_scan(uint8_t** data, size_t* data_len, char** str,
+	size_t* str_len);
+
 /**
 * Scan wireformat nsec3_next_owner field to string, with user buffers.
 * It shifts the arguments to move along (see gldns_wire2str_pkt_scan).
--- a/src/jsmn
+++ b/src/jsmn
@ -1 +1 @@
-Subproject commit 868c22e35ec223fc26ddefdb9ca83901dc6e2534
+Subproject commit c831c3869f56a571a79a3cbf58e0a366e588e256
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@ -55,6 +55,7 @@ getdns_context_set_follow_redirects
 getdns_context_set_idle_timeout
 getdns_context_set_limit_outstanding_queries
 getdns_context_set_listen_addresses
+getdns_context_set_logfunc
 getdns_context_set_memory_functions
 getdns_context_set_namespaces
 getdns_context_set_resolution_type
--- a/src/mdns.c
+++ b/src/mdns.c
@ -1746,7 +1746,7 @@ mdns_udp_read_cb(void *userarg)
 	if (read < GLDNS_HEADER_SIZE)
 		return; /* Not DNS */

-	if (GLDNS_ID_WIRE(netreq->response) != netreq->query_id)
+	if (GLDNS_ID_WIRE(netreq->response) != GLDNS_ID_WIRE(netreq->query))
 		return; /* Cache poisoning attempt ;) */

 	// TODO: check whether EDNS server cookies are required for MDNS
@ -1788,8 +1788,7 @@ mdns_udp_write_cb(void *userarg)

 	netreq->debug_start_time = _getdns_get_time_as_uintt64();
 	netreq->debug_udp = 1;
-	netreq->query_id = (uint16_t) arc4random();
-	GLDNS_ID_SET(netreq->query, netreq->query_id);
+	GLDNS_ID_SET(netreq->query, (uint16_t) arc4random());

 	/* do we need to handle options valid in the MDNS context? */

--- a/src/mk-const-info.c.sh
+++ b/src/mk-const-info.c.sh
@ -14,7 +14,7 @@ cat > const-info.c << END_OF_HEAD
 static struct const_info consts_info[] = {
 	{   -1, NULL, "/* <unknown getdns value> */" },
 END_OF_HEAD
-gawk '/^[ 	]+GETDNS_[A-Z_]+[ 	]+=[ 	]+[0-9]+/{ key = sprintf("%4d", $3); consts[key] = $1; }/^#define GETDNS_[A-Z_]+[ 	]+[0-9]+/ && !/^#define GETDNS_RRTYPE/ && !/^#define GETDNS_RRCLASS/ && !/^#define GETDNS_OPCODE/  && !/^#define GETDNS_RCODE/ && !/_TEXT/{ key = sprintf("%4d", $3); consts[key] = $2; }/^#define GETDNS_[A-Z_]+[ 	]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%4d", $4); consts[key] = $2; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ "val", \""name"\", "name"_TEXT },"}}' getdns/getdns.h.in getdns/getdns_extra.h.in | sed 's/,,/,/g' >> const-info.c
+gawk '/^[ 	]+GETDNS_[A-Z_]+[ 	]+=[ 	]+[0-9]+/{ key = sprintf("%7d", $3); consts[key] = $1; }/^#define GETDNS_[A-Z_]+[ 	]+[0-9]+/ && !/^#define GETDNS_RRTYPE/ && !/^#define GETDNS_RRCLASS/ && !/^#define GETDNS_OPCODE/  && !/^#define GETDNS_RCODE/ && !/_TEXT/{ key = sprintf("%7d", $3); consts[key] = $2; }/^#define GETDNS_[A-Z_]+[ 	]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%7d", $4); consts[key] = $2; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ "val", \""name"\", "name"_TEXT },"}}' getdns/getdns_extra.h.in getdns/getdns.h.in | sed 's/,,/,/g' >> const-info.c
 cat >> const-info.c << END_OF_TAIL
 };

--- a/src/request-internal.c
+++ b/src/request-internal.c
@ -125,7 +125,6 @@ netreq_reset(getdns_network_req *net_req)
 	_getdns_netreq_change_state(net_req, NET_REQ_NOT_SENT);
 	net_req->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
 	net_req->tsig_status = GETDNS_DNSSEC_INDETERMINATE;
-	net_req->query_id = 0;
 	net_req->response_len = 0;
 	/* Some fields to record info for return_call_reporting */
 	net_req->debug_start_time = 0;
--- a/src/rr-dict.c
+++ b/src/rr-dict.c
@ -56,11 +56,6 @@ apl_n_wire2dict(getdns_dict *dict, const uint8_t *rdf)
 	return getdns_dict_set_int(dict, "n", (*rdf  >> 7));
 }
 static getdns_return_t
-apl_n_wire2list(getdns_list *list, const uint8_t *rdf)
-{
-	return _getdns_list_append_int(list, (*rdf  >> 7));
-}
-static getdns_return_t
 apl_n_2wire(uint32_t value, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
 {
 	(void)rdata; /* unused parameter */
@ -85,22 +80,10 @@ apl_n_dict2wire(const getdns_dict *dict,
 	else
 		return apl_n_2wire(value, rdata, rdf, rdf_len);
 }
-static getdns_return_t
-apl_n_list2wire(const getdns_list *list, size_t i,
-    uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
-{
-	getdns_return_t r;
-	uint32_t        value;
-
-	if ((r = getdns_list_get_int(list, i, &value)))
-		return r;
-	else
-		return apl_n_2wire(value, rdata, rdf, rdf_len);
-}
 static _getdns_rdf_special apl_n = {
    apl_n_rdf_end,
-    apl_n_wire2dict, apl_n_wire2list,
-    apl_n_dict2wire, apl_n_list2wire
+    apl_n_wire2dict, NULL,
+    apl_n_dict2wire, NULL 
 };

 static const uint8_t *
@ -118,11 +101,6 @@ apl_afdpart_wire2dict(getdns_dict *dict, const uint8_t *rdf)
 	    dict, "afdpart", (rdf[-1] & 0x7F), rdf);
 }
 static getdns_return_t
-apl_afdpart_wire2list(getdns_list *list, const uint8_t *rdf)
-{
-	return _getdns_list_append_const_bindata(list, (rdf[-1] & 0x7F), rdf);
-}
-static getdns_return_t
 apl_afdpart_2wire(
    const getdns_bindata *value, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
 {
@ -156,22 +134,10 @@ apl_afdpart_dict2wire(
 	else
 		return apl_afdpart_2wire(value, rdata, rdf, rdf_len);
 }
-static getdns_return_t
-apl_afdpart_list2wire(const getdns_list *list,
-    size_t i, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
-{
-	getdns_return_t r;
-	getdns_bindata *value;
-
-	if ((r = getdns_list_get_bindata(list, i, &value)))
-		return r;
-	else
-		return apl_afdpart_2wire(value, rdata, rdf, rdf_len);
-}
 static _getdns_rdf_special apl_afdpart = {
    apl_afdpart_rdf_end,
-    apl_afdpart_wire2dict, apl_afdpart_wire2list,
-    apl_afdpart_dict2wire, apl_afdpart_list2wire
+    apl_afdpart_wire2dict, NULL,
+    apl_afdpart_dict2wire, NULL 
 };

 static const uint8_t *
@ -246,30 +212,12 @@ ipseckey_gateway_wire2dict(getdns_dict *dict, const uint8_t *rdf)
 		return _getdns_dict_set_const_bindata(dict, "gateway", size, data);
 }
 static getdns_return_t
-ipseckey_gateway_wire2list(getdns_list *list, const uint8_t *rdf)
-{
-	size_t size;
-	const uint8_t *data;
-
-	if (ipseckey_gateway_equip_const_bindata(rdf, &size, &data))
-		return GETDNS_RETURN_GENERIC_ERROR;
-
-	else if (!size)
-		return GETDNS_RETURN_GOOD;
-	else
-		return _getdns_list_append_const_bindata(list, size, data);
-}
-static getdns_return_t
 ipseckey_gateway_2wire(
    const getdns_bindata *value, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
 {
-	if (rdf - 2 < rdata)
-		return GETDNS_RETURN_GENERIC_ERROR;
+	assert(rdf - 2 >= rdata && rdf[-2] > 0);

 	switch (rdf[-2]) {
-	case 0:	if (value && value->size > 0)
-			return GETDNS_RETURN_INVALID_PARAMETER;
-		break;
 	case 1: if (!value || value->size != 4)
 			return GETDNS_RETURN_INVALID_PARAMETER;
 		if (*rdf_len < 4) {
@ -310,27 +258,22 @@ ipseckey_gateway_dict2wire(
 	getdns_return_t r;
 	getdns_bindata *value;

-	if ((r = getdns_dict_get_bindata(dict, "gateway", &value)))
-		return r;
-	else
-		return ipseckey_gateway_2wire(value, rdata, rdf, rdf_len);
-}
-static getdns_return_t
-ipseckey_gateway_list2wire(const getdns_list *list,
-    size_t i, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
-{
-	getdns_return_t r;
-	getdns_bindata *value;
+	if (rdf - 2 < rdata)
+		return GETDNS_RETURN_GENERIC_ERROR;

-	if ((r = getdns_list_get_bindata(list, i, &value)))
+	else if (rdf[-2] == 0) {
+		*rdf_len = 0;
+		return GETDNS_RETURN_GOOD;
+	}
+	else if ((r = getdns_dict_get_bindata(dict, "gateway", &value)))
 		return r;
 	else
 		return ipseckey_gateway_2wire(value, rdata, rdf, rdf_len);
 }
 static _getdns_rdf_special ipseckey_gateway = {
    ipseckey_gateway_rdf_end,
-    ipseckey_gateway_wire2dict, ipseckey_gateway_wire2list,
-    ipseckey_gateway_dict2wire, ipseckey_gateway_list2wire
+    ipseckey_gateway_wire2dict, NULL,
+    ipseckey_gateway_dict2wire, NULL 
 };

 static const uint8_t *
@ -348,11 +291,6 @@ hip_pk_algorithm_wire2dict(getdns_dict *dict, const uint8_t *rdf)
 	return getdns_dict_set_int(dict, "pk_algorithm", rdf[1]);
 }
 static getdns_return_t
-hip_pk_algorithm_wire2list(getdns_list *list, const uint8_t *rdf)
-{
-	return _getdns_list_append_int(list, rdf[1]);
-}
-static getdns_return_t
 hip_pk_algorithm_2wire(uint32_t value, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
 {
 	if (rdata != rdf)
@ -379,22 +317,10 @@ hip_pk_algorithm_dict2wire(
 	else
 		return hip_pk_algorithm_2wire(value, rdata, rdf, rdf_len);
 }
-static getdns_return_t
-hip_pk_algorithm_list2wire(const getdns_list *list,
-    size_t i, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
-{
-	getdns_return_t r;
-	uint32_t        value;
-
-	if ((r = getdns_list_get_int(list, i, &value)))
-		return r;
-	else
-		return hip_pk_algorithm_2wire(value, rdata, rdf, rdf_len);
-}
 static _getdns_rdf_special hip_pk_algorithm = {
    hip_pk_algorithm_rdf_end,
-    hip_pk_algorithm_wire2dict, hip_pk_algorithm_wire2list,
-    hip_pk_algorithm_dict2wire, hip_pk_algorithm_list2wire
+    hip_pk_algorithm_wire2dict, NULL,
+    hip_pk_algorithm_dict2wire, NULL
 };

 static const uint8_t *
@ -411,11 +337,6 @@ hip_hit_wire2dict(getdns_dict *dict, const uint8_t *rdf)
 	return _getdns_dict_set_const_bindata(dict, "hit", rdf[-1], rdf + 3);
 }
 static getdns_return_t
-hip_hit_wire2list(getdns_list *list, const uint8_t *rdf)
-{
-	return _getdns_list_append_const_bindata(list, rdf[-1], rdf + 3);
-}
-static getdns_return_t
 hip_hit_2wire(
    const getdns_bindata *value, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
 {
@ -449,22 +370,10 @@ hip_hit_dict2wire(
 	else
 		return hip_hit_2wire(value, rdata, rdf, rdf_len);
 }
-static getdns_return_t
-hip_hit_list2wire(const getdns_list *list,
-    size_t i, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
-{
-	getdns_return_t r;
-	getdns_bindata *value;
-
-	if ((r = getdns_list_get_bindata(list, i, &value)))
-		return r;
-	else
-		return hip_hit_2wire(value, rdata, rdf, rdf_len);
-}
 static _getdns_rdf_special hip_hit = {
    hip_hit_rdf_end,
-    hip_hit_wire2dict, hip_hit_wire2list,
-    hip_hit_dict2wire, hip_hit_list2wire
+    hip_hit_wire2dict, NULL,
+    hip_hit_dict2wire, NULL
 };

 static const uint8_t *
@ -483,12 +392,6 @@ hip_public_key_wire2dict(getdns_dict *dict, const uint8_t *rdf)
 	    dict, "public_key", gldns_read_uint16(rdf), rdf + 2 + rdf[-2]);
 }
 static getdns_return_t
-hip_public_key_wire2list(getdns_list *list, const uint8_t *rdf)
-{
-	return _getdns_list_append_const_bindata(
-	    list, gldns_read_uint16(rdf), rdf + 2 + rdf[-2]);
-}
-static getdns_return_t
 hip_public_key_2wire(
    const getdns_bindata *value, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
 {
@ -522,22 +425,10 @@ hip_public_key_dict2wire(
 	else
 		return hip_public_key_2wire(value, rdata, rdf, rdf_len);
 }
-static getdns_return_t
-hip_public_key_list2wire(
-    const getdns_list *list, size_t i, uint8_t *rdata, uint8_t *rdf, size_t *rdf_len)
-{
-	getdns_return_t r;
-	getdns_bindata *value;
-
-	if ((r = getdns_list_get_bindata(list, i, &value)))
-		return r;
-	else
-		return hip_public_key_2wire(value, rdata, rdf, rdf_len);
-}
 static _getdns_rdf_special hip_public_key = {
    hip_public_key_rdf_end,
-    hip_public_key_wire2dict, hip_public_key_wire2list,
-    hip_public_key_dict2wire, hip_public_key_list2wire
+    hip_public_key_wire2dict, NULL,
+    hip_public_key_dict2wire, NULL
 };


@ -596,6 +487,8 @@ static _getdns_rdata_def         rt_rdata[] = {
 	{ "intermediate_host"           , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def       nsap_rdata[] = {
 	{ "nsap"                        , GETDNS_RDF_X      , NULL }};
+static _getdns_rdata_def   nsap_ptr_rdata[] = {
+	{ "owner"                       , GETDNS_RDF_S      , NULL }};
 static _getdns_rdata_def        sig_rdata[] = {
 	{ "sig_obsolete"                , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        key_rdata[] = {
@ -614,6 +507,10 @@ static _getdns_rdata_def        loc_rdata[] = {
 	{ "loc_obsolete"                , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        nxt_rdata[] = {
 	{ "nxt_obsolete"                , GETDNS_RDF_X      , NULL }};
+static _getdns_rdata_def        eid_rdata[] = {
+	{ "endpoint_identifier"         , GETDNS_RDF_X      , NULL }};
+static _getdns_rdata_def     nimloc_rdata[] = {
+	{ "nimrod_locator"              , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        srv_rdata[] = {
 	{ "priority"                    , GETDNS_RDF_I2     , NULL },
 	{ "weight"                      , GETDNS_RDF_I2     , NULL },
@ -707,6 +604,11 @@ static _getdns_rdata_def        hip_rdata[] = {
 	{ "hit"                         , GETDNS_RDF_SPECIAL, &hip_hit },
 	{ "public_key"                  , GETDNS_RDF_SPECIAL, &hip_public_key },
 	{ "rendezvous_servers"          , GETDNS_RDF_N_M    , NULL }};
+static _getdns_rdata_def     talink_rdata[] = {
+	{ "previous"                    , GETDNS_RDF_N      , NULL },
+	{ "next"                        , GETDNS_RDF_N      , NULL }};
+static _getdns_rdata_def   openpgpkey_rdata[] = {
+	{ "transferable_public_key"     , GETDNS_RDF_B      , NULL }};
 static _getdns_rdata_def        csync_rdata[] = {
 	{ "serial"                      , GETDNS_RDF_I4     , NULL },
 	{ "flags"                       , GETDNS_RDF_I2     , NULL },
@ -782,17 +684,17 @@ static _getdns_rr_def _getdns_rr_defs[] = {
 	{        "X25",        x25_rdata, ALEN(       x25_rdata) },
 	{       "ISDN",       isdn_rdata, ALEN(      isdn_rdata) },
 	{         "RT",         rt_rdata, ALEN(        rt_rdata) },
-	{       "NSAP",       nsap_rdata, ALEN(      nsap_rdata) }, /* - 22 */
-	{         NULL,             NULL, 0                      },
-	{        "SIG",        sig_rdata, ALEN(       sig_rdata) }, /* 24 - */
+	{       "NSAP",       nsap_rdata, ALEN(      nsap_rdata) },
+	{   "NSAP_PTR",   nsap_ptr_rdata, ALEN(  nsap_ptr_rdata) },
+	{        "SIG",        sig_rdata, ALEN(       sig_rdata) },
 	{        "KEY",        key_rdata, ALEN(       key_rdata) },
 	{         "PX",         px_rdata, ALEN(        px_rdata) },
 	{       "GPOS",       gpos_rdata, ALEN(      gpos_rdata) },
 	{       "AAAA",       aaaa_rdata, ALEN(      aaaa_rdata) },
 	{        "LOC",        loc_rdata, ALEN(       loc_rdata) },
 	{        "NXT",        nxt_rdata, ALEN(       nxt_rdata) },
-	{        "EID",    UNKNOWN_RDATA, 0                      },
-	{     "NIMLOC",    UNKNOWN_RDATA, 0                      },
+	{        "EID",        eid_rdata, ALEN(       eid_rdata) },
+	{     "NIMLOC",     nimloc_rdata, ALEN(    nimloc_rdata) },
 	{        "SRV",        srv_rdata, ALEN(       srv_rdata) },
 	{       "ATMA",       atma_rdata, ALEN(      atma_rdata) },
 	{      "NAPTR",      naptr_rdata, ALEN(     naptr_rdata) },
@ -812,16 +714,16 @@ static _getdns_rr_def _getdns_rr_defs[] = {
 	{      "DHCID",      dhcid_rdata, ALEN(     dhcid_rdata) },
 	{      "NSEC3",      nsec3_rdata, ALEN(     nsec3_rdata) },
 	{ "NSEC3PARAM", nsec3param_rdata, ALEN(nsec3param_rdata) },
-	{       "TLSA",       tlsa_rdata, ALEN(      tlsa_rdata) }, /* - 52 */
-	{         NULL,             NULL, 0                      },
+	{       "TLSA",       tlsa_rdata, ALEN(      tlsa_rdata) },
+	{     "SMIMEA",       tlsa_rdata, ALEN(      tlsa_rdata) }, /* - 53 */
 	{         NULL,             NULL, 0                      },
 	{        "HIP",        hip_rdata, ALEN(       hip_rdata) }, /* 55 - */
 	{      "NINFO",    UNKNOWN_RDATA, 0                      },
 	{       "RKEY",    UNKNOWN_RDATA, 0                      },
-	{     "TALINK",    UNKNOWN_RDATA, 0                      },
+	{     "TALINK",     talink_rdata, ALEN(    talink_rdata) },
 	{        "CDS",         ds_rdata, ALEN(        ds_rdata) },
 	{    "CDNSKEY",     dnskey_rdata, ALEN(    dnskey_rdata) },
-	{ "OPENPGPKEY",    UNKNOWN_RDATA, 0                      }, /* 61 - */
+	{ "OPENPGPKEY", openpgpkey_rdata, ALEN(openpgpkey_rdata) }, /* 61 - */
 	{      "CSYNC",      csync_rdata, ALEN(     csync_rdata) }, /* - 62 */
 	{         NULL,             NULL, 0                      },
 	{         NULL,             NULL, 0                      },
@ -1017,20 +919,21 @@ static _getdns_rr_def _getdns_rr_defs[] = {
 	{      "MAILA",    UNKNOWN_RDATA, 0                      }, /* - 254 */
 	{         NULL,             NULL, 0                      },
 	{        "URI",        uri_rdata, ALEN(       uri_rdata) }, /* 256 - */
-	{        "CAA",        caa_rdata, ALEN(       caa_rdata) }, /* - 257 */
-	{         "TA",    UNKNOWN_RDATA, 0                      }, /* 32768 */
+	{        "CAA",        caa_rdata, ALEN(       caa_rdata) },
+	{        "AVC",        txt_rdata, ALEN(       txt_rdata) }, /* - 258 */
+	{         "TA",         ds_rdata, ALEN(        ds_rdata) }, /* 32768 */
 	{        "DLV",        dlv_rdata, ALEN(       dlv_rdata) }  /* 32769 */
 };

