349 changed files with 16671 additions and 51399 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1,18 +0,0 @@
 /.dir-locals.el	export-ignore
 /.gitattributes	export-ignore
 /.gitignore	export-ignore
 /.gitmodules	export-ignore
 /.indent.pro	export-ignore
 /.travis.yml	export-ignore
 /getdns.pmdoc	export-ignore
 /gldns/compare.sh	export-ignore
 /gldns/import.sh	export-ignore
 /project-doc	export-ignore
 /src/test/tpkg	export-ignore
 /src/test/README	export-ignore
 /src/tools/Dockerfile	export-ignore
 /src/tools/README.adoc	export-ignore
 /src/util/import.sh	export-ignore
 /src/mk-const-info.c.sh	export-ignore
 /src/mk-symfiles.sh	export-ignore
 /README		export-ignore
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,5 @@
 *~
 .DS_Store
 build*/
 tests*/
 getdns*.tar.gz
 *.o
 *.so
@ -38,11 +36,9 @@ src/test/check_getdns
 src/test/check_getdns_event
 src/test/check_getdns_uv
 src/test/check_getdns_ev
 src/test/getdns_query
 src/test/scratchpad
 src/test/scratchpad.c
 src/tools/getdns_query
 src/tools/getdns_server_mon
 src/stubby
 doc/*.3
 src/getdns/getdns.h
 *.log
@ -58,13 +54,5 @@ m4/ltsugar.m4
 m4/ltversion.m4
 m4/lt~obsolete.m4
 src/config.h.in
 build/
 getdns.pc
 getdns_ext_event.pc
 /src/test/tpkg/result.*
 /src/test/tpkg/.done-*
 /src/test/tpkg/.tpkg.var.master
 /src/test/tpkg/scan-build-reports/
 /src/test/tpkg/install/
 /src/test/tpkg/build/
 /src/test/tpkg/build-stub-only/
 /src/test/tpkg/build-event-loops/
--- a/.gitmodules
+++ b/.gitmodules
@ -1,16 +0,0 @@
 [submodule "src/test/jsmn"]
 	path = src/jsmn
 	url = https://github.com/getdnsapi/jsmn.git
 	branch = getdns
 [submodule "src/yxml"]
 	path = src/yxml
 	url = https://github.com/getdnsapi/yxml.git
 	branch = master
 [submodule "stubby"]
 	path = stubby
 	url = https://github.com/getdnsapi/stubby.git
 	branch = develop
 [submodule "src/ssl_dane"]
 	path = src/ssl_dane
 	url = https://github.com/getdnsapi/ssl_dane
 	branch = getdns
--- a/.travis.yml
+++ b/.travis.yml
@ -1,5 +1,4 @@
 sudo: false
 dist: bionic
 language: c
 compiler:
  - gcc
@ -7,21 +6,14 @@ compiler:
 addons:
  apt:
    packages:
    - libssl-dev
    - libunbound-dev
-    - libidn2-0-dev 
+    - libldns-dev
-    - libyaml-dev
+    - libidn11-dev
    - check
    - libevent-dev
    - libev-dev
-    - libuv-dev
+    - bc
    - valgrind
    - clang
    - wget
    - openssh-client
    - libgnutls28-dev
 script:
  - mkdir tests
  - cd tests
  - ../src/test/tpkg/run-all.sh
 # - ../src/test/tpkg/run-one.sh 290-transports.tpkg -V
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
--- a/478
+++ b/478
@ -1,475 +1,3 @@
 * 2023-??-??: Version 1.7.4
  * Issue #536: Broken trust anchor files are silently ignored
    Thanks Stéphane Bortzmeyer
 * 2022-12-22: Version 1.7.3
  * PR #532: Increase CMake required version 3.5 -> 3.20, because we
    need cmake_path for Absolute paths in pkg-config (See Issue #517)
    Thanks Gabriel Ganne
  * Updated to Stubby 0.4.3 quickfix release
 * 2022-08-19: Version 1.7.2
  * Updated to Stubby 0.4.2 quickfix release
 * 2022-08-19: Version 1.7.1
  * Always send the `dot` ALPN when using DoT
  * Strengthen version determination for Libidn2 during cmake processing
    (thanks jpbion).