 const _getdns_rr_def *
 _getdns_rr_def_lookup(uint16_t rr_type)
 {
-	if (rr_type <= 257)
+	if (rr_type <= 258)
 		return &_getdns_rr_defs[rr_type];
 	else if (rr_type == 32768)
-		return &_getdns_rr_defs[258];
-	else if (rr_type == 32769)
 		return &_getdns_rr_defs[259];
+	else if (rr_type == 32769)
+		return &_getdns_rr_defs[260];
 	return _getdns_rr_defs;
 }

@ -1120,7 +1023,12 @@ write_rdata_field(gldns_buffer *buf, uint8_t *rdata_start,
 		return GETDNS_RETURN_GENERIC_ERROR;

 	} else if (!(rd_def->type & GETDNS_RDF_REPEAT)) {
-		
+		/*
+		 * Non repetitive special rdatafield,
+		 * We must have a dict2wire function
+		 */
+		assert(rd_def->special->dict2wire);
+
 		rdf_len = gldns_buffer_remaining(buf);
 		r = rd_def->special->dict2wire(rdata, rdata_start,
 		    gldns_buffer_current(buf), &rdf_len);
@ -1130,12 +1038,21 @@ write_rdata_field(gldns_buffer *buf, uint8_t *rdata_start,
 		if (r)
 			return r;

+	/* We do not have repetitive special rdata fields (yet)
+	 *
+	 * LCOV_EXCL_START
+	 */
 	} else if ((r = getdns_dict_get_list(rdata, rd_def->name, &list))) {

 		return r == GETDNS_RETURN_NO_SUCH_DICT_NAME
 			  ? GETDNS_RETURN_GOOD : r;

 	} else for ( i = 0; r == GETDNS_RETURN_GOOD; i++ ) {
+		/*
+		 * A repetitive special rdata field must have the list2wire
+		 * function.
+		 */
+		assert(rd_def->special->list2wire);
 		
 		rdf_len = gldns_buffer_remaining(buf);
 		r = rd_def->special->list2wire(list, i, rdata_start,
@ -1144,6 +1061,7 @@ write_rdata_field(gldns_buffer *buf, uint8_t *rdata_start,
 		    r == GETDNS_RETURN_NEED_MORE_SPACE)
 			gldns_buffer_skip(buf, rdf_len);
 	}
+	/* LCOV_EXCL_STOP */

 	return r != GETDNS_RETURN_NO_SUCH_LIST_ITEM ? r : GETDNS_RETURN_GOOD;
 }
--- a/src/rr-iter.c
+++ b/src/rr-iter.c
@ -518,8 +518,16 @@ rdf_iter_find_nxt(_getdns_rdf_iter *i)

 	    /* Empty rdata fields are only allowed in case of non-repeating
 	     * remaining data. So only the GETDNS_RDF_BINDATA bit is set.
+	     *
+	     * There is one exception, the IPSECKEY has an empty special rdata
+	     * field "gateway" when another rdata field, "gateway_type" is 0.
+	     * In general, the special wire2dict or list functions should
+	     * handle this case themselves, so allow for 0 sized RDF_SPECIAL
+	     * typed rdata fields too.
 	     */
-	    (i->nxt >  i->pos || (i->rdd_pos->type == GETDNS_RDF_BINDATA)))
+	    (  i->nxt >  i->pos
+	    || i->rdd_pos->type == GETDNS_RDF_BINDATA 
+	    || i->rdd_pos->type == GETDNS_RDF_SPECIAL))
 		return i;
 done:
 	i->pos = NULL;
--- a/src/server.c
+++ b/src/server.c
@ -995,15 +995,16 @@ getdns_return_t getdns_context_set_listen_addresses(
 			connection *conn;

 			loop->vmt->clear(loop, &l->to_replace->event);
-			(void) memset(&l->to_replace->event, 0,
-			    sizeof(getdns_eventloop_event));

 			l->fd = l->to_replace->fd;
 			l->event = l->to_replace->event;
+			l->event.userarg = l;
 			l->connections = l->to_replace->connections;
 			for (conn = l->connections; conn; conn = conn->next)
 				conn->l = l;

+			(void) memset(&l->to_replace->event, 0,
+			    sizeof(getdns_eventloop_event));
 			l->to_replace->connections = NULL;
 			l->to_replace->fd = -1;

--- a/src/stub.c
+++ b/src/stub.c
@ -362,7 +362,7 @@ process_keepalive(
 	/* Use server sent value unless the client specified a shorter one.
 	   Convert to ms first (wire value has units of 100ms) */
 	uint64_t server_keepalive = ((uint64_t)gldns_read_uint16(position))*100;
-	DEBUG_STUB("%s %-35s: FD:  %d Server Keepalive recieved: %d ms\n",
+	DEBUG_STUB("%s %-35s: FD:  %d Server Keepalive received: %d ms\n",
           STUB_DEBUG_READ, __FUNC__, upstream->fd, 
           (int)server_keepalive);
 	if (netreq->owner->context->idle_timeout < server_keepalive)
@ -425,15 +425,14 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
 	endpoints.sae_srcaddrlen = 0;
 	endpoints.sae_dstaddr = (struct sockaddr *)&upstream->addr;
 	endpoints.sae_dstaddrlen = upstream->addr_len;
-	if (connectx(fd, &endpoints, SAE_ASSOCID_ANY,  
+	if (connectx(fd, &endpoints, SAE_ASSOCID_ANY,
 	             CONNECT_DATA_IDEMPOTENT | CONNECT_RESUME_ON_READ_WRITE,
-	             NULL, 0, NULL, NULL) == -1) {
-		if (errno != EINPROGRESS) {
-			close(fd);
-			return -1;
-		}
+	             NULL, 0, NULL, NULL) == 0) {
+		return fd;
+	}
+	if (errno == EINPROGRESS) {
+		return fd;
 	}
-	return fd;
 #else
 	(void)transport;
 #endif
@ -505,7 +504,6 @@ stub_cleanup(getdns_network_req *netreq)
 	getdns_dns_req *dnsreq = netreq->owner;
 	getdns_network_req *r, *prev_r;
 	getdns_upstream *upstream;
-	intptr_t query_id_intptr;

 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);

@ -514,9 +512,8 @@ stub_cleanup(getdns_network_req *netreq)
 		return;

 	/* Delete from upstream->netreq_by_query_id (if present) */
-	query_id_intptr = (intptr_t)netreq->query_id;
-	(void) _getdns_rbtree_delete(
-	    &upstream->netreq_by_query_id, (void *)query_id_intptr);
+	(void) _getdns_rbtree_delete(&upstream->netreq_by_query_id,
+	    (void *)(intptr_t)GLDNS_ID_WIRE(netreq->query));

 	/* Delete from upstream->write_queue (if present) */
 	for (prev_r = NULL, r = upstream->write_queue; r;
@ -540,6 +537,8 @@ stub_cleanup(getdns_network_req *netreq)
 static void
 upstream_failed(getdns_upstream *upstream, int during_setup)
 {
+	getdns_network_req *netreq;
+
 	DEBUG_STUB("%s %-35s: FD:  %d Failure during connection setup = %d\n",
 	           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd, during_setup);
 	/* Fallback code should take care of queue queries and then close conn
@ -565,16 +564,14 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 	} else {
 		upstream->conn_shutdowns++;
 		/* [TLS1]TODO: Re-try these queries if possible.*/
-		getdns_network_req *netreq;
-		while (upstream->netreq_by_query_id.count) {
-			netreq = (getdns_network_req *)
-			    _getdns_rbtree_first(&upstream->netreq_by_query_id);
-			stub_cleanup(netreq);
-			_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
-			_getdns_check_dns_req_complete(netreq->owner);
-		}
 	}
-	
+	while (upstream->netreq_by_query_id.count) {
+		netreq = (getdns_network_req *)
+		    _getdns_rbtree_first(&upstream->netreq_by_query_id);
+		stub_cleanup(netreq);
+		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
+		_getdns_check_dns_req_complete(netreq->owner);
+	}
 	upstream->conn_state = GETDNS_CONN_TEARDOWN;
 }

@ -590,6 +587,7 @@ _getdns_cancel_stub_request(getdns_network_req *netreq)
 #else
 		close(netreq->fd);
 #endif
+		netreq->fd = -1;
 	}
 }

@ -608,13 +606,13 @@ stub_timeout_cb(void *userarg)
 #else
 		close(netreq->fd);
 #endif
+		netreq->fd = -1;
 		netreq->upstream->udp_timeouts++;
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 		if (netreq->upstream->udp_timeouts % 100 == 0)
-			DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
-			             STUB_DEBUG_DAEMON, netreq->upstream->addr_str,
+			_getdns_upstream_log(netreq->upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+			    "%-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
+			             netreq->upstream->addr_str,
 			             (int)netreq->upstream->udp_responses, (int)netreq->upstream->udp_timeouts);
-#endif
 		stub_next_upstream(netreq);
 	} else {
 		netreq->upstream->responses_timeouts++;
@ -779,6 +777,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 		    &netreq->upstream->netreq_by_query_id, &netreq->node));

 		GLDNS_ID_SET(netreq->query, query_id);
+
 		if (netreq->opt) {
 			_getdns_network_req_clear_upstream_options(netreq);
 			/* no limits on the max udp payload size with tcp */
@ -836,8 +835,13 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)

 			return STUB_TCP_WOULDBLOCK;

-		} else if (written == -1)
+		} else if (written == -1) {
+			DEBUG_STUB("%s %-35s: MSG: %p error while writing to TCP socket:"
+				   " %s\n", STUB_DEBUG_WRITE, __FUNC__, (void*)netreq
+				   , strerror(errno));
+
 			return STUB_TCP_ERROR;
+		}

 		/* We were able to write everything!  Start reading. */
 		return (int) query_id;
@ -856,8 +860,13 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 		if (written == -1) {
 			if (_getdns_EWOULDBLOCK)
 				return STUB_TCP_WOULDBLOCK;
-			else
+			else {
+				DEBUG_STUB("%s %-35s: MSG: %p error while writing to TCP socket:"
+					   " %s\n", STUB_DEBUG_WRITE, __FUNC__, (void*)netreq
+					   , strerror(errno));
+
 				return STUB_TCP_ERROR;
+			}
 		}
 		tcp->written += written;
 		if (tcp->written < tcp->write_buf_len)
@ -899,12 +908,11 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd, err,
 	            X509_verify_cert_error_string(err));
 #endif
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	if (!preverify_ok && !upstream->tls_fallback_ok)
-			DEBUG_DAEMON("%s %-40s : Verify failed : Transport=TLS - *Failure* -  (%d) \"%s\"\n",
-		                  STUB_DEBUG_DAEMON, upstream->addr_str, err,
-			              X509_verify_cert_error_string(err));
-#endif
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		    "%-40s : Verify failed : Transport=TLS - *Failure* -  (%d) \"%s\"\n",
+		    upstream->addr_str, err,
+		    X509_verify_cert_error_string(err));

 	/* First deal with the hostname authentication done by OpenSSL. */
 #ifdef X509_V_ERR_HOSTNAME_MISMATCH
@ -936,11 +944,10 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 		if (upstream->tls_fallback_ok)
 			DEBUG_STUB("%s %-35s: FD:  %d, WARNING: Proceeding even though pinset validation failed!\n",
 			            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 		else
-			DEBUG_DAEMON("%s %-40s : Conn failed   : Transport=TLS - *Failure* - Pinset validation failure\n",
-		                  STUB_DEBUG_DAEMON, upstream->addr_str);
-#endif
+			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+			    "%-40s : Conn failed   : Transport=TLS - *Failure* - Pinset validation failure\n",
+			    upstream->addr_str);
 	} else {
 		/* If we _only_ had a pinset and it is good then force succesful
 		   authentication when the cert self-signed
@ -951,10 +958,9 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 			preverify_ok = 1;
 			DEBUG_STUB("%s %-35s: FD:  %d, Allowing self-signed (%d) cert since pins match\n",
 		           STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd, err);
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-			DEBUG_DAEMON("%s %-40s : Verify passed : Transport=TLS - Allowing self-signed cert since pins match\n",
-		                  STUB_DEBUG_DAEMON, upstream->addr_str);
-#endif
+			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG, 
+			    "%-40s : Verify passed : Transport=TLS - Allowing self-signed cert since pins match\n",
+			    upstream->addr_str);
 		}
 	}

@ -1269,6 +1275,7 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 		    &netreq->upstream->netreq_by_query_id, &netreq->node));

 		GLDNS_ID_SET(netreq->query, query_id);
+
 		/* TODO: Review if more EDNS0 handling can be centralised.*/
 		if (netreq->opt) {
 			_getdns_network_req_clear_upstream_options(netreq);
@ -1407,6 +1414,7 @@ stub_udp_read_cb(void *userarg)
 #else
 			close(netreq->fd);
 #endif
+			netreq->fd = -1;
 			stub_next_upstream(netreq);
 		}
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
@ -1416,7 +1424,7 @@ stub_udp_read_cb(void *userarg)
 	if (read < GLDNS_HEADER_SIZE)
 		return; /* Not DNS */
 	
-	if (GLDNS_ID_WIRE(netreq->response) != netreq->query_id)
+	if (GLDNS_ID_WIRE(netreq->response) != GLDNS_ID_WIRE(netreq->query))
 		return; /* Cache poisoning attempt ;) */

 	if (netreq->owner->edns_cookies && match_and_process_server_cookie(
@ -1429,8 +1437,8 @@ stub_udp_read_cb(void *userarg)
 	closesocket(netreq->fd);
 #else
 	close(netreq->fd);
-	netreq->fd = -1;
 #endif
+	netreq->fd = -1;
 	while (GLDNS_TC_WIRE(netreq->response)) {
 		DEBUG_STUB("%s %-35s: MSG: %p TC bit set in response \n", STUB_DEBUG_READ, 
 		             __FUNC__, (void*)netreq);
@ -1464,13 +1472,12 @@ stub_udp_read_cb(void *userarg)
 	netreq->debug_end_time = _getdns_get_time_as_uintt64();
 	_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 	upstream->udp_responses++;
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	if (upstream->udp_responses == 1 || 
 	    upstream->udp_responses % 100 == 0)
-		DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
-		             STUB_DEBUG_DAEMON, upstream->addr_str,
-		             (int)upstream->udp_responses, (int)upstream->udp_timeouts);
-#endif
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		    "%-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
+		    upstream->addr_str,
+		    (int)upstream->udp_responses, (int)upstream->udp_timeouts);
 	_getdns_check_dns_req_complete(dnsreq);
 }

@ -1480,6 +1487,7 @@ stub_udp_write_cb(void *userarg)
 	getdns_network_req *netreq = (getdns_network_req *)userarg;
 	getdns_dns_req     *dnsreq = netreq->owner;
 	size_t             pkt_len;
+	ssize_t            written;
 	DEBUG_STUB("%s %-35s: MSG: %p \n", STUB_DEBUG_WRITE, 
 	             __FUNC__, (void *)netreq);

@ -1487,8 +1495,7 @@ stub_udp_write_cb(void *userarg)

 	netreq->debug_start_time = _getdns_get_time_as_uintt64();
 	netreq->debug_udp = 1;
-	netreq->query_id = arc4random();
-	GLDNS_ID_SET(netreq->query, netreq->query_id);
+	GLDNS_ID_SET(netreq->query, (uint16_t)arc4random());
 	if (netreq->opt) {
 		_getdns_network_req_clear_upstream_options(netreq);
 		if (netreq->edns_maximum_udp_payload_size == -1)
@ -1504,15 +1511,35 @@ stub_udp_write_cb(void *userarg)
 				return; /* too many upstream options */
 	}
 	pkt_len = _getdns_network_req_add_tsig(netreq);
-	if ((ssize_t)pkt_len != sendto(
+	if ((ssize_t)pkt_len != (written = sendto(
 	    netreq->fd, (const void *)netreq->query, pkt_len, 0,
 	    (struct sockaddr *)&netreq->upstream->addr,
-	                        netreq->upstream->addr_len)) {
-#ifdef USE_WINSOCK
-		closesocket(netreq->fd);
-#else
-		close(netreq->fd);
+	                        netreq->upstream->addr_len))) {
+
+#if defined(STUB_DEBUG) && STUB_DEBUG
+		if (written == -1)
+			DEBUG_STUB( "%s %-35s: MSG: %p error: %s\n"
+				  , STUB_DEBUG_WRITE, __FUNC__, (void *)netreq
+				  , strerror(errno));
+		else
+			DEBUG_STUB( "%s %-35s: MSG: %p returned: %d, expeced: %d\n"
+				  , STUB_DEBUG_WRITE, __FUNC__, (void *)netreq
+				  , (int)written, (int)pkt_len);
 #endif
+		stub_cleanup(netreq);
+		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
+		/* Handle upstream*/
+		if (netreq->fd >= 0) {
+#ifdef USE_WINSOCK
+			closesocket(netreq->fd);
+#else
+			close(netreq->fd);
+#endif
+			netreq->fd = -1;
+			stub_next_upstream(netreq);
+		}
+		netreq->debug_end_time = _getdns_get_time_as_uintt64();
+		_getdns_check_dns_req_complete(netreq->owner);
 		return;
 	}
 	GETDNS_SCHEDULE_EVENT(dnsreq->loop, netreq->fd,
@ -1689,6 +1716,7 @@ upstream_write_cb(void *userarg)
 		 */
 	case STUB_TCP_WOULDBLOCK:
 		return;
+	case STUB_OUT_OF_OPTIONS:
 	case STUB_TCP_ERROR:
 		/* New problem with the TCP connection itself. Need to fallback.*/
 		/* Fall through */
@ -1696,20 +1724,21 @@ upstream_write_cb(void *userarg)
 		/* Could not complete the set up. Need to fallback.*/
 		DEBUG_STUB("%s %-35s: Upstream: %p ERROR = %d\n", STUB_DEBUG_WRITE,
 		             __FUNC__, (void*)userarg, q);
+		(void) _getdns_rbtree_delete(&upstream->netreq_by_query_id,
+		    (void *)(intptr_t)GLDNS_ID_WIRE(netreq->query));
 		upstream_failed(upstream, (q == STUB_TCP_ERROR ? 0:1));
 		/* Fall through */
 	case STUB_CONN_GONE:
 	case STUB_NO_AUTH:
 		/* Cleaning up after connection or auth check failure. Need to fallback. */
 		stub_cleanup(netreq);
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-		DEBUG_DAEMON("%s %-40s : Conn closed   : Transport=%s - *Failure*\n",
-		             STUB_DEBUG_DAEMON, upstream->addr_str,
-		             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"));
-#endif
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		    "%-40s : Conn closed   : Transport=%s - *Failure*\n",
+		    upstream->addr_str,
+		    (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"));
 		if (fallback_on_write(netreq) == STUB_TCP_ERROR) {
 			/* TODO: Need new state to report transport unavailable*/
-			_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
+			_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 			_getdns_check_dns_req_complete(netreq->owner);
 		}
 		return;
@ -1726,7 +1755,7 @@ upstream_write_cb(void *userarg)
 		/* Need this because auth status is reset on connection close */
 		netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
 		upstream->queries_sent++;
-		netreq->query_id = (uint16_t) q;
+
 		/* Unqueue the netreq from the write_queue */
 		if (!(upstream->write_queue = netreq->write_queue_tail)) {
 			upstream->write_queue_last = NULL;
@ -1858,10 +1887,9 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		if (upstreams->upstreams[i].conn_state == GETDNS_CONN_BACKOFF &&
 		    upstreams->upstreams[i].conn_retry_time < now) {
 			upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-			DEBUG_DAEMON("%s %-40s : Re-instating upstream\n",
-		            STUB_DEBUG_DAEMON, upstreams->upstreams[i].addr_str);
-#endif
+			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+			    "%-40s : Re-instating upstream\n",
+		            upstreams->upstreams[i].addr_str);
 		}
 	}

@ -1933,7 +1961,7 @@ upstream_select(getdns_network_req *netreq)
 			return &upstreams->upstreams[i];
 		}
 		i+=GETDNS_UPSTREAM_TRANSPORTS;
-		if (i > upstreams->count)
+		if (i >= upstreams->count)
 			i = 0;
 	} while (i != upstreams->current_udp);

@ -1992,11 +2020,10 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 			upstream->tls_hs_state = GETDNS_HS_WRITE;
 		}
 		upstream->conn_state = GETDNS_CONN_SETUP;
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s %-40s : Conn init     : Transport=%s - Profile=%s\n", STUB_DEBUG_DAEMON, 
-	             upstream->addr_str, transport == GETDNS_TRANSPORT_TLS ? "TLS":"TCP",
-	             dnsreq->context->tls_auth_min == GETDNS_AUTHENTICATION_NONE ? "Opportunistic":"Strict");
-#endif
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		    "%-40s : Conn init     : Transport=%s - Profile=%s\n", 
+		    upstream->addr_str, transport == GETDNS_TRANSPORT_TLS ? "TLS":"TCP",
+		dnsreq->context->tls_auth_min == GETDNS_AUTHENTICATION_NONE ? "Opportunistic":"Strict");
 		break;
 	default:
 		return -1;
@ -2056,14 +2083,14 @@ upstream_find_for_netreq(getdns_network_req *netreq)
 		netreq->transport_current = i;
 		netreq->upstream = upstream;
 		netreq->keepalive_sent = 0;
+
+		DEBUG_STUB("%s %-35s: MSG: %p found upstream %p with transport %d, fd: %d\n", STUB_DEBUG_SCHEDULE, __FUNC__, (void*)netreq, (void *)upstream, (int)netreq->transports[i], fd);
 		return fd;
 	}
 	/* Handle better, will give generic error*/
 	DEBUG_STUB("%s %-35s: MSG: %p No valid upstream! \n", STUB_DEBUG_SCHEDULE, __FUNC__, (void*)netreq);
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s *FAILURE* no valid transports or upstreams available!\n",
-	              STUB_DEBUG_DAEMON);
-#endif
+	_getdns_context_log(netreq->owner->context, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	    "*FAILURE* no valid transports or upstreams available!\n");
 	return -1;
 }

--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@ -148,13 +148,28 @@ nolibcheck:
 	@echo "***"
 	@false

-test:	$(NOLIBCHECK) all
-	(cd $(srcdir)/../.. && find . -type f -executable -and \( -name "*.[ch]" -or -name "*.html" -or -name "*.in" -or -name "*.good" -or -name "*.ac" \) | awk 'BEGIN{e=0}{print("ERROR! Executable bit found on", $$0);e=1}END{exit(e)}')
+test_noeventloop: $(NOLIBCHECK) all
+	rm -f $(CHECK_GETDNS).failed
+	GETDNS_TEST_PORT=43210 CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_GETDNS).log" ./$(CHECK_GETDNS) || echo "$(CHECK_GETDNS) failed" >> $(CHECK_GETDNS).failed
+
+test_libevent: $(NOLIBCHECK) all
+	rm -f $(CHECK_EVENT_PROG).failed
+	if test $(have_libevent) = 1 ; then GETDNS_TEST_PORT=44321 CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_EVENT_PROG).log" ./$(CHECK_EVENT_PROG) || echo "$(CHECK_EVENT_PROG) failed" >> $(CHECK_EVENT_PROG).failed; fi
+
+test_libev: $(NOLIBCHECK) all
+	rm -f $(CHECK_EV_PROG).failed
+	if test $(have_libev) = 1 ; then GETDNS_TEST_PORT=45432 CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_EV_PROG).log" ./$(CHECK_EV_PROG) || echo "$(CHECK_EV_PROG) failed" >> $(CHECK_EV_PROG).failed; fi
+
+test_libuv: $(NOLIBCHECK) all
+	rm -f $(CHECK_UV_PROG).failed
+	if test $(have_libev) = 1 ; then GETDNS_TEST_PORT=46543 CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_UV_PROG).log" ./$(CHECK_UV_PROG) || echo "$(CHECK_UV_PROG) failed" >> $(CHECK_UV_PROG).failed; fi
+
+test: test_noeventloop test_libevent test_libev test_libuv
 	rm -f fails
-	CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_GETDNS).log" ./$(CHECK_GETDNS) || echo "$(CHECK_GETDNS) failed" >> fails
-	if test $(have_libevent) = 1 ; then CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_EVENT_PROG).log" ./$(CHECK_EVENT_PROG) || echo "$(CHECK_EVENT_PROG) failed" >> fails; fi
-	if test $(have_libev) = 1 ; then CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_EV_PROG).log" ./$(CHECK_EV_PROG) || echo "$(CHECK_EV_PROG) failed" >> fails; fi
-	if test $(have_libuv) = 1 ; then CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_UV_PROG).log" ./$(CHECK_UV_PROG) || echo "$(CHECK_UV_PROG) failed" >> fails; fi
+	if test -f $(CHECK_GETDNS).failed     ; then cat $(CHECK_GETDNS).failed     >> fails ; fi
+	if test -f $(CHECK_EVENT_PROG).failed ; then cat $(CHECK_EVENT_PROG).failed >> fails ; fi
+	if test -f $(CHECK_EV_PROG).failed    ; then cat $(CHECK_EV_PROG).failed    >> fails ; fi
+	if test -f $(CHECK_UV_PROG).failed    ; then cat $(CHECK_UV_PROG).failed    >> fails ; fi
 	test ! -e fails
 	@echo "All tests OK"

--- a/src/test/check_getdns_context_create.h
+++ b/src/test/check_getdns_context_create.h
@ -55,9 +55,13 @@
       *          GETDNS_RETURN_GOOD
       */
       struct getdns_context *context = NULL;
+       getdns_append_name_t append_name;

       CONTEXT_CREATE(TRUE);
       //  TODO:  Do something here to verify set_from_os = TRUE 
+       getdns_context_set_append_name(context, GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST);
+       getdns_context_get_append_name(context, &append_name);
+       ck_assert_msg(append_name == GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST, "suffix is not correct");
       CONTEXT_DESTROY;
     }
     END_TEST
--- a/src/test/check_getdns_context_set_context_update_callback.h
+++ b/src/test/check_getdns_context_set_context_update_callback.h
@ -111,6 +111,8 @@
      */ 
      struct getdns_context *context = NULL;
      getdns_namespace_t namespace_arr[2] = {GETDNS_NAMESPACE_DNS, GETDNS_NAMESPACE_LOCALNAMES};
+      size_t count;
+      getdns_namespace_t *namespaces;
      CONTEXT_CREATE(TRUE);

      ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -118,8 +120,12 @@

      expected_changed_item = GETDNS_CONTEXT_CODE_NAMESPACES;

-      ASSERT_RC(getdns_context_set_namespaces(context, 2,namespace_arr),
+      ASSERT_RC(getdns_context_set_namespaces(context, 2, namespace_arr),
        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_namespaces()");
+      ASSERT_RC(getdns_context_get_namespaces(context, &count, &namespaces),
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_get_namespaces()");
+      ck_assert_msg(count == 2 && namespaces[0] == 500 && namespaces[1] == 501, "namespaces are not correctly set");
+

      CONTEXT_DESTROY;
       
@ -207,6 +213,7 @@
      *  expect:  GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS
      */ 
      struct getdns_context *context = NULL;
+      getdns_redirects_t redir;
      CONTEXT_CREATE(TRUE);

      ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -215,6 +222,8 @@
      expected_changed_item = GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS;

      (void) getdns_context_set_follow_redirects(context, GETDNS_REDIRECTS_DO_NOT_FOLLOW);
+      (void) getdns_context_get_follow_redirects(context, &redir);
+      ck_assert_msg(redir == GETDNS_REDIRECTS_DO_NOT_FOLLOW, "getdns_context_get_follow_redirects failed");

      CONTEXT_DESTROY;
       
@ -301,6 +310,8 @@
      *  expect:  GETDNS_CONTEXT_CODE_EDNS_EXTENDED_RCODE
      */ 
      struct getdns_context *context = NULL;
+      uint8_t extended_rcode;
+
      CONTEXT_CREATE(TRUE);

      ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -310,6 +321,9 @@

      ASSERT_RC(getdns_context_set_edns_extended_rcode(context, 1),
        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_extended_rcode()");
+      ASSERT_RC(getdns_context_get_edns_extended_rcode(context, &extended_rcode),
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_extended_rcode()");
+      ck_assert_msg(extended_rcode == 1, "extended_rcode should be 1, got %d", (int)extended_rcode);

      CONTEXT_DESTROY;
       
@ -325,6 +339,8 @@
      *  expect:  GETDNS_CONTEXT_CODE_EDNS_VERSION
      */ 
      struct getdns_context *context = NULL;
+      uint8_t version;
+
      CONTEXT_CREATE(TRUE);

      ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -334,6 +350,9 @@

      ASSERT_RC(getdns_context_set_edns_version(context, 1),
        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_version()");
+      ASSERT_RC(getdns_context_get_edns_version(context, &version),
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_version()");
+      ck_assert_msg(version == 1, "version should be 1, got %d", (int)version);

      CONTEXT_DESTROY;
       
@ -373,6 +392,8 @@
      *  expect:  GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE
      */ 
      struct getdns_context *context = NULL;
+      uint8_t client_subnet_private;
+
      CONTEXT_CREATE(TRUE);

      ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -382,6 +403,9 @@

      ASSERT_RC(getdns_context_set_edns_client_subnet_private(context, 1),
        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_client_subnet_private()");
+      ASSERT_RC(getdns_context_get_edns_client_subnet_private(context, &client_subnet_private),
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_client_subnet_private()");
+      ck_assert_msg(client_subnet_private == 1, "client_subnet_private should be 1, got %d", (int)client_subnet_private);

      CONTEXT_DESTROY;
       
@ -397,6 +421,8 @@
      *  expect:  GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE
      */ 
      struct getdns_context *context = NULL;
+      uint16_t pad;
+
      CONTEXT_CREATE(TRUE);

      ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -406,6 +432,9 @@

      ASSERT_RC(getdns_context_set_tls_query_padding_blocksize(context, 1400),
        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_query_padding_blocksize()");
+      ASSERT_RC(getdns_context_get_tls_query_padding_blocksize(context, &pad),
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_query_padding_blocksize()");
+      ck_assert_msg(pad == 1400, "padding_blocksize should be 1400 but got %d", (int) pad);

      CONTEXT_DESTROY;
       
@ -438,11 +467,12 @@
    START_TEST (getdns_context_set_context_update_callback_23)
    {
     /*
-      *  value is NULL
-      *  expect: GETDNS_RETURN_INVALID_PARAMETER
+      *  expect: GETDNS_RETURN_GOOD
      */

      struct getdns_context *context = NULL;
+      uint8_t round_robin;
+
      CONTEXT_CREATE(TRUE);

      ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -451,7 +481,10 @@
      expected_changed_item = GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS;

      ASSERT_RC(getdns_context_set_round_robin_upstreams(context, 1),
-        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_round_robin_upstream()");
+      ASSERT_RC(getdns_context_get_round_robin_upstreams(context, &round_robin),
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_get_round_robin_upstream()");
+      ck_assert_msg( round_robin == 1, "round_robin should be 1, got %d", (int)round_robin);

      CONTEXT_DESTROY;

--- a/src/test/check_getdns_context_set_dns_transport.h
+++ b/src/test/check_getdns_context_set_dns_transport.h
@ -39,7 +39,7 @@
    {
     /*
      *  context is NULL
-      *  expect:  GETDNS_RETURN_BAD_CONTEXT
+      *  expect:  GETDNS_RETURN_INVALID_PARAMETER
      */

      struct getdns_context *context = NULL;
@ -47,7 +47,12 @@

      ASSERT_RC(getdns_context_set_dns_transport(context, value),
        GETDNS_RETURN_INVALID_PARAMETER, "Return code from getdns_context_set_dns_transport()");
-        
+
+      ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512),
+       GETDNS_RETURN_INVALID_PARAMETER, "Return code from getdns_context_set_edns_maximum_udp_payload_size()");
+
+      ASSERT_RC(getdns_context_unset_edns_maximum_udp_payload_size(context),
+        GETDNS_RETURN_INVALID_PARAMETER, "Return code from getdns_context_unset_edns_maximum_udp_payload_size()");
    }
    END_TEST

@ -55,6 +60,7 @@
    {
     /*
      *  value is an undefined transport value
+      *  do_bit is not correct
      *  expect: GETDNS_RETURN_CONTEXT_UPDATE_FAIL
      */

@ -66,6 +72,9 @@
      ASSERT_RC(getdns_context_set_dns_transport(context, 233),
        GETDNS_RETURN_CONTEXT_UPDATE_FAIL, "Return code from getdns_context_set_dns_transport()");

+      ASSERT_RC(getdns_context_set_edns_do_bit(context, 5),
+        GETDNS_RETURN_CONTEXT_UPDATE_FAIL, "Return code from getdns_context_set_edns_do_bit()");
+
      CONTEXT_DESTROY;
        
    }
@ -132,6 +141,9 @@
       uint32_t tc;
       uint32_t transport;
       uint32_t type;
+       uint16_t payload_size;
+       uint8_t do_bit;
+       getdns_transport_t trans;