  * Fix for issue in UDP stream selection in case of timeouts.
    Thanks Shikha Sharma
  * Fix using asterisk in ipstr for any address. Thanks uzlonewolf.
  * Issue stubby#295: rdata not correctly written for validation for
    certain RR type. Also, set default built type to RelWithDebInfo and
    expose CFLAGS via GETDNS_BUILD_CFLAGS define and via
    getdns_context_get_api_information()
  * Issue #524: Bug fixes from submodules' upstream?
    Thanks Johnnyslee
  * Issue #517: Allow Absolute path CMAKE_INSTALL_{INCLUDE,LIB}DIR in
    pkg-config files. Thanks Alex Shpilkin
  * Issue #512: Update README.md to show correct PGP key location.
    Thanks Katze Prior.
 * 2021-06-04: Version 1.7.0
  * Make TLS Handshake timeout max 4/5th of timeout for the query,
    just like connection setup timeout was, so fallback transport
    have a chance too when TCP connection setup is less well
    detectable (as with TCP_FASTOPEN on MacOS).
  * Issue #466: Memory leak with retrying queries (for examples
    with search paths). Thanks doublez13.
  * Issue #480: Handling of strptime when Cross compiling with CMake.
    A new option to FORCE_COMPAT_STRPTIME (default disabled) will
    (when disabled) make cmake assume the target platform has a POSIX
    compatible strptime when cross-compiling.
  * Setting of the number of milliseconds send data may remain
    unacknowledged by the peer in a TCP connection (when supported 
    by the OS) with getdns_context_set_tcp_send_timeout()
    Thanks maciejsszmigiero.
  * Issue #497: Fix typo in CMAKE included files, so Stubby can use
    TLS v1.3 with chipersuites options ON. Thanks har-riz.
  * Basic name compression on server replied messages. Thanks amialkow!
    This alleviates (but might not completely resolve) issues #495 and
    #320 .
  * Eventloop extensions back to the old names libgetdns_ext_event,
    libgetdns_ext_ev and libgetdns_ext_uv.
  * Compilation warning fixes. Thanks Andreas!
 * 2020-02-28: Version 1.6.0
  * Issues #457, #458, #461: New symbols with libnettle >= 3.4.
    Thanks hanvinke & kometchtech for testing & reporting.
  * Issue #432: answer_ipv4_address and answer_ipv6_address in reply
    and response dicts.
  * Issue #430: Record and guard UDP max payload size with servers.
  * Issue #407: Run only offline-tests option with:
    src/test/tpkg/run-offline-only.sh (only with git checkouts).
  * Issue #175: Include the packet the stub resolver sent to  the
    upstream the call_reporting dict. Thanks Tom Pusateri
  * Issue #169: Build eventloop support libraries if event libraries
    are available. Thanks Tom Pusateri
 * 2019-12-20: Version 1.6.0-beta.1
  * Migration of build system to cmake. Build now works on Ubuntu,
    Windows 10 and macOS.
    Some notes on minor differences in the new cmake build:
      * OpenSSL 1.0.2 or higher is now required
      * libunbound 1.5.9 is now required
      * Only libidn2 2.0.0 and later is supported (not libidn)
      * Windows uses ENABLE_STUB_ONLY=ON as the default
      * Unit and regression tests work on Linux/macOS
        (but not Windows yet)
 * 2019-04-03: Version 1.5.2
  * PR #424: Two small trust anchor fetcher fixes
    Thanks Maciej S. Szmigiero
  * Issue #422: Enable server side and update client side TCP Fast
    Open implementation. Thanks Craig Andrews
  * Issue #423: Fix insecure delegation detection while scheduling.
    Thanks Charles Milette
  * Issue #419: Escape backslashed when printing in JSON format.