       /* Note that stricly this test just establishes that the requested transport
          and the reported transport are consistent, it does not guarentee which
@ -147,10 +159,22 @@
       /* Request a response that should be truncated over UDP */
       ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_UDP_ONLY),
         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
+       ASSERT_RC(getdns_context_get_dns_transport(context, &trans),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_transport()");
+       ck_assert_msg(trans == 541, "dns_transport should be 541(GETDNS_TRANSPORT_UDP_ONLY) but got %d", (int)trans);
+
+
       ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512),
-           GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_maximum_udp_payload_size()"); 
+           GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_maximum_udp_payload_size()");
+       ASSERT_RC(getdns_context_get_edns_maximum_udp_payload_size(context, &payload_size),
+           GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_maximum_udp_payload_size()");
+       ck_assert_msg(payload_size == 512, "payload_size should be 512, got %d", (int)payload_size);
+
       ASSERT_RC(getdns_context_set_edns_do_bit(context, 1),
           GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_do_bit()");
+       ASSERT_RC(getdns_context_get_edns_do_bit(context, &do_bit),
+           GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_do_bit()");
+       ck_assert_msg(do_bit == 1, "do_bit should be 1, got %d", (int)do_bit);

       ASSERT_RC(getdns_general_sync(context, "large.getdnsapi.net", GETDNS_RRTYPE_TXT, extensions, &response), 
         GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
@ -192,6 +216,9 @@
         GETDNS_RETURN_GOOD, "Failed to extract \"tc\"");
       ASSERT_RC(tc, 0, "Packet trucated - not as expected");

+       ASSERT_RC(getdns_context_unset_edns_maximum_udp_payload_size(context),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_unset_edns_maximum_udp_payload_size()");
+
      CONTEXT_DESTROY;

     }
@ -261,7 +288,9 @@
        * suspect them to be a bit more reliable.
        */
       struct getdns_list *root_servers = getdns_list_create();
+       struct getdns_list *root_servers2 = getdns_list_create();
       struct getdns_bindata nlnetlabs_root = { 4, (void *)"\xB9\x31\x8D\x25" };
+       struct getdns_bindata *answer = NULL;

       uint32_t status;
       uint32_t type;
@ -277,10 +306,17 @@
           /* Re-do over TCP */
           ASSERT_RC(getdns_dict_set_int(extensions,"return_call_reporting", GETDNS_EXTENSION_TRUE),
             GETDNS_RETURN_GOOD, "Return code from getdns_dict_set_int()");
-           ASSERT_RC(getdns_list_set_bindata(root_servers,0,&nlnetlabs_root),
+           ASSERT_RC(getdns_list_set_bindata(root_servers, 0, &nlnetlabs_root),
             GETDNS_RETURN_GOOD, "Return code from getdns_list_set_bindata()");
+
           ASSERT_RC(getdns_context_set_dns_root_servers(context, root_servers),
             GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_root_servers()");
+           ASSERT_RC(getdns_context_get_dns_root_servers(context, &root_servers2),
+             GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_root_servers()");
+           ASSERT_RC(getdns_list_get_bindata(root_servers2, 0, &answer),
+             GETDNS_RETURN_GOOD, "Return code from getdns_list_get_bindata()");
+           ck_assert_msg(strncmp((char *)answer->data, (char *)nlnetlabs_root.data, 4) == 0,
+             "Expected answer data to be 185.49.141.37");
           ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_TCP_ONLY),
             GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
           ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512),
@ -348,6 +384,60 @@
     }
     END_TEST

+     START_TEST (getdns_context_set_dns_transport_recursing_9)
+     {
+       /*
+        * Check TLS
+       */
+       struct getdns_context *context = NULL;
+       getdns_resolution_t resolution_type;
+       getdns_transport_list_t transport_list[1];
+       getdns_transport_list_t *transport_list2;
+       size_t count;
+       getdns_tls_authentication_t auth;
+       uint16_t backoff;
+       uint16_t retries;
+
+       transport_list[0] = GETDNS_TRANSPORT_TLS;
+
+       CONTEXT_CREATE(TRUE);
+
+       ASSERT_RC(getdns_context_set_resolution_type(context, GETDNS_RESOLUTION_STUB),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_resolution_type()");
+       ASSERT_RC(getdns_context_get_resolution_type(context, &resolution_type),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_resolution_type()");
+       ck_assert_msg(resolution_type == GETDNS_RESOLUTION_STUB, "resolution_type should be stub (520), got %d", (int)resolution_type);
+
+       ASSERT_RC(getdns_context_set_dns_transport_list(context, 1, transport_list),
+	 GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport_list()");
+       ASSERT_RC(getdns_context_get_dns_transport_list(context, &count, &transport_list2),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_transport_list()");
+       ck_assert_msg(transport_list2[0] == GETDNS_TRANSPORT_TLS, "transport_list should be 1202 but got %d", (int) transport_list2[0]);
+
+       ASSERT_RC(getdns_context_set_tls_authentication(context, GETDNS_AUTHENTICATION_REQUIRED),
+	 GETDNS_RETURN_GOOD, "Return cond from getdns_context_set_tls_authentication()");
+       ASSERT_RC(getdns_context_get_tls_authentication(context, &auth),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_authentication()");
+       ck_assert_msg(auth == 1301, "tls_authentication should be 1301, but got %d", (int) auth);
+
+       ASSERT_RC(getdns_context_set_tls_backoff_time(context, 1000),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_backoff_time()");
+       ASSERT_RC(getdns_context_get_tls_backoff_time(context, &backoff),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_backoff_time()");
+       ck_assert_msg(backoff == 1000, "backoff should be 1000, but got %d", (int) backoff);
+
+       ASSERT_RC(getdns_context_set_tls_connection_retries(context, 5),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_connection_retries()");
+       ASSERT_RC(getdns_context_get_tls_connection_retries(context, &retries),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_connection_retries()");
+       ck_assert_msg(retries == 5, "retries should be 5 but got %d", (int) retries);
+
+      /*TODO: should extend the test */
+      CONTEXT_DESTROY;
+
+     }
+     END_TEST
+



@ -372,7 +462,8 @@
       tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_6);     
       tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_7);
       tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_8);
-       /* TODO: TLS... */
+       /*  TLS */
+       tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_9);

       suite_add_tcase(s, tc_pos);

--- a/src/test/check_getdns_context_set_timeout.c
+++ b/src/test/check_getdns_context_set_timeout.c
@ -94,15 +94,21 @@ END_TEST
 START_TEST (getdns_context_set_idle_timeout_2)
 {
 /*
-  *  timeout is 0
+  *  timeout is 0 and then 100
  *  expect: GETDNS_RETURN_GOOD
  */

  struct getdns_context *context = NULL;
+  uint64_t time;
  CONTEXT_CREATE(TRUE);

  ASSERT_RC(getdns_context_set_idle_timeout(context, 0),
    GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
+  ASSERT_RC(getdns_context_set_idle_timeout(context, 100),
+    GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
+  ASSERT_RC(getdns_context_get_idle_timeout(context, &time),
+    GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
+  ck_assert_msg(time == 100, "idle_timeout should be 100, got %d", (int)time);

  CONTEXT_DESTROY;

@ -114,6 +120,23 @@ END_TEST
 #define GETDNS_STR_ADDRESS_TYPE "address_type"
 #define GETDNS_STR_ADDRESS_DATA "address_data"
 #define GETDNS_STR_PORT "port"
+#define TEST_PORT 43210
+
+static uint16_t get_test_port(void)
+{
+	char    *test_port_str;
+	uint16_t test_port;
+	struct   timeval tv;
+
+	if (!(test_port_str = getenv("GETDNS_TEST_PORT")) ||
+	    !(test_port = (uint16_t)atoi(test_port_str)))
+		test_port = TEST_PORT;
+
+	(void)gettimeofday(&tv, NULL);
+	srandom((int)getpid() + (int)tv.tv_usec);
+	test_port += random() % 1000;
+	return test_port;
+}

 /* utilities to start a junk udp listener */
 typedef struct timeout_thread_data {
@ -281,7 +304,8 @@ START_TEST (getdns_context_set_timeout_3)
  t_data.running = 0;
  t_data.num_callbacks = 0;
  t_data.num_timeouts = 0;
-  t_data.port = 43210;
+  uint64_t timeout;
+  t_data.port = get_test_port();

  pthread_create(&thread, NULL, run_server, (void *)&t_data);

@ -301,7 +325,7 @@ START_TEST (getdns_context_set_timeout_3)
  bindata.data = (uint8_t*) &local_addr;
  ASSERT_RC(getdns_dict_set_bindata(server_dict, GETDNS_STR_ADDRESS_DATA, &bindata),
    GETDNS_RETURN_GOOD, "set addr bindata");
-  ASSERT_RC(getdns_dict_set_int(server_dict, GETDNS_STR_PORT, 43210),
+  ASSERT_RC(getdns_dict_set_int(server_dict, GETDNS_STR_PORT, t_data.port),
    GETDNS_RETURN_GOOD, "set addr port");

  upstream_list = getdns_list_create_with_context(context);
@ -324,6 +348,10 @@ START_TEST (getdns_context_set_timeout_3)

  RUN_EVENT_LOOP;

+  ASSERT_RC(getdns_context_get_timeout(context, &timeout),
+    GETDNS_RETURN_GOOD, "Return code from getdns_context_get_timeout()");
+  ck_assert_msg(timeout == 500, "timeout should be 500, got %d", (int)timeout);
+
  CONTEXT_DESTROY;

  t_data.running = 0;
--- a/src/test/check_getdns_pretty_print_dict.h
+++ b/src/test/check_getdns_pretty_print_dict.h
@ -88,6 +88,68 @@ static const char pretty_expected[] = "{\n"
 "  ]\n"
 "}";

+static const char pretty_expected2[] = "{\n"
+"  \"bindata\":\"bindata\",\n"
+"  \"dict\":\n"
+"  {\n"
+"    \"bindata\":\"bindata\",\n"
+"    \"dict\":\n"
+"    {\n"
+"      \"bindata\":\"bindata\",\n"
+"      \"dict\":\n"
+"      {\n"
+"        \"int\": 4\n"
+"      },\n"
+"      \"int\": 3,\n"
+"      \"list\":\n"
+"      [\n"
+"        5\n"
+"      ]\n"
+"    },\n"
+"    \"int\": 2,\n"
+"    \"list\":\n"
+"    [\n"
+"      6,\n"
+"      \"bindata\",\n"
+"      {\n"
+"        \"bindata\":\"bindata\"\n"
+"      },\n"
+"      [\n"
+"        \"bindata\"\n"
+"      ]\n"
+"    ]\n"
+"  },\n"
+"  \"int\": 1,\n"
+"  \"list\":\n"
+"  [\n"
+"    7,\n"
+"    \"bindata\",\n"
+"    {\n"
+"      \"bindata\":\"bindata\",\n"
+"      \"dict\":\n"
+"      {\n"
+"        \"int\": 9\n"
+"      },\n"
+"      \"int\": 8,\n"
+"      \"list\":\n"
+"      [\n"
+"        10\n"
+"      ]\n"
+"    },\n"
+"    [\n"
+"      11,\n"
+"      \"bindata\",\n"
+"      {\n"
+"        \"bindata\":\"bindata\"\n"
+"      },\n"
+"      [\n"
+"        \"bindata\"\n"
+"      ]\n"
+"    ]\n"
+"  ]\n"
+"}";
+
+
    /*
     **************************************************************************
     *                                                                        *
@ -267,6 +329,11 @@ static const char pretty_expected[] = "{\n"
      ck_assert_msg(strcmp(pretty_expected, pretty) == 0,
        "Expected:\n%s\ngot:\n%s\n", pretty_expected, pretty);

+      pretty = getdns_print_json_dict(dict1, 1);
+      ck_assert_msg(pretty != NULL, "NULL returned by getdns_print_json_dict()");
+      ck_assert_msg(strcmp(pretty_expected2, pretty) == 0,
+        "Expected:\n%s\ngot:\n%s\n", pretty_expected2, pretty);
+
     /*
      *  Destroy all of the sub-dicts and sub-lists
      */
--- a/src/test/check_getdns_transport.c
+++ b/src/test/check_getdns_transport.c
@ -35,6 +35,8 @@
 #include <netinet/in.h>
 #include <stdio.h>
 #include <sys/param.h>
+#include <stdlib.h>
+#include <sys/time.h>


 #define GETDNS_STR_IPV4 "IPv4"
@ -42,7 +44,23 @@
 #define GETDNS_STR_ADDRESS_TYPE "address_type"
 #define GETDNS_STR_ADDRESS_DATA "address_data"
 #define GETDNS_STR_PORT "port"
-#define TEST_PORT 43210
+#define TEST_PORT 42100
+
+static uint16_t get_test_port(void)
+{
+	char    *test_port_str;
+	uint16_t test_port;
+	struct   timeval tv;
+
+	if (!(test_port_str = getenv("GETDNS_TEST_PORT")) ||
+	    !(test_port = (uint16_t)atoi(test_port_str)))
+		test_port = TEST_PORT;
+
+	(void)gettimeofday(&tv, NULL);
+	srandom((int)getpid() + (int)tv.tv_usec);
+	test_port += random() % 1000;
+	return test_port;
+}

 /* utilities to start a junk listener */
 typedef struct transport_thread_data {
@ -219,7 +237,7 @@ START_TEST(getdns_transport_udp_sync) {
  t_data.running = 0;
  t_data.udp_count = 0;
  t_data.tcp_count = 0;
-  t_data.port = TEST_PORT;
+  t_data.port = get_test_port();

  pthread_create(&thread, NULL, run_transport_server, (void *) &t_data);

@ -293,7 +311,7 @@ START_TEST(getdns_transport_tcp_sync) {
  t_data.running = 0;
  t_data.udp_count = 0;
  t_data.tcp_count = 0;
-  t_data.port = TEST_PORT;
+  t_data.port = get_test_port();

  pthread_create(&thread, NULL, run_transport_server, (void *) &t_data);

@ -367,7 +385,7 @@ START_TEST(getdns_transport_udp_async) {
  t_data.running = 0;
  t_data.udp_count = 0;
  t_data.tcp_count = 0;
-  t_data.port = TEST_PORT;
+  t_data.port = get_test_port();

  pthread_create(&thread, NULL, run_transport_server, (void *) &t_data);

@ -445,7 +463,7 @@ START_TEST(getdns_transport_tcp_async) {
  t_data.running = 0;
  t_data.udp_count = 0;
  t_data.tcp_count = 0;
-  t_data.port = TEST_PORT;
+  t_data.port = get_test_port();

  pthread_create(&thread, NULL, run_transport_server, (void *) &t_data);

@ -511,7 +529,7 @@ getdns_transport_suite(void) {

  /* Note that the exact number of messages received depends on if a trust
   * anchor is configured so these tests just check that no messages are
-   * received on the wrong transport and at least one is recieved on the
+   * received on the wrong transport and at least one is received on the
   * expected transport */

  /* Positive test cases */
--- a/src/test/tests_transports.sh
+++ b/src/test/tests_transports.sh
@ -174,21 +174,21 @@ for (( i = 0; i < 2; i+=1 )); do

 	echo "*Success cases:"
 	for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
-	  check_good "`$DIR/getdns_query +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
+	  check_good "`$DIR/getdns_query -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
 	  echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
 	  (( COUNT++ ))
 	done
 	
 	echo "*Success fallback cases:"
 	for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
-	    check_good "`$DIR/getdns_query +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
+	    check_good "`$DIR/getdns_query -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
 	    echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]}  TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
 	    (( COUNT++ ))
 	done
 	
 	echo "*Transport not available cases:"
 	for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
-		check_bad "`$DIR/getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
+		check_bad "`$DIR/getdns_query -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
 		echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
 		(( COUNT++ ))
 	done
--- a/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
+++ b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
@ -5,6 +5,10 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 rm -f report.txt
+(
+ 	cd ${SRCROOT}
+	find . -type f -executable -and \( -name "*.[ch]" -or -name "*.html" -or -name "*.in" -or -name "*.good" -or -name "*.ac" \) | sed 's/^/*** ERROR! Executable bit found on /g'
+) >> report.txt
 (
 	cd ${SRCROOT}/src
 	if [ `grep '[^!=]=[ 	][ 	]*NET_REQ_' *.[ch] */*.[ch] | wc -l` -gt 1 ]
--- a/src/test/tpkg/080-iana-rr-types.tpkg/080-iana-rr-types.dsc
+++ b/src/test/tpkg/080-iana-rr-types.tpkg/080-iana-rr-types.dsc
@ -0,0 +1,15 @@
+BaseName: 080-iana-rr-types
+Version: 1.0
+Description: Fetch dns-parameters.xml from iana and check all RR types
+CreationDate: di  2 mei 2017 15:11:53 CEST
+Maintainer: Willem Toorop
+Category: 
+Component:
+Depends: 
+CmdDepends: wget, grep
+Pre: 
+Post:
+Test: 080-iana-rr-types.test
+AuxFiles: 
+Passed:
+Failure:
--- a/src/test/tpkg/080-iana-rr-types.tpkg/080-iana-rr-types.test
+++ b/src/test/tpkg/080-iana-rr-types.tpkg/080-iana-rr-types.test
@ -0,0 +1,51 @@
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+# svnserve resets the path, you may need to adjust it, like this:
+PATH=$PATH:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:.
+
+# first arg is the build dir
+TPKG_BUILD=$1
+PARAM_XML="dns-parameters.xml"
+PARAM_URL="http://www.iana.org/assignments/dns-parameters/$PARAM_XML"
+
+if [ -f $PARAM_XML ]
+then
+	mv $PARAM_XML ${PARAM_XML}.aandekant
+fi
+if which wget
+then
+	wget "$PARAM_URL"
+elif ! ( echo quit | ftp "$PARAM_URL" )
+then
+	echo "Don't have wget or ftp to get $PARAM_URL"
+	exit -1
+fi
+
+EXIT_STATUS=0
+
+for TYPE_VAL in `awk '/<type>[^<>]*<\/type>/{ a=$1; getline; b=$1; print a""b }' dns-parameters.xml | sed -e 's/<type>//g' -e 's/<\/type>//g' -e 's/<value>/:/g' -e 's/<\/value>//g'|egrep -v '^(Unassigned|Private|Reserved)'`
+do
+	TYPE=${TYPE_VAL%:*}
+	VALUE=${TYPE_VAL#*:}
+	case "x$TYPE" in
+	x\*)		TYPE="ANY"
+			;;
+	xNSAP-PTR)	TYPE="NSAP_PTR"
+			;;
+	esac
+	if ! grep -q "LDNS_RR_TYPE_${TYPE} = ${VALUE}" ${SRCROOT}/src/gldns/rrdef.h
+	then
+		echo "RR type ${TYPE} (value ${VALUE}) not in rrdef.h"
+		EXIT_STATUS=1
+	fi
+	if ! grep -q "GETDNS_RRTYPE_${TYPE}[ 	][ 	]*${VALUE}" ${SRCROOT}/src/getdns/getdns.h.in
+	then
+		echo "RR type ${TYPE} (value ${VALUE}) not in getdns.h.in"
+		EXIT_STATUS=1
+	fi
+done
+
+exit $EXIT_STATUS
+
--- a/src/test/tpkg/100-compile.tpkg/100-compile.test
+++ b/src/test/tpkg/100-compile.tpkg/100-compile.test
@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build"
-make XTRA_CFLAGS='-Werror'
+make XTRA_CFLAGS='-Werror' -j 4
--- a/src/test/tpkg/105-install.tpkg/105-install.test
+++ b/src/test/tpkg/105-install.tpkg/105-install.test
@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build"
-make install
+make -j 4 install
--- a/src/test/tpkg/110-link.tpkg/110-link.test
+++ b/src/test/tpkg/110-link.tpkg/110-link.test
@ -5,6 +5,6 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build"
-make getdns_query \
+make -j 4 getdns_query \
    &&  echo "export GETDNS_QUERY=\"${BUILDDIR}/build/src/tools/getdns_query\"" \
        >> ../.tpkg.var.master
--- a/src/test/tpkg/115-install-linked.tpkg/115-install-linked.test
+++ b/src/test/tpkg/115-install-linked.tpkg/115-install-linked.test
@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build"
-make install-getdns_query
+make -j 4 install-getdns_query
--- a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
+++ b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build-stub-only"
-make XTRA_CFLAGS='-Werror'
+make XTRA_CFLAGS='-Werror' -j 4
--- a/src/test/tpkg/210-stub-only-link.tpkg/210-stub-only-link.test
+++ b/src/test/tpkg/210-stub-only-link.tpkg/210-stub-only-link.test
@ -5,6 +5,6 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build-stub-only"
-make getdns_query \
+make -j 4 getdns_query \
    &&  echo "export GETDNS_STUB_QUERY=\"${BUILDDIR}/build-stub-only/src/tools/getdns_query\"" \
        >> ../.tpkg.var.master
--- a/src/test/tpkg/230-stub-only-run-unit-tests.tpkg/230-stub-only-run-unit-tests.test
+++ b/src/test/tpkg/230-stub-only-run-unit-tests.tpkg/230-stub-only-run-unit-tests.test
@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build-stub-only"
-make test
+make -j 4 test
--- a/src/test/tpkg/260-conversion-functions.tpkg/260-conversion-functions.c
+++ b/src/test/tpkg/260-conversion-functions.tpkg/260-conversion-functions.c
@ -27,6 +27,14 @@ void print_list(getdns_list *rr_list)
 	free(str);
 }

+void print_json_list(getdns_list *rr_list, int pretty)
+{
+        char *str = getdns_print_json_list(rr_list, pretty);
+        printf("%s\n", str);
+        free(str);
+}
+
+
 void print_wire(uint8_t *wire, size_t wire_len)
 {
 	size_t pos, i;
@ -70,6 +78,7 @@ int main(int argc, char const * const argv[])
 	FILE           *in;
 	uint8_t         wire_buf[8200];
 	size_t          i;
+	size_t          uavailable;
 	int             available;
 	char            str_buf[10000];
 	int             str_len = sizeof(str_buf);
@ -253,6 +262,7 @@ int main(int argc, char const * const argv[])
 	fclose(in);

 	print_list(rr_list);
+	print_json_list(rr_list, 1);


 	/* Fill the wire_buf with wireformat RR's in rr_list
@ -300,15 +310,20 @@ int main(int argc, char const * const argv[])
 	 * Then fill a string buffer with those rr_dicts.
 	 */
 	available = wire - wire_buf;
+	if (available < 0) {
+		fprintf(stderr, "Negative sized buffer!\n");
+		exit(EXIT_FAILURE);
+	}
+	uavailable = available;
 	wire = wire_buf;

 	str = str_buf;
 	str_len = sizeof(str_buf);

-	while (available > 0 && str_len > 0) {
+	while (uavailable > 0 && str_len > 0) {
 		rr_dict = NULL;
 		if ((r = getdns_wire2rr_dict_scan(
-		    (const uint8_t **)&wire, &available, &rr_dict)))
+		    (const uint8_t **)&wire, &uavailable, &rr_dict)))
 			FAIL_r("getdns_wire2rr_dict_scan");
 		