    Thanks boB Rudis
  * Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
    option to configure.  libcrypto (from OpenSSL) still needed
    for Zero configuration DNSSEC.
  * DOA rr-type
  * AMTRELAY rr-type
 * 2019-01-11: Version 1.5.1
  * Introduce proof of concept GnuTLS implementation. Incomplete support
    for Trust Anchor validation. Requires GnuTLS DANE library. Currently
    untested with GnuTLS prior to 3.5.19, so configure demands a minumum
    version of 3.5.0.
  * Be consistent and always fail connection setup if setting ciphers/curves/
    TLS version/cipher suites fails.
  * Refactor OpenSSL usage into modules under src/openssl.
    Drop support for LibreSSL and versions of OpenSSL prior to 1.0.2.
  * PR #414: remove TLS13 ciphers from cipher_list, but
    only when SSL_CTX_set_ciphersuites is available.
    Thanks Bruno Pagani
  * Issue #415: Filter out #defines etc. when creating
    symbols file.  Thanks Zero King
 * 2018-12-21: Version 1.5.0
  * RFE getdnsapi/stubby#121 log re-instantiating TLS
    upstreams (because they reached tls_backoff_time) at
    log level 4 (WARNING)
  * GETDNS_RESPSTATUS_NO_NAME for NODATA answers too
  * ZONEMD rr-type
  * getdns_query queries for addresses when a query name
    without a type is given.
  * RFE #408: Fetching of trust anchors will be retried
    after failure, after a certain backoff time. The time
    can be configured with
    getdns_context_set_trust_anchors_backoff_time().
  * RFE #408: A "dnssec" extension that requires DNSSEC
    verification.  When this extension is set, Indeterminate
    DNSSEC status will not be returned.
  * Issue #410: Unspecified ownership of get_api_information()
  * Fix for DNSSEC bug in finding most specific key when
    trust anchor proves non-existance of one of the labels
    along the authentication chain other than the non-
    existance of a DS record on a zonecut.
  * Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130:
    Configurable minimum and maximum TLS versions with
    getdns_context_set_tls_min_version() and
    getdns_context_set_tls_max_version() functions and
    tls_min_version and tls_max_version configuration parameters
    for upstreams.
  * Configurable TLS1.3 ciphersuites with the
    getdns_context_set_tls_ciphersuites() function and
    tls_ciphersuites config parameter for upstreams.
  * Bugfix in upstream string configurations: tls_cipher_list and
    tls_curve_list
  * Bugfix finding signer for validating NSEC and NSEC3s, which
    caused trouble with the partly tracing DNSSEC from the root
    up, introduced in 1.4.2.  Thanks Philip Homburg
 * 2018-05-11: Version 1.4.2
  * Bugfix getdnsapi/stubby#87: Detect and ignore duplicate certs
    in the Windows root CA store.
  * PR #397: No TCP sendto without TCP_FASTOPEN
    Thanks Emery Hemingway
  * Bugfix getdnsapi/stubby#106: Core dump when printing certain
    configuration. Thanks Han Vinke
  * Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root
    up (for tld and sld), to find insecure delegations quicker.
    Thanks UniverseXXX
  * Bugfix: Allow NSEC spans starting from (unexpanded) wildcards
    Bug was introduced when dealing with CVE-2017-15105
  * Bugfix getdnsapi/stubby#46: Don't assume trailing zero with
    string bindata's.  Thanks Lonnie Abelbeck
  * Bugfix #394: Update src/compat/getentropy_linux.c in order to
    handle ENOSYS (not implemented) fallback.
    Thanks Brent Blood
  * Bugfix #395: Clarify that libidn2 dependency is for version 2.0.0
    or higher. Thanks mire3212
 * 2018-03-12: Version 1.4.1
  * Bugfix #388: Prevent fallback to an earlier tries upstream within a
    single query.  Thanks Robert Groenenberg
  * PR #387: Compile with OpenSSL with deprecated APIs disabled.