 		if ((r = getdns_rr_dict2str_scan(rr_dict, &str, &str_len)))
--- a/src/test/tpkg/260-conversion-functions.tpkg/260-conversion-functions.good
+++ b/src/test/tpkg/260-conversion-functions.tpkg/260-conversion-functions.good
--- a/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.Makefile
+++ b/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.Makefile
@ -0,0 +1,15 @@
+builddir = @BUILDDIR@
+testname = @TPKG_NAME@
+LIBTOOL  = $(builddir)/libtool
+
+CFLAGS=-I$(builddir)/src
+LDLIBS=$(builddir)/src/libgetdns.la
+
+.SUFFIXES: .c .o .a .lo .h
+
+.c.lo:
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
+
+$(testname): $(testname).lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDLIBS) $(LDFLAGS) -o $(testname) $(testname).lo
+
--- a/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.c
+++ b/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.c
@ -0,0 +1,127 @@
+#include <stdio.h>
+#include <ctype.h>
+#include <arpa/inet.h>
+#include <getdns/getdns.h>
+#include <getdns/getdns_extra.h>
+
+#define FAIL(...) do { \
+	fprintf(stderr, "ERROR in %s:%d, ", __FILE__, __LINE__); \
+	fprintf(stderr, __VA_ARGS__); \
+	fprintf(stderr, "\n"); \
+	exit(EXIT_FAILURE); \
+	} while (0)
+
+#define FAIL_r(function_name) FAIL( "%s returned %d: %s", function_name \
+                                  , (int)r, getdns_get_errorstr_by_id(r));
+
+void print_dict(getdns_dict *rr_dict)
+{
+	char *str = getdns_pretty_print_dict(rr_dict);
+	printf("%s\n", str);
+	free(str);
+}
+
+void print_list(getdns_list *rr_list)
+{
+	char *str = getdns_pretty_print_list(rr_list);
+	printf("%s\n", str);
+	free(str);
+}
+
+void print_wire(uint8_t *wire, size_t wire_len)
+{
+	size_t pos, i;
+
+	for (pos = 0; pos < wire_len; pos += 16) {
+		printf("%.4zx", pos);
+		for (i = 0; i < 16; i++) {
+			if (i % 8 == 0)
+				printf(" ");
+			if (pos + i < wire_len)
+				printf(" %.2x", (int)wire[pos + i]);
+			else
+				printf("   ");
+		}
+		printf(" ");
+		for (i = 0; i < 16; i++) {
+			if (i % 8 == 0)
+				printf(" ");
+			if (pos + i < wire_len && isprint(wire[pos + i]))
+				printf("%c", wire[pos + i]);
+			else
+				printf(".");
+		}
+		printf("\n");
+	}
+}
+
+
+int main(int argc, char const * const argv[])
+{
+	getdns_return_t r;
+	getdns_list    *rr_list;
+	FILE           *in;
+	uint8_t        wirebuf[16384];
+	uint8_t        *bufptr = wirebuf;
+	int            bufsz = sizeof(wirebuf);
+	int            msgsz;
+	size_t         rr_list_len;
+	getdns_dict    *rr_dict;
+	size_t         i;
+	getdns_dict    *msg_dict;
+	char           *msg_str;
+
+	if (!(in = fopen(argv[1], "r")))
+		FAIL("Could not fopen %s\n", argv[1]);
+
+	if ((r = getdns_fp2rr_list(in, &rr_list, NULL, 0)))
+		FAIL_r("getdns_fp2rr_list");
+
+	fclose(in);
+
+	print_list(rr_list);
+
+	if ((r = getdns_list_get_length(rr_list, &rr_list_len)))
+		FAIL_r("getdns_list_get_length");
+
+	*bufptr++ = 0; *bufptr++ = 0;
+	*bufptr++ = 0; *bufptr++ = 0;
+	*bufptr++ = 0; *bufptr++ = 0;
+	*(uint16_t *)bufptr = htons((uint16_t)rr_list_len); bufptr += 2;
+	*bufptr++ = 0; *bufptr++ = 0;
+	*bufptr++ = 0; *bufptr++ = 0;
+	bufsz -= 12;
+
+	for (i = 0; i < rr_list_len; i++) {
+		if ((r = getdns_list_get_dict(rr_list, i, &rr_dict)))
+			FAIL_r("getdns_list_get_dict");
+
+		if ((r = getdns_dict_remove_name(rr_dict, "/rdata/rdata_raw")))
+			FAIL_r("getdns_dict_remove_name");
+
+		if ((r = getdns_rr_dict2wire_scan(rr_dict, &bufptr, &bufsz))) {
+			char *rr_dict_str = getdns_pretty_print_dict(rr_dict);
+			fprintf(stderr, "getdns_rr_dict2wire_scan failed: %s"
+					" with rr_dict %s\n"
+			              , getdns_get_errorstr_by_id(r)
+				      , rr_dict_str );
+			free(rr_dict_str);
+		}
+
+		/* printf("bufptr: %p, bufsz: %d\n", bufptr, bufsz); */
+	}
+	msgsz = sizeof(wirebuf) - bufsz;
+
+	if ((r = getdns_wire2msg_dict(wirebuf, msgsz, &msg_dict)))
+		FAIL_r("getdns_wire2msg_dict");
+
+	if ((r = getdns_msg_dict2str(msg_dict, &msg_str)))
+		FAIL_r("getdns_msg_dict2str");
+
+	printf("%s\n", msg_str);
+
+	free(msg_str);
+	getdns_dict_destroy(msg_dict);
+	getdns_list_destroy(rr_list);
+	exit(EXIT_SUCCESS);
+}
--- a/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.dsc
+++ b/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.dsc
@ -0,0 +1,16 @@
+BaseName: 265-supported-rrs
+Version: 1.0
+Description: Test supported resource records
+CreationDate: do 20 apr 2017 11:31:29 CEST
+Maintainer: Hoda Rohani
+Category: 
+Component:
+CmdDepends: 
+Depends: 200-stub-only-compile.tpkg
+Help:
+Pre: 265-supported-rrs.pre
+Post: 
+Test: 265-supported-rrs.test
+AuxFiles: 
+Passed:
+Failure:
--- a/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.good
+++ b/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.good
--- a/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.net-dns.org
+++ b/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.net-dns.org
@ -0,0 +1,108 @@
+; Note that the contents of RRsets are only intended to test the RRType itself and 
+; are not necessarily valid.
+
+$ORIGIN .
+$TTL 30	        ; 30 seconds
+
+net-dns.org	IN		SOA		ns.nlnetlabs.nl. sysadmin.nlnetlabs.nl. (
+						2015081800 ; serial
+						450        ; refresh (7 minutes 30 seconds)
+						600        ; retry (10 minutes)
+						345600     ; expire (4 days)
+						300        ; minimum (5 minutes)
+						)
+				NS		ns.nlnetlabs.nl
+				A		185.49.140.22
+				AAAA		2a04:b900::2:0:0:22
+				MX		10 dicht.nlnetlabs.nl.
+				TXT		"Net::DNS  domain"
+$ORIGIN net-dns.org.
+a				A		10.0.1.128
+;aa				A		010.010.010.11 leading zeros not allowed?
+www				A		185.49.140.22
+aaaa				AAAA		2a04:b900::2:0:0:23
+;a6				A6		0 2345:00C0::    ;obsolete
+afsdb				AFSDB		12 getdnsapi.net-dns.org.
+apl				APL		1:192.168.42.0/26 1:192.168.42.64/26 !1:192.168.42.128/25  1:224.0.0.0/4  2:FF00:0:0:0:0:0:0:0/8
+atm-host			ATMA		47.0079.00010200000000000000.00a03e000002.00
+caa                     	CAA		0 issue "ca.net-dns.org"
+cdnskey				CDNSKEY		256 3 RSASHA1 AQOraLfzarHAlFskVGwAGnX0LRjlcOiO6y5WM4Kz+QvZ9vX28h4lOvnfd5tkxnZm7ERLTAJoFq+1w/wl7VXs2Isz75BSZ7LQh3OT2xXnS6VT5ZxXko/UCOdoGiKZZ63jHZ0jNSTCYy8+5rfvwRD8s3gGuErp5KcHg3V8VLUKSDNNEQ== ; {id = 42860, size = 1024b}
+cds				CDS		13026 DSA 1 0259f20021
+cert				CERT		PKIX 65535 RSAMD5 AQOppkQvFlPFLiWZc0NXX5/QY44jphv3vfX0dscHNmThNtfx0TUgfBb1YQKJX6MNrzu/vvtV3xpLcCJ+tIP8ADDiMaUYT5Gh6kmn22V7FgHPlCHRJ+AcudQbeYgw1KCYS9D46oEvBR8mQ4HFTEkdWg+PETATQk77P1CmmURdogcmzZqZIer+VAs6uusIdxrmWeP8j2aYRvozdjvgzmHXSabDDxrnuIbnL4r4qAoc6Q9DAybYA7Ya52gtH06dFOkaQr1dvHu1iJES16H0SL/OlhsOVrZmM1RFcwDGXcnxiKZ4TdtFeXQ/6VN3JegLR5t2FyKzoKYb4klpdZM8JVuVtc/n
+cname				CNAME		a
+csync				CSYNC		66 3 A NS AAAA
+dhcid				DHCID		( AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA= )
+dlv				DLV		13026 DSA 1 0259f20021a0f2ff8bbbd8ab6174ac2412fdf363
+dname				DNAME		net-dns.net.
+dnskey				DNSKEY		256 3 RSASHA1 AQOraLfzarHAlFskVGwAGnX0LRjlcOiO6y5WM4Kz+QvZ9vX28h4lOvnfd5tkxnZm7ERLTAJoFq+1w/wl7VXs2Isz75BSZ7LQh3OT2xXnS6VT5ZxXko/UCOdoGiKZZ63jHZ0jNSTCYy8+5rfvwRD8s3gGuErp5KcHg3V8VLUKSDNNEQ== ; {id = 42860, size = 1024b}
+ds				DS		13026 DSA 1 0259f20021a0f2ff8bbbd8ab6174ac2412fdf363
+eid				EID		E32C 6F78 164A 9348
+eui48				EUI48		00-00-5e-00-53-2a
+eui64				EUI64		00-00-5e-ef-10-00-00-2a
+;gid				GID		;IANA-Reserved
+gpos				GPOS		-32.6882 116.8652 10.0
+hinfo				HINFO		"CPU" "OS"
+hip				HIP		( 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D )
+ipseckey0			IPSECKEY	10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
+ipseckey1                       IPSECKEY        10 1 2 192.0.2.38 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
+ipseckey2                       IPSECKEY        10 2 2 2001:0DB8:0:8002::2000:1 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
+ipseckey3                       IPSECKEY        10 3 2 mygateway.example.com. AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
+ipseckey                        IPSECKEY        10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
+                                IPSECKEY        10 1 2 192.0.2.38 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
+                                IPSECKEY        10 2 2 2001:0DB8:0:8002::2000:1 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
+                                IPSECKEY        10 3 2 mygateway.example.com. AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
+isdn				ISDN		150862028003217 004
+key				KEY		( 256 3 3 BOPdJjdc/ZQWCVA/ONz6LjvugMnB2KKL3F1D2i9GdrpircWRKS2DfRn5KiMM2HQXBHv0ZdkFs/tmjg7rYxrN+bzBNrlwfU5RMjioi67PthD07EHbZjwoZ5sKC2BZ/M596hygfx5JAvbIWBQVF+ztiuCnWCkbGvVXwsmE+odINCur+o+EjA9hF06LqTviUJKqTxisQO5OHM/0ufNenzIbijJPTXbUcF3vW+CMlX+AUPLSag7YnhWaEu7BLCKfg3vJVw9mtaN2W3oWPRdebGUf/QfyVKXoWD6zDLByCZh4wKvpcwgAsel4bO5LVe7s8qstSxqrwzmvaZ5XYOMZFbN7CXtutiswAkb0pkehIYime6IRkDwWDG+14H5yriRuCDK3m7GvwxMo+ggV0k3Po9LD5wWSIi1N ) ; key id = 22004
+kx				KX		10 services.
+loc				LOC		42 21 54.000 N 71 06 18.000 W -24m 30m 10000m 10m
+lp				LP		10 l64-subnet1
+l32				L32		10 10.1.2.0 ;10.1.02.0 example in rfc not working??!!
+l64				L64		10 2001:0DB8:1140:1000
+;maila				MAILA		;obsolete
+;mailb				MAILB		;obsolete
+mb				MB		services
+md				MD		services
+mf				MF		services
+mg				MG		services
+minfo				MINFO		getdnsapi.net-dns.org. info.getdnsapi.net-dns.org.
+mr				MR		services
+mx				MX		10 a
+naptr				NAPTR		100 100 "s" "http+I2R"  ""      _https._tcp
+nid				NID		10 0014:4fff:ff20:ef64
+nimloc				NIMLOC		3225 1B 03 0067
+;ninfo				NINFO		
+nsap				NSAP		0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00
+444433332222111199990123000000ff	NSAP-PTR	host ; instead of name of type number is shown
+nsec				NSEC		host.net-dns.org. ( A MX NSEC )
+nsec3				NSEC3		1 0 5 fd5eeade2ba67b64  92qfhk1g2m21l1j89pju33nrm9586bpu A NS SOA MX RRSIG DNSKEY NSEC3PARAM
+nsec3param			NSEC3PARAM	1 0 5 fd5eeade2ba67b64
+;null				NULL		656D7330312E796F75722D66726565646F6D2E64653B55533B36362E39302E37332E34363B303B313232363B64656661756C742C766F6C756D652C6E6F727468616D65726963612C696E7465726163746976652C766F69702C6F70656E76706E2C707074702C736F636B73353B
+;nxt				NXT		OPENPGPKEY NXT
+3fa2675708e4613939a03a3a8f3517118fe470e519d634a763d89037._openpgpkey	OPENPGPKEY	mQENBFTTiU4BCADdIc4NQ6vZqyDJtKVqXabvj66t3V+OTvoDrceeTjmwtUoFIU2p5xQPmeHQcT+YPLOJC7rKI/raNBe/sQ9+WKanWko9xVzki3l2YqHCuioUAdgbtZMrSnkSTnCyST/rAuxxQYMHo5Ck/0g4b9Z0jZnRIACd8oxX89CRH5zu1KP6X7Df7aGpnNlFBUWTdODTkrUapLXLdn3dHJmsMxwBL1xLJvhWRmIvk27L18ix50IDLw/JHiraCCClyDXfDXkahWAR2GTFxp9iZ0FS1G+f+EFsGhP72LAuiLsBgauDuekPf01xnbn3PgMi8NSNsrJJMFQKfCLx0iPy5KCKvWL2KW7nABEBAAG0H0hvZGEgUm9oYW5pIDxob2RhQG5sbmV0bGFicy5ubD6JATgEEwECACIFAlTTiU4CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBS2RC1wiYvnD88H/0kwmg5HcisUjwquaOSaybp8MQ46KNVZO+CI3csyhHlmOdYk3BDUDMWTzs0JvHAOIS5tyRBVaXdbxtth7sIbI1CwdHf2jwSs16rApJs4XC5kndF3Z6uk8QHyNanvTxLL+CSZX7I/GAx4dLgN/3v7kx/bKNtXRKy525KHbbl3AqPVRcynqJ/yLuiA47jEUfR5ZI3awrtdlVtmq/9Zv4tw3mRM/GVvOCPBfzWHe57BI4D+PeIgRmTpLCSwtQwfbGvf/wufaVXX+fCqUuGGpNda8F1BQPdoTMIS+rQVjOSFKNWOIRauNsDWQHYQTSafRuCk0p1FSzmsWjXQJCpXIzmwZP+5AQ0EVNOJTgEIALxEVGUggMZFzr732mGrUjmDK25eVwZ5KDaFnn3RvtvbW1Dg7VaeI+V0foLQGqzge1p/kvLQHMY1MJMZYWSK3MqL4hnavSklDnOQTUAeMZ6k2+1njE1kcYM2DeZGqPufRB6jeaa2SYvGLL4EUbaCzW5r0pv3rgewUzmMvzOf+SgsHQFfRPQZOtGGIVrLTn9G9uFIE80RSV316oYTvXgUVbTSGObpfxWY5i9UwMQgsNgzN1TpAj2ktjROY0c85DxoY/HBTEsAh+jHyNKH+z1Dng2luWY1P/w7wAZNEqPrqk3AUkGt9jDbACbcr3Cyu/6GKsxpJbjPIzal33sunwEZ4+EAEQEAAYkBHwQYAQIACQUCVNOJTgIbDAAKCRAUtkQtcImL5/6ZCACj2HPhLyCJNB7ozf39SuuAdI1PgUfNSx3adOZeMQ03itGnY+YKDiSOcWlUwYvbX4PMiXjHiL+bOlMNAN6Lxfsfqj6Lef7r6s5I+m0VW+/wcb0J1+V0ObGDux69kxPwsozu1Khbpamsj1S8AiGtdUA1Qc0/qXzkEjW7MQ5YwYr0vL4nAlOoxD4l/U8PrLIo1ftwShf1cTXu2TlFAzaUzyfSLqkqQLQtMZ/3yx5w4uvRXElbOVbRi9bebAzLrUx12JUTDNzWv3qDH0hJnQxSrpu9gy21VRwlyfWz4Nz3GhsmRn1pbmzaUclEL6Rk/zv4gy6Z/X0CK1eepZ/JAEwkRCvq
+128.1.0.10.in-addr.arpa.	PTR		a
+px				PX		2 map822. mapx400.
+;rkey				RKEY
+rp				RP		a.getdnsapi.net-dns.org. getdnsapi.net-dns.org.
+rrsig				RRSIG		SOA 8 1 3600 20170417161124 20170403085720 13156 net-dns.org. U2lxZcqlOQ6d8pbMAhEZwPTjPpSkXoKcZAb43B6dIRPNPZXvm4VGPB37BbTqq/zCWmNv/E2OoVwFncqq21bnSxrx6t/KnlrO1keFiopS+uTJreCJzI6U1zOhgHViN5Z/5yLJG1w5jjbRmJ3FMEVwfgLwjPOUPtq6/zqAH19mvtU=
+rt				RT		0 services.
+sig				SIG		( A 3 3 1285 20170327122207 20170226122207 22004 net-dns.org. BMTLR80WnKndatr77OirBtprR9SLKoZUiPWXU5kViDi+5amYW/GFCp0= )
+;sink				SINK
+;MNUHE2LT._smimeacert		SMIMEA		( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971 )
+spf				SPF		"v=spf1 +mx a:colo.nlnetlabs.nl/28 -all"
+srv				SRV		0 5 80 www
+sshfp				SSHFP		1 1 450c7d19d5da9a3a5b7c19992d1fbde15d8dad44
+;ta				TA
+talink				TALINK		h0 h2
+;tkey				TKEY
+_443._tcp			TLSA		0 0 1 274c6f96c9885c8050e8a05ad1c3162c1d51752c35b6196474e3f05ad31cd923
+_443._tcp.ww			TLSA		1 1 2 92003ba34942dc74152e2f2c408d29eca5a520e7f2e06bb944f4dca346baf63c1b177615d466f6c4b71c216a50292bd58c9ebdd2f74e38fe51ffd48c43326cbc
+_443._tcp.www			TLSA		3 1 1 274c6f96c9885c8050e8a05ad1c3162c1d51752c35b6196474e3f05ad31cd923
+;tsig				TSIG
+dynup				TXT		"fooFoo2" "Bla \; Foo"
+default._domainkey		TXT		"v=DKIM1; r=postmaster; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVG/lfF5GtPlMOcSGnfbp5u+EWM+OOg/f6QmbDXOW/zKQkRIRIZ+BtfSYchP8MeFPfMvUZtdRPzCWg1G7OdD7qaTUqc6kV84on6/8kPVMgdDLyLl2DeU/Lts9hfVHVDSpWuChwDAFXnbnW8jpp54zuof9OIbWSWIxZqLL8flgOsQIDAQAB" ; ----- DKIM default for example.com
+;uid				UID		;IANA-Reserved
+;uinfo				UINFO		;IANA-Reserved
+;unspec				UNSPEC		;IANA-Reserved
+uri				URI		10 1 "ftp://ftp1.net-dns.org/public"
+wks				WKS		195.169.215.155 tcp domain
+x25				X25		"1234567"
--- a/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.pre
+++ b/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.pre
@ -0,0 +1,14 @@
+# #-- 265-supported-rrs.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+(
+	grep '^CC=' "${BUILDDIR}/build-stub-only/src/Makefile"
+	grep '^LDFLAGS=' "${BUILDDIR}/build-stub-only/src/Makefile"
+
+	BUILDDIR4SED=`echo "${BUILDDIR}/build-stub-only" | sed  's/\//\\\\\//g'`
+	sed -e "s/@BUILDDIR@/${BUILDDIR4SED}/g" \
+	    -e "s/@TPKG_NAME@/${TPKG_NAME}/g" "${TPKG_NAME}.Makefile"
+) > Makefile
--- a/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.test
+++ b/src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.test
@ -0,0 +1,15 @@
+# #-- 265-supported-rrs.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+if ! make
+then
+	exit 1
+elif ! ( "./${TPKG_NAME}" "${TPKG_NAME}.net-dns.org" | tee out )
+then
+	exit 1
+else
+	diff out "${TPKG_NAME}.good"
+fi
--- a/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.Makefile
+++ b/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.Makefile
@ -0,0 +1,17 @@
+builddir = @BUILDDIR@
+testname = @TPKG_NAME@
+LIBTOOL  = $(builddir)/libtool
+
+CFLAGS=-Wall -Wextra -I$(builddir)/src -g
+LDLIBS=$(builddir)/src/libgetdns.la
+
+.SUFFIXES: .c .o .a .lo .h
+
+.c.lo:
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
+
+$(testname): $(testname).lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDLIBS) $(LDFLAGS) -o $(testname) $(testname).lo
+
+clean:
+	rm -f $(testname).lo $(testname).o $(testname)
--- a/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.c
+++ b/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.c
@ -0,0 +1,131 @@
+/*
+ * capabilities.c - A DNS server for testing server capabilities
+ *
+ * Copyright (c) 2016, NLnet Labs. All rights reserved.
+ * 
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <getdns/getdns_extra.h>
+#include <stdio.h>
+#include <string.h>
+
+
+void handler(getdns_context *context, getdns_callback_type_t callback_type,
+    getdns_dict *request, void *userarg, getdns_transaction_t request_id)
+{
+	getdns_bindata *qname;
+	char            ans_str[] = "Some answer";
+	getdns_bindata  ans_bd = { sizeof(ans_str) - 1, (void *)ans_str };
+
+	(void) userarg; (void)callback_type;
+
+	if (getdns_dict_get_bindata(request, "/question/qname", &qname) ||
+	    getdns_dict_set_bindata(request, "/answer/0/name", qname) ||
+	    getdns_dict_set_int(request, "/answer/0/type", GETDNS_RRTYPE_TXT) ||
+	    getdns_dict_set_int(request, "/header/tc", 1) ||
+	    getdns_dict_set_bindata(request, "/answer/0/rdata/txt_strings/-", &ans_bd))
+		fprintf(stderr, "Request init error\n");
+
+	else if (qname->size >= 8 && qname->data[0] == 6 &&
+	    qname->data[1] == 'c' && qname->data[2] == 'a' &&
+	    qname->data[3] == 'n' && qname->data[4] == 'c' &&
+	    qname->data[5] == 'e' && qname->data[6] == 'l') {
+
+		(void) getdns_reply(context, NULL, request_id);
+		getdns_dict_destroy(request);
+		return;
+
+	} else if (qname->size >= 6 && qname->data[0] == 4 &&
+	    qname->data[1] == 'q' && qname->data[2] == 'u' &&
+	    qname->data[3] == 'i' && qname->data[4] == 't') {
+
+		(void) getdns_dict_set_int(request, "/header/tc", 0);
+		(void) getdns_reply(context, request, request_id);
+		(void) getdns_context_set_listen_addresses(context, NULL, NULL, NULL);
+		getdns_dict_destroy(request);
+		return;
+
+	} else {
+		if (getdns_reply(context, request, request_id))
+			getdns_reply(context, NULL, request_id);
+		getdns_dict_destroy(request);
+		return;
+	}
+	getdns_dict_destroy(request);
+	exit(EXIT_FAILURE);
+}
+
+int main()
+{
+	getdns_context   *context   = NULL;
+	getdns_list      *listeners = NULL;
+	getdns_dict      *address   = NULL;
+	getdns_dict      *address2  = NULL;
+	uint32_t          port1     = 18000;
+	uint32_t          port2     = 18000;
+	getdns_return_t   r;
+
+	if ((r = getdns_str2list("[ 127.0.0.1:18000 ]", &listeners)) ||
+	    (r = getdns_str2dict("127.0.0.1:18000", &address2)) ||
+	    (r = getdns_list_get_dict(listeners, 0, &address)) ||
+	    (r = getdns_context_create(&context, 0)))
+		fprintf(stderr, "Error initializing: ");
+
+	else while (++port1 < 18200 &&
+	    !(r = getdns_dict_set_int(address, "port", port1)) &&
+	     (r = getdns_context_set_listen_addresses(
+			    context, listeners, NULL, handler)))
+		; /* pass */
+
+	if (!r && 
+	   ((r = getdns_list_set_dict(listeners, 1, address2)) ||
+	    (r = getdns_list_get_dict(listeners, 1, &address))))
+		fprintf(stderr, "Error initializing 2nd address: ");
+
+	if (r)	fprintf(stderr, "%s\n", getdns_get_errorstr_by_id(r));
+	else {
+		port2 = port1;
+		while (++port2 < 18200 &&
+		    !(r = getdns_dict_set_int(address, "port", port2)) &&
+		     (r = getdns_context_set_listen_addresses(
+				    context, listeners, NULL, handler)))
+			; /* pass */
+
+		fprintf(stdout, "%d\n", (int)port1);
+		fprintf(stdout, "%d\n", (int)port2);
+		fflush(stdout);
+		getdns_context_run(context);
+	}
+	getdns_list_destroy(listeners);
+	getdns_dict_destroy(address2);
+	getdns_context_destroy(context);
+	return r;
+}
--- a/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.clean.sh
+++ b/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.clean.sh
@ -0,0 +1,4 @@
+#!/bin/sh
+
+make clean || true
+rm -fr .libs Makefile *_out valgrind.log
--- a/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.dsc
+++ b/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.dsc
@ -0,0 +1,16 @@
+BaseName: 275-server-capabilities
+Version: 1.0
+Description: Test server capabilities (TCP, canceling requests etc.)
+CreationDate: wo 19 apr 2017 10:01:58 CEST
+Maintainer: Hoda Rohani
+Category: 
+Component:
+CmdDepends: 
+Depends: 210-stub-only-link.tpkg
+Help:
+Pre: 275-server-capabilities.pre
+Post: 
+Test: 275-server-capabilities.test
+AuxFiles: 
+Passed:
+Failure:
--- a/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.pre
+++ b/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.pre
@ -0,0 +1,14 @@
+# #-- 275-server-capabilities.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+(
+	grep '^CC=' "${BUILDDIR}/build-stub-only/src/Makefile"
+	grep '^LDFLAGS=' "${BUILDDIR}/build-stub-only/src/Makefile"
+
+	BUILDDIR4SED=`echo "${BUILDDIR}/build-stub-only" | sed  's/\//\\\\\//g'`
+	sed -e "s/@BUILDDIR@/${BUILDDIR4SED}/g" \
+	    -e "s/@TPKG_NAME@/${TPKG_NAME}/g" "${TPKG_NAME}.Makefile"
+) > Makefile
--- a/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.test
+++ b/src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.test
@ -0,0 +1,51 @@
+# #-- 275-server-capabilities.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+
+make && "${BUILDDIR}/build-stub-only/libtool" exec valgrind -v --log-file=valgrind.log --leak-check=full --error-exitcode=1 --track-origins=yes "./${TPKG_NAME}" | (
+	read PORT
+	read PORT2
+
+	${GETDNS_STUB_QUERY} -s -t 1000 @127.0.0.1:$PORT TXT cancel. +return_call_reporting 2>&1 > time_out
+
+	${GETDNS_STUB_QUERY} -s @127.0.0.1:$PORT TXT test +return_call_reporting 2>&1 > tcp_out
+
+	${GETDNS_STUB_QUERY} -s -U @127.0.0.1:$PORT2 TXT test +return_call_reporting 2>&1 > udp_out
+
+	${GETDNS_STUB_QUERY} -s -q @127.0.0.1:$PORT TXT quit.
+)
+if grep -q 'definitely lost: [^0]' valgrind.log
+then
+	cat valgrind.log
+	echo "error: Memory loss!"
+	exit 1
+fi
+if ! grep -q '"status": GETDNS_RESPSTATUS_ALL_TIMEOUT' time_out
+then
+	cat time_out
+	echo 'error: Query was answered (i think)!'
+	exit 1
+
+elif ! grep -q '"transport": GETDNS_TRANSPORT_TCP' tcp_out
+then
+	cat tcp_out
+	echo 'error: Query was not over TCP!'
+	exit 1
+
+elif ! grep -q '"transport": GETDNS_TRANSPORT_UDP' udp_out
+then
+	cat udp_out
+	echo 'error: Query was not over UDP!'
+	exit 1
+
+elif ! grep -q '"Some answer"' tcp_out
+then
+	cat tcp_out
+	echo 'error: Query was not answered!'
+	exit 1
+else
+	exit 0
+fi
--- a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.dsc
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.dsc
@ -3,7 +3,7 @@ Version: 1.0
 Description: Test if outstanding queries setting is obeyed
 CreationDate: Tue Mar 14 10:43:45 CET 2017
 Maintainer: Willem Toorop
-Category: 
+Category: Resource depletion
 Component:
 CmdDepends: 
 Depends: 210-stub-only-link.tpkg
--- a/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.dsc
+++ b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.dsc
@ -3,7 +3,7 @@ Version: 1.0
 Description: Test if outstanding queries setting is obeyed
 CreationDate: ma 20 mrt 2017 15:17:45 CET
 Maintainer: Willem Toorop
-Category: 
+Category: Resource depletion
 Component:
 CmdDepends: 
 Depends: 210-stub-only-link.tpkg
--- a/src/test/tpkg/290-transports.tpkg/290-transports.dsc
+++ b/src/test/tpkg/290-transports.tpkg/290-transports.dsc
@ -0,0 +1,16 @@
+BaseName: 290-transports
+Version: 1.0
+Description: Run the test_transports
+CreationDate: di  9 mei 2017 14:16:58 CEST
+Maintainer: Hoda Rohani
+Category: 
+Component:
+CmdDepends: 
+Depends: 110-link.tpkg
+Help:
+Pre: 
+Post: 
+Test: 290-transports.test
+AuxFiles: 
+Passed:
+Failure:
--- a/src/test/tpkg/290-transports.tpkg/290-transports.test
+++ b/src/test/tpkg/290-transports.tpkg/290-transports.test
@ -0,0 +1,200 @@
+# #-- 290-transports.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+SERVER_IP="8.8.8.8"
+SERVER_IPv6="2001:4860:4860::8888"
+
+SERVER_IP_TSIG="185.49.141.37^"
+SERVER_IPv6_TSIG="2a04:b900:0:100::37^"
+TSIG_ALG="hmac-md5.sig-alg.reg.int"
+TSIG_NAME="hmac-md5.tsigs.getdnsapi.net"
+TSIG_SECRET="16G69OTeXW6xSQ=="
+
+TLS_SERVER_IP="185.49.141.38~getdnsapi.net"
+TLS_SERVER_IPv6="2a04:b900:0:100::38~getdnsapi.net"
+TLS_SERVER_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S="
+TLS_SERVER_WRONG_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc1S="
+
+TLS_SERVER_SS_IP="184.105.193.78~tls-dns-u.odvr.dns-oarc.net"  #Self signed cert
+TLS_SERVER_SS_KEY="pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI="
+
+GOOD_RESULT_SYNC="Status was: At least one response was returned"
+GOOD_RESULT_ASYNC="successful"
+BAD_RESULT_SYNC="1 'Generic error'"
+BAD_RESULT_ASYNC="callback_type of 703"
+BAD_RESULT_TRANSPORT="None of the configured upstreams could be used to send queries on the specified transports"
+BAD_RESULT_NO_NAME="GETDNS_RESPSTATUS_NO_NAME"
+NUM_ARGS=3
+GOOD_COUNT=0
+FAIL_COUNT=0
+
+
+check_auth () {
+	local my_auth_ok=0;
+	auth_result=`echo $1 | sed 's/.*tls_auth_status\": <bindata of "//' | sed 's/\">.*//'`
+	if [[ $2 == "-" ]] ; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "N" ]] && [[ $auth_result == "None" ]]; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "F" ]] && [[ $auth_result == "Failed" ]]; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "S" ]] && [[ $auth_result == "Success" ]]; then
+		my_auth_ok=1;
+	fi
+	echo $my_auth_ok;
+}
+
+check_trans () {
+	local my_trans_ok=0;
+	trans_result=`echo $1 | sed "s/.*\"transport\": GETDNS_TRANSPORT_//" | sed 's/ }.*//' | sed 's/,.*//'`
+	if [[ $2 == "U" ]] && [[ $trans_result == "UDP" ]]; then
+		my_trans_ok=1;
+	fi
+	if [[ $2 == "T" ]] && [[ $trans_result == "TCP" ]]; then
+		my_trans_ok=1;
+	fi
+	if [[ $2 == "L" ]] && [[ $trans_result == "TLS" ]]; then
+		my_trans_ok=1;
+	fi
+	echo $my_trans_ok;
+}
+
+check_good () {
+	auth_ok=0;
+	result_ok=0;
+	trans_ok=0;
+	result=`echo $1 | sed 's/ All done.'// | sed 's/.*Response code was: GOOD. '//`
+	async_success=`echo $result | grep -c "$GOOD_RESULT_ASYNC"`
+	if [[ $result =~ $GOOD_RESULT_SYNC ]] || [[ $async_success =~ 1 ]]; then
+		result_ok=1;
+	fi
+	if [[ $result_ok == 1 ]] ; then
+		trans_ok=$(check_trans "$1" "$2")
+		auth_ok=$(check_auth "$1" "$3")
+	fi
+	if [[ $result_ok == 1 ]] && [[ $auth_ok == 1 ]] && [[ $trans_ok == 1 ]]; then
+		(( GOOD_COUNT++ ))
+		echo -n "PASS: "
+	else
+		(( FAIL_COUNT++ ))
+		echo "FAIL (RESULT): Result: $result  Auth: $auth_ok  Trans: $trans_ok"
+		echo -n "FAIL: "
+	fi
+}
+
+check_bad () {
+	result=`echo $1 | grep "An error occurred:" | tail -1 | sed 's/ All done.'//`
+	error=` echo $result | sed 's/An error occurred: //'`
+
+	if [[ -z $result ]]; then
+		result=`echo $1 | grep "GETDNS_RESPSTATUS_NO_NAME" `
+		error=` echo $result | sed 's/"status": //'`
+	fi
+
+	if [[ ! -z $result ]]; then
+		if [[ $error =~ $BAD_RESULT_SYNC ]] || [[ $error =~ $BAD_RESULT_ASYNC ]] || [[ $error =~ $BAD_RESULT_TRANSPORT ]] || [[ $error =~ $BAD_RESULT_NO_NAME ]]; then
+				(( GOOD_COUNT++ ))
+				echo -n "PASS:"
+			else
+				(( FAIL_COUNT++ ))
+				echo "FAIL (RESULT): " $error
+				echo -n "FAIL: "
+		fi
+	else
+		(( FAIL_COUNT++ ))
+		echo "FAIL (RESULT): " $1
+		echo -n "FAIL: "
+	fi
+}
+# disable IPv6, travis cannot handle it?
+for (( ii = 0; ii < 1; ii++)); do
+	if [[ ii -eq 1 ]]; then
+		SERVER_IP=$SERVER_IPv6
+		TLS_SERVER_IP=$TLS_SERVER_IPv6
+                SERVER_IP_TSIG=$SERVER_IPv6_TSIG
+		echo "Using IPv6"
+	fi
+	TLS_SERVER_IP_NO_NAME=`echo ${TLS_SERVER_IP%~*}`
+	TLS_SERVER_SS_IP_NO_NAME=`echo ${TLS_SERVER_SS_IP%~*}`
+	TLS_SERVER_IP_WRONG_NAME=`echo ${TLS_SERVER_IP::${#TLS_SERVER_IP}-1}`
+	SERVER_IP_TSIG_WRONG_NAME=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME::${#TSIG_NAME}-1}":"${TSIG_SECRET}`
+	SERVER_IP_TSIG_WRONG_SECRET=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME}":"${TSIG_SECRET::${#TSIG_SECRET}-1}`
+
+	NUM_GOOD_QUERIES=9
+	GOOD_QUERIES=(
+	"-s -A  getdnsapi.net -l U        @${SERVER_IP} +edns_cookies"              "U" "-"
+	"-s -A  getdnsapi.net -l T        @${SERVER_IP}"              "T" "-"
+	"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
+	"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
+	"-s -A  getdnsapi.net -l L        @${TLS_SERVER_IP_NO_NAME}"  "L" "N"
+	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP}"          "L" "S"
+	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+	"-s -G DNSKEY getdnsapi.net -l U  @${SERVER_IP} -b 512 -D" "U" "-")
+#"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S"
+
+	NUM_GOOD_FB_QUERIES=6
+	GOOD_FALLBACK_QUERIES=(
+	"-s -A getdnsapi.net -l LU     @${SERVER_IP}" "U" "-"
+	"-s -A getdnsapi.net -l LT     @${SERVER_IP}" "T" "-" 
+	"-s -A getdnsapi.net -l LT     @${TLS_SERVER_IP_NO_NAME}" "L" "N"
+	"-s -A getdnsapi.net -l LT -m  @${TLS_SERVER_IP_NO_NAME}" "L" "N"
+	"-s -A getdnsapi.net -l L      @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}" "L" "-"
+	"-s -G DNSKEY getdnsapi.net -l UT  @${SERVER_IP} -b 512 -D" "T" "-")
+
+	NOT_AVAILABLE_QUERIES=(
+	"-s -A getdnsapi.net -l L      @${SERVER_IP}"
+	"-s -A getdnsapi.net -l U      @${SERVER_IP_TSIG_WRONG_NAME}"
+	"-s -A getdnsapi.net -l U      @${SERVER_IP_TSIG_WRONG_SECRET}"
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME}"
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME}"
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME}    -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP}            -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\""
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"")
+#"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_SS_IP}         -K pin-sha256=\"${TLS_SERVER_SS_KEY}\""
+
+
+	echo "Starting transport test"
+	echo
+	for (( i = 0; i < 2; i+=1 )); do
+		if [[ i -eq 0 ]]; then
+			echo "**SYNC Mode**"
+		else
+			echo
+			echo "**ASYNC Mode**"
+			SYNC_MODE=" -a "
+		fi
+		echo "*Success cases:"
+		for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
+		  check_good "`"${GETDNS_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
+		  echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
+		  (( COUNT++ ))
+		done
+		
+		echo "*Success fallback cases:"
+		for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
+		    check_good "`"${GETDNS_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
+		    echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]}  TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
+		    (( COUNT++ ))
+		done
+		
+		echo "*Transport not available cases:"
+		for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
+			check_bad "`"${GETDNS_QUERY}" -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
+			echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
+			(( COUNT++ ))
+		done
+	done
+	echo
+done
+
+echo
+echo "Finished transport test: did $COUNT queries, $GOOD_COUNT passes, $FAIL_COUNT failures"
+echo
--- a/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
+++ b/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
@ -7,10 +7,10 @@
 rm -fr "${BUILDDIR}/build-event-loops"
 mkdir  "${BUILDDIR}/build-event-loops"
 cd "${BUILDDIR}/build-event-loops"
-"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
+"${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libuv
--- a/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.dsc
+++ b/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.dsc
@ -6,7 +6,7 @@ Maintainer: Willem Toorop
 Category: 
 Component:
 CmdDepends: 
-Depends: 300-event-loops-configure.tpkg
+Depends: 310-dependencies.tpkg
 Help:
 Pre: 320-event-loops-compile.pre
 Post: 320-event-loops-compile.post
--- a/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
+++ b/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build-event-loops"
-make XTRA_CFLAGS=-Werror
+make XTRA_CFLAGS=-Werror -j 4
--- a/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
+++ b/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
@ -5,9 +5,9 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test

 cd "${BUILDDIR}/build-event-loops"
-if make test
+if make -j 4 test
 then
-	if grep ERROR "${BUILDDIR}/build-event-loops/src/test/*.log"
+	if test -e "${BUILDDIR}/build-event-loops/src/test/fails"
 	then
 		exit 1
 	fi
--- a/src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.dsc
+++ b/src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.dsc
@ -1,16 +0,0 @@
-BaseName: 340-event-loops-scan-build
-Version: 1.0
-Description: Compile
-CreationDate: do 28 apr 2016 16:50:43 CEST
-Maintainer: Willem Toorop
-Category: 
-Component:
-CmdDepends: scan-build
-Depends: 300-event-loops-configure.tpkg
-Help:
-Pre: 340-event-loops-scan-build.pre
-Post: 340-event-loops-scan-build.post
-Test: 340-event-loops-scan-build.test
-AuxFiles: 
-Passed:
-Failure:
--- a/src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.pre
+++ b/src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.pre
@ -1,24 +0,0 @@
-# #-- 340-event-loops-scan-build.pre--#
-# source the master var file when it's there
-if [ -f ../.tpkg.var.master ]
-then
-	source ../.tpkg.var.master
-else
-	(
-		cd ..
-		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
-		    && sh "${TPKG_SRCDIR}/setup-env.sh" 
-	) && source ../.tpkg.var.master
-fi
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-echo "" > restore-srcdir-configure-settings
-for f in `grep 'CONFIG_[FH][IE][LA][ED][SE]' "${SRCROOT}/configure.ac" | sed -e 's/^.*(\[//g' -e 's/\])//g'`
-do
-	if [ -f "${SRCROOT}/$f" ]
-	then
-		mv "${SRCROOT}/${f}" "${SRCROOT}/${f}.build-event-loops" && \
-			echo "$f" >> restore-srcdir-configure-settings
-	fi
-done
--- a/src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.dsc
+++ b/src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.dsc
@ -0,0 +1,16 @@
+BaseName: 400-static-analysis
+Version: 1.0
+Description: Compile
+CreationDate: wo 10 mei 2017 14:56:19 CEST
+Maintainer: Willem Toorop
+Category: 
+Component:
+CmdDepends: scan-build
+Depends:
+Help:
+Pre: 400-static-analysis.pre
+Post: 400-static-analysis.post
+Test: 400-static-analysis.test
+AuxFiles: 
+Passed:
+Failure:
--- a/src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.post
+++ b/src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.post
@ -1,4 +1,4 @@
-# #-- 340-event-loops-scan-build.post --#
+# #-- 400-static-analysis.post --#
 # source the master var file when it's there
 if [ -f ../.tpkg.var.master ]
 then
@ -15,6 +15,6 @@ fi

 for f in `cat restore-srcdir-configure-settings`
 do
-	mv "${SRCROOT}/${f}.build-event-loops" "${SRCROOT}/${f}"
+	mv "${SRCROOT}/${f}.build-static-analysis" "${SRCROOT}/${f}"
 done

--- a/src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.pre
+++ b/src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.pre
@ -0,0 +1,35 @@
+# #-- 400-static-analysis.pre--#
+# source the master var file when it's there
+if [ -f ../.tpkg.var.master ]
+then
+	source ../.tpkg.var.master
+else
+	(
+		cd ..
+		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
+		    && sh "${TPKG_SRCDIR}/setup-env.sh" 
+	) && source ../.tpkg.var.master
+fi
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+echo "" > restore-srcdir-configure-settings
+for f in `grep 'CONFIG_[FH][IE][LA][ED][SE]' "${SRCROOT}/configure.ac" | sed -e 's/^.*(\[//g' -e 's/\])//g'`
+do
+	if [ -f "${SRCROOT}/$f" ]
+	then
+		mv "${SRCROOT}/${f}" "${SRCROOT}/${f}.build-static-analysis" && \
+			echo "$f" >> restore-srcdir-configure-settings
+	fi
+done
+rm -fr "${BUILDDIR}/build-static-analysis"
+mkdir  "${BUILDDIR}/build-static-analysis"
+cd "${BUILDDIR}/build-static-analysis"
+"${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libuv
+   
--- a/src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.test
+++ b/src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.test
@ -1,9 +1,8 @@
-# #-- 340-event-loops-scan-build.test --#
+# #-- 400-static-analysis.test --#
 # source the master var file when it's there
 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
 # use .tpkg.var.test for in test variable passing
 [ -f .tpkg.var.test ] && source .tpkg.var.test

-cd "${BUILDDIR}/build-event-loops"
-make clean
-scan-build -o ../scan-build-reports -v --status-bugs make everything
+cd "${BUILDDIR}/build-static-analysis"
+scan-build -o ../scan-build-reports -v --status-bugs make -j 4 everything
--- a/src/test/tpkg/clean.sh
+++ b/src/test/tpkg/clean.sh
@ -3,5 +3,5 @@
 export SRCDIR=`dirname $0`
 (	cd $SRCDIR
 	./tpkg clean
-	rm -fr build build-stub-only build-event-loops install scan-build-reports .tpkg.var.master
+	rm -fr build build-stub-only build-event-loops build-static-analysis install scan-build-reports .tpkg.var.master *.info
 )
--- a/src/test/tpkg/run-all-lcov.sh
+++ b/src/test/tpkg/run-all-lcov.sh
@ -15,7 +15,7 @@ LCOV_MERGE=""
 for TEST_PKG in ${SRCDIR}/*.tpkg
 do
    # when we run our test, we need to compile with profiling
-    LDFLAGS="-lgcov --coverage" CFLAGS="-fprofile-arcs -ftest-coverage -O0" "${TPKG}" $* exe "${TEST_PKG}"
+    LDFLAGS="-lgcov --coverage" CFLAGS="-g -fprofile-arcs -ftest-coverage -O0" "${TPKG}" $* exe "${TEST_PKG}"
    # after the test is complete, we need to collect the coverage data
    INFO_FILE=`echo $TEST_PKG | sed 's/.tpkg$//'`.info
    geninfo $SRCDIR/.. -o $INFO_FILE
--- a/src/test/tpkg/run-parallel.sh
+++ b/src/test/tpkg/run-parallel.sh
@ -0,0 +1,55 @@
+#!/bin/sh
+
+export SRCDIR=`dirname $0`
+. `dirname $0`/setup-env.sh
+
+cat > Makefile << MAKEFILE_HEADER
+all: retry results
+
+retry:
+	for f in result.* ; do if test ! -e .done-\$\${f#result.} ; then rm -f \$\$f ; fi; done
+
+MAKEFILE_HEADER
+
+# Resource depletion tests should be performed one-by-one after all
+# other tests have been done.
+#
+RD_TESTS=""
+OTHERS=""
+ALL="results:"
+for TEST_PKG in `echo ${SRCDIR}/*.tpkg | xargs -n1 echo | sort`
+do
+	P="${TEST_PKG#${SRCDIR}/}"
+	P="${P%.tpkg}"
+	R="result.${P}"
+	ALL="${ALL} ${R}"
+	if grep -q 'Category:.*Resource depletion' "${TEST_PKG}/${P}.dsc"
+	then
+		RD_TESTS="${R} ${RD_TESTS}"
+	else
+		OTHERS="${OTHERS} ${R}"
+	fi
+done
+echo "${ALL}" >> Makefile
+printf '\t"%s" r\n\n' "${TPKG}" >> Makefile
+printf 'clean:\n\t"%s" clean\n\trm -fr build build-stub-only build-event-loops build-static-analysis install scan-build-reports .tpkg.var.master *.info\n\n' "${TPKG}" >> Makefile
+for P in ${OTHERS}
+do
+	P="${P#result.}"
+	TEST_PKG="${SRCDIR}/${P}.tpkg"
+	DEPS="result.${P}:"
+	for D in `grep "^Depends: " "${TEST_PKG}/${P}.dsc" | sed 's/^Depends: //g'`
+	do
+		D="${D%.tpkg}"
+		DEPS="${DEPS} result.${D}"
+	done
+	echo "${DEPS}" >> Makefile
+	printf '\t"%s" %s exe "%s"\n\n' "${TPKG}" "$*" "${TEST_PKG}" >> Makefile
+done
+for RD in ${RD_TESTS}
+do
+	RD_TESTS="${RD_TESTS#$RD }"
+	TEST_PKG="${RD#result.}"
+	printf '%s: %s %s\n\t"%s" %s exe "%s/%s.tpkg"\n\n' "${RD}" "${OTHERS}" "${RD_TESTS}" "${TPKG}" "$*" "${SRCDIR}" "${TEST_PKG}" >> Makefile
+done
+make -j 2
--- a/src/tools/Dockerfile
+++ b/src/tools/Dockerfile
@ -0,0 +1,42 @@
+FROM  ubuntu:16.04
+MAINTAINER Melinda Shore <melinda.shore@nomountain.net>
+
+RUN set -ex \
+    && apt-get update \
+    && apt-get install -y curl \
+    && apt-get install -y git \
+    && apt-get install -y wget \
+    && apt-get install -y libssl-dev \
+    && curl -fOSL "https://unbound.net/downloads/unbound-1.6.3.tar.gz" \
+    && mkdir -p /usr/src/unbound \
+    && tar -xzC /usr/src/unbound --strip-components=1 -f unbound-1.6.3.tar.gz \
+    && rm unbound-1.6.3.tar.gz \
+    && apt-get -y install libidn11-dev \
+    && apt-get -y install python-dev \
+    && apt-get -y install make \
+    && apt-get install -y automake autoconf libtool \
+    && apt-get install -y shtool \
+    && cd /usr/src/unbound \
+    && ./configure \
+    && make \
+    && make install \
+    && ldconfig \
+    && cd /usr/src \
+    && git clone https://github.com/getdnsapi/getdns.git \
+    && cd /usr/src/getdns \
+    && git checkout master \
+    && git submodule update --init \
+    && libtoolize -ci \
+    && autoreconf -fi \
+    && ./configure --enable-debug-daemon \
+    && make \
+    && make install \
+    && ldconfig \
+    && cp src/tools/stubby.conf /etc \
+    && mkdir -p /etc/unbound \
+    && cd /etc/unbound \
+    && unbound-anchor -a /etc/unbound/getdns-root.key || :
+    
+EXPOSE 53
+
+CMD ["/usr/local/bin/stubby"]
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@ -68,8 +68,8 @@ $(ALL_OBJS):
 getdns_query: getdns_query.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)

-stubby: getdns_query.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
+stubby:
+	cd .. && $(MAKE) $@

 install-getdns_query: getdns_query
 	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
@ -78,12 +78,11 @@ install-getdns_query: getdns_query
 uninstall-getdns_query:
 	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/getdns_query

-install-stubby: getdns_query
-	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
-	$(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)/stubby
+install-stubby:
+	cd .. && $(MAKE) $@

 uninstall-stubby:
-	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
+	cd .. && $(MAKE) $@

 clean:
 	rm -f *.o *.lo $(PROGRAMS)
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@ -48,6 +48,7 @@ typedef unsigned short in_port_t;

 #define EXAMPLE_PIN "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""

+static int verbosity = 0;
 static int i_am_stubby = 0;
 static const char *default_stubby_config =
 "{ resolution_type: GETDNS_RESOLUTION_STUB"
@ -80,6 +81,8 @@ static uint16_t request_type = GETDNS_RRTYPE_NS;
 static int timeout, edns0_size, padding_blocksize;
 static int async = 0, interactive = 0;
 static enum { GENERAL, ADDRESS, HOSTNAME, SERVICE } calltype = GENERAL;
+static int bogus_answers = 0;
+static int check_dnssec = 0;

 static int get_rrtype(const char *t)
 {
@ -92,7 +95,7 @@ static int get_rrtype(const char *t)
 	if (strlen(t) > sizeof(buf) - 15)
 		return -1;
 	for (i = 14; *t && i < sizeof(buf) - 1; i++, t++)
-		buf[i] = toupper(*t);
+		buf[i] = *t == '-' ? '_' : toupper(*t);
 	buf[i] = '\0';

 	if (!getdns_str2int(buf, &rrtype))
@ -257,6 +260,7 @@ print_usage(FILE *out, const char *progname)
 		fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n");
 	fprintf(out, "\t-t <timeout>\tSet timeout in milliseconds\n");
 	fprintf(out, "\t-v\tPrint getdns release version\n");
+	fprintf(out, "\t-V\tIncrease verbosity (may be used more than once)\n");
 	fprintf(out, "\t-x\tDo not follow redirects\n");
 	fprintf(out, "\t-X\tFollow redirects (default)\n");

@ -308,27 +312,28 @@ static getdns_return_t validate_chain(getdns_dict *response)
 	    response, "replies_tree", &replies_tree)))
 		goto error;

-	fprintf(stdout, "replies_tree dnssec_status: ");
+	if (verbosity) fprintf(stdout, "replies_tree dnssec_status: ");
 	switch ((s = getdns_validate_dnssec(
 	    replies_tree, validation_chain, trust_anchor))) {

 	case GETDNS_DNSSEC_SECURE:
-		fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
+		if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
 		break;
 	case GETDNS_DNSSEC_BOGUS:
-		fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
+		if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
+		bogus_answers += 1;
 		break;
 	case GETDNS_DNSSEC_INDETERMINATE:
-		fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
+		if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
 		break;
 	case GETDNS_DNSSEC_INSECURE:
-		fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
+		if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
 		break;
 	case GETDNS_DNSSEC_NOT_PERFORMED:
-		fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
+		if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
 		break;
 	default:
-		fprintf(stdout, "%d\n", (int)s);
+		if (verbosity) fprintf(stdout, "%d\n", (int)s);
 	}

 	i = 0;
@ -337,27 +342,28 @@ static getdns_return_t validate_chain(getdns_dict *response)
 		if ((r = getdns_list_set_dict(to_validate, 0, reply)))
 			goto error;

-		printf("reply "PRIsz", dnssec_status: ", i);
+		if (verbosity) printf("reply "PRIsz", dnssec_status: ", i);
 		switch ((s = getdns_validate_dnssec(
 		    to_validate, validation_chain, trust_anchor))) {

 		case GETDNS_DNSSEC_SECURE:
-			fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
+			if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
 			break;
 		case GETDNS_DNSSEC_BOGUS:
-			fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
+			if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
+			bogus_answers += 1;
 			break;
 		case GETDNS_DNSSEC_INDETERMINATE:
-			fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
+			if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
 			break;
 		case GETDNS_DNSSEC_INSECURE:
-			fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
+			if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
 			break;
 		case GETDNS_DNSSEC_NOT_PERFORMED:
-			fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
+			if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
 			break;
 		default:
-			fprintf(stdout, "%d\n", (int)s);
+			if (verbosity) fprintf(stdout, "%d\n", (int)s);
 		}
 	}
 	if (r == GETDNS_RETURN_NO_SUCH_LIST_ITEM)
@ -380,14 +386,23 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
 	    getdns_print_json_dict(response, json == 1)
 	  : getdns_pretty_print_dict(response))) {

-		fprintf(stdout, "ASYNC response:\n%s\n", response_str);
+		fprintf(stdout, "%s\n", response_str);
+		if (verbosity) fprintf(stdout, "ASYNC call completed.\n");
 		validate_chain(response);
 		free(response_str);
 	}

 	if (callback_type == GETDNS_CALLBACK_COMPLETE) {
-		printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64"  was successful.\n",
+		if (verbosity) printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64"  was successful.\n",
 			trans_id);
+		if (check_dnssec) {
+			uint32_t dnssec_status = GETDNS_DNSSEC_SECURE;
+
+	    		(void )getdns_dict_get_int(response,
+			    "/replies_tree/0/dnssec_status", &dnssec_status);
+			if (dnssec_status == GETDNS_DNSSEC_BOGUS)
+				bogus_answers += 1;
+		}

 	} else if (callback_type == GETDNS_CALLBACK_CANCEL)
 		fprintf(stderr,
@ -402,7 +417,6 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
 			getdns_get_errorstr_by_id(callback_type));
 	}
 	getdns_dict_destroy(response);
-	response = NULL;
 }

 #define CONTINUE ((getdns_return_t)-2)
@ -577,6 +591,9 @@ getdns_return_t parse_args(int argc, char **argv)
 			continue;

 		} else if (arg[0] == '+') {
+			if (strncmp(arg+1, "dnssec_", 7) == 0)
+				check_dnssec = 1;
+
 			if (arg[1] == 's' && arg[2] == 'i' && arg[3] == 't' &&
 			   (arg[4] == '=' || arg[4] == '\0')) {
 				if ((r = set_cookie(extensions, arg+4))) {
@ -812,6 +829,7 @@ getdns_return_t parse_args(int argc, char **argv)
 				goto next;
 			case 'p':
 				json = 0;
+				break;
 			case 'q':
 				quiet = 1;
 				break;
@ -980,6 +998,9 @@ getdns_return_t parse_args(int argc, char **argv)
 			case 'B':
 				batch_mode = 1;
 				break;
+			case 'V':
+				verbosity += 1;
+				break;

 			case 'z':
 				if (c[1] != 0 || ++i >= argc || !*argv[i]) {
@ -1198,8 +1219,9 @@ getdns_return_t do_the_call(void)
 			    getdns_print_json_dict(response, json == 1)
 			  : getdns_pretty_print_dict(response))) {

-				fprintf( stdout, "SYNC response:\n%s\n"
-				       , response_str);
+				fprintf( stdout, "%s\n", response_str);
+				if (verbosity) fprintf( stdout, "SYNC call completed.\n");
+
 				validate_chain(response);
 				free(response_str);
 			} else {
@ -1209,10 +1231,21 @@ getdns_return_t do_the_call(void)
 			}
 		}
 		getdns_dict_get_int(response, "status", &status);
-		fprintf(stdout, "Response code was: GOOD. Status was: %s\n", 
+		if (verbosity)
+			fprintf(stdout, "Response code was: GOOD. Status was: %s\n", 
 			 getdns_get_errorstr_by_id(status));
-		if (response)
+		if (response) {
+			if (check_dnssec) {
+				uint32_t dnssec_status = GETDNS_DNSSEC_SECURE;
+
+				(void )getdns_dict_get_int(response,
+				    "/replies_tree/0/dnssec_status",
+				    &dnssec_status);
+				if (dnssec_status == GETDNS_DNSSEC_BOGUS)
+					bogus_answers += 1;
+			}
 			getdns_dict_destroy(response);
+		}
 	}
 	getdns_dict_destroy(address);
 	return r;
@ -1234,7 +1267,7 @@ void read_line_cb(void *userarg)
 	int linec;

 	if (!fgets(line, 1024, fp) || !*line) {
-		if (query_file)
+		if (query_file && verbosity)
 			fprintf(stdout,"End of file.");
 		loop->vmt->clear(loop, read_line_ev);
 		if (listen_count)
@ -1243,7 +1276,7 @@ void read_line_cb(void *userarg)
 		(void) getdns_context_set_idle_timeout(context, 0);
 		return;
 	}
-	if (query_file)
+	if (query_file && verbosity)
 		fprintf(stdout,"Found query: %s", line);

 	linev[0] = __FILE__;
@ -1256,7 +1289,8 @@ void read_line_cb(void *userarg)
 		return;
 	}
 	if (*token == '#') {
-		fprintf(stdout,"Result:      Skipping comment\n");
+		if (verbosity)
+			fprintf(stdout,"Result:      Skipping comment\n");
 		if (! query_file) {
 			printf("> ");
 			fflush(stdout);
@ -1629,6 +1663,29 @@ error:
 		getdns_dict_destroy(response);
 }

+static void stubby_log(void *userarg, uint64_t system,
+    getdns_loglevel_type level, const char *fmt, va_list ap)
+{
+	struct timeval tv;
+	struct tm tm;
+	char buf[10];
+#ifdef GETDNS_ON_WINDOWS
+	time_t tsec;
+
+	gettimeofday(&tv, NULL);
+	tsec = (time_t) tv.tv_sec;
+	gmtime_s(&tm, (const time_t *) &tsec);
+#else
+	gettimeofday(&tv, NULL);
+	gmtime_r(&tv.tv_sec, &tm);
+#endif
+	strftime(buf, 10, "%H:%M:%S", &tm);
+	(void)userarg; (void)system; (void)level;
+	(void) fprintf(stderr, "[%s.%.6d] STUBBY: ", buf, (int)tv.tv_usec);
+	(void) vfprintf(stderr, fmt, ap);
+}
+
+
 /**
 * \brief A wrapper script for command line testing of getdns
 *  getdns_query -h provides details of the available options (the syntax is 
@ -1678,6 +1735,9 @@ main(int argc, char **argv)
 			(void) parse_config_file(home_stubby_conf_fn, 0);
 		}
 		clear_listen_list_on_arg = 1;
+
+		(void) getdns_context_set_logfunc(context, NULL,
+		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG, stubby_log);
 	}
 	if ((r = parse_args(argc, argv)))
 		goto done_destroy_context;
@ -1763,8 +1823,10 @@ done_destroy_context:
 	else if (r == CONTINUE_ERROR)
 		return 1;

-	if (!i_am_stubby)
+	if (!i_am_stubby && verbosity)
 		fprintf(stdout, "\nAll done.\n");

-	return r;
+	return             r ? r 
+	     : bogus_answers ? GETDNS_DNSSEC_BOGUS
+	     : GETDNS_RETURN_GOOD;
 }
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@ -1,71 +0,0 @@
-{ resolution_type: GETDNS_RESOLUTION_STUB
-, dns_transport_list: [ GETDNS_TRANSPORT_TLS ]
-, tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
-, tls_query_padding_blocksize: 256
-, edns_client_subnet_private : 1
-, listen_addresses: [ 127.0.0.1, 0::1 ]
-, idle_timeout: 10000
-, round_robin_upstreams: 1
-, upstream_recursive_servers:
-  [ { address_data: 145.100.185.15
-    , tls_auth_name: "dnsovertls.sinodun.com"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
-      } ] 
-    },
-    { address_data: 145.100.185.16
-    , tls_auth_name: "dnsovertls1.sinodun.com"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
-      } ] 
-    },
-    { address_data: 185.49.141.37
-    , tls_auth_name: "getdnsapi.net"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
-      } ]
-    },
-    { address_data: 2001:610:1:40ba:145:100:185:15
-    , tls_auth_name: "dnsovertls.sinodun.com"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
-      } ] 
-    },
-    { address_data: 2001:610:1:40ba:145:100:185:16
-    , tls_auth_name: "dnsovertls1.sinodun.com"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
-      } ] 
-    },
-    { address_data: 2a04:b900:0:100::37
-    , tls_auth_name: "getdnsapi.net"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
-      } ]
-    },
-    { address_data: 184.105.193.78
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
-      } ]
-    },
-    { address_data: 2620:ff:c000:0:1::64:25
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
-      } ]
-    },
-    { address_data: 89.233.43.71 
-    , tls_auth_name: "unicast.censurfridns.dk"
-    },
-    { address_data: 2a01:3a0:53:53::
-    , tls_auth_name: "unicast.censurfridns.dk"
-    }
-  ]
-}
--- a/src/types-internal.h
+++ b/src/types-internal.h
@ -226,7 +226,6 @@ typedef struct getdns_network_req
 	size_t                  transport_current;
 	getdns_tls_authentication_t  tls_auth_min;
 	getdns_eventloop_event  event;
-	uint16_t                query_id;

 	int                     edns_maximum_udp_payload_size;
 	uint16_t                max_udp_payload_size;
--- a/src/util-internal.c
+++ b/src/util-internal.c
@ -340,10 +340,22 @@ _getdns_rr_iter2rr_dict_canonical(
 				    repeat_list, bin_size, bin_data))
 					goto rdata_error;
 				break;
+
+			/* Repetitive special types do not exist (yet)
+			 *
+			 * LCOV_EXCL_START
+			 */
 			case wf_special:
+				/* Repetitive special types
+				 * must have this function
+				 */
+				assert(rdf->rdd_pos->special->wire2list);
+
 				if (rdf->rdd_pos->special->wire2list(
 				    repeat_list, rdf->pos))
 					goto rdata_error;
+			/* LCOV_EXCL_STOP */
+
 			default:
 				break;
 			}
--- a/src/util/lookup3.c
+++ b/src/util/lookup3.c
@ -5,6 +5,7 @@
     added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings.
     added include of lookup3.h to check definitions match declarations.
     removed include of stdint - config.h takes care of platform independence.
+     added fallthrough comments for new gcc warning suppression.
  url http://burtleburtle.net/bob/hash/index.html.
 */
 /*
@ -235,7 +236,9 @@ uint32_t        initval)         /* the previous hash, or an arbitrary value */
  switch(length)                     /* all the case statements fall through */
  { 
  case 3 : c+=k[2];
+  	/* fallthrough */
  case 2 : b+=k[1];
+  	/* fallthrough */
  case 1 : a+=k[0];
    final(a,b,c);
  case 0:     /* case 0: nothing left to add */
@ -473,16 +476,27 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
    switch(length)                   /* all the case statements fall through */
    {
    case 12: c+=((uint32_t)k[11])<<24;
+  	/* fallthrough */
    case 11: c+=((uint32_t)k[10])<<16;
+  	/* fallthrough */
    case 10: c+=((uint32_t)k[9])<<8;
+  	/* fallthrough */
    case 9 : c+=k[8];
+  	/* fallthrough */
    case 8 : b+=((uint32_t)k[7])<<24;
+  	/* fallthrough */
    case 7 : b+=((uint32_t)k[6])<<16;
+  	/* fallthrough */
    case 6 : b+=((uint32_t)k[5])<<8;
+  	/* fallthrough */
    case 5 : b+=k[4];
+  	/* fallthrough */
    case 4 : a+=((uint32_t)k[3])<<24;
+  	/* fallthrough */
    case 3 : a+=((uint32_t)k[2])<<16;
+  	/* fallthrough */
    case 2 : a+=((uint32_t)k[1])<<8;
+  	/* fallthrough */
    case 1 : a+=k[0];
             break;
    case 0 : return c;
--- a/src/util/orig-headers/lruhash.h
+++ b/src/util/orig-headers/lruhash.h
@ -326,7 +326,7 @@ void lru_demote(struct lruhash* table, struct lruhash_entry* entry);
 * @param hash: hash value. User calculates the hash.
 * @param entry: identifies the entry.
 * @param data: the data.
- * @param cb_override: if not null overrides the cb_arg for the deletefunc.
+ * @param cb_arg: if not null overrides the cb_arg for the deletefunc.
 * @return: pointer to the existing entry if the key was already present,
 *     or to the entry argument if it was not.
 */
--- a/Show More
+++ b/Show More