    Thanks Rosen Penev
  * PR #386: UDP failover improvements:
    - When all UDP upstreams fail, retry them (more or less) equally
    - Limit maximum UDP backoff (default to 1000)
      This is configurable with the --with-max-udp-backoff configure
      option.
    Thanks Robert Groenenberg
  * Bugfix: Find zonecut with DS queries (instead of SOA queries).
    Thanks Elmer Lastdrager
  * Bugfix #385: Verifying insecure NODATA answers (broken since 1.2.1).
    Thanks hanvinke
  * PR #384: Fix minor spelling and formatting.  Thanks dkg.
  * Bugfix #382: Parallel install of getdns_query and getdns_server_mon
 * 2018-02-21: Version 1.4.0
  * .so revision bump to please fedora packaging system.
    Thanks Paul Wouters
  * Specify the supported curves with getdns_context_set_tls_curves_list()
    An upstream specific list of supported curves may also be given
    with the tls_curves_list setting in the upstream dict with
    getdns_context_set_upstream_recursive_servers()
  * New tool getdns_server_mon for checking upstream recursive
    resolver's capabilities.
  * Improved handling of opportunistic back-off.  If other transports
    are working, don’t forcibly promote failed upstreams just wait for
    the re-try timer.
  * Hostname authentication with libressl
    Thanks Norbert Copones
  * Security bugfix in response to CVE-2017-15105.  Although getdns was
    not vulnerable for this specific issue, as a precaution code has been
    adapted so that signatures of DNSKEYs, DSs, NSECs and NSEC3s can not
    be wildcard expansions when used with DNSSEC proofs.  Only direct
    queries for those types are allowed to be wildcard expansions.
  * Bugfix PR#379: Miscelleneous double free or corruption, and corrupted
    memory double linked list detected issue, with serving functionality.
    Thanks maddie and Bruno Pagani
  * Security Bugfix PR#293: Check sha256 pinset's
    with OpenSSL native DANE functions for OpenSSL >= 1.1.0
    with Viktor Dukhovni's danessl library for OpenSSL >= 1.0.0
    don't allow for authentication exceptions (like self-signed
    certificates) otherwise.  Thanks Viktor Dukhovni
  * libidn2 support.  Thanks Paul Wouters
 * 2017-12-21: Version 1.3.0
  * Bugfix #300: Detect dnsmasq and skip unit test that fails with it.
    Thanks Tim Rühsen and Konomi Kitten
  * Specify default available cipher suites for authenticated TLS
    upstreams with getdns_context_set_tls_ciphers_list()
    An upstream specific available cipher suite may also be given
    with the tls_cipher_list setting in the upstream dict with
    getdns_context_set_upstream_recursive_servers()
  * PR #366: Add support for TLS 1.3 and Chacha20-Poly1305
    Thanks Pascal Ernster
  * Bugfix #356: Do Zero configuration DNSSEC meta queries over on the
    context configured upstreams.  Thanks Andreas Schulze
  * Report default extension settings with
    getdns_context_get_api_information()
  * Specify locations at which CA certificates for verification purposes
    are located: getdns_context_set_tls_ca_path()
    getdns_context_set_tls_ca_file()
  * getdns_context_set_resolvconf() function to initialize a context 
    upstreams and suffices with a resolv.conf file.
    getdns_context_get_resolvconf() to get the file used to initialize
    the context's upstreams and suffixes.
    getdns_context_set_hosts() function to initialize a context's
    LOCALNAMES namespace.
    getdns_context_get_hosts() function to get the file used to initialize
    the context's LOCALNAMES namespace.
  * get which version of OpenSSL was used at build time and at run time
    when available with getdns_context_get_api_information()
  * GETDNS_RETURN_IO_ERROR return error code
  * Bugfix #359: edns_client_subnet_private should set family
    Thanks Daniel Areiza & Andreas Schulze
  * Bugfix getdnsapi/stubby#34: Segfault issue with native DNSSEC
    validation.  Thanks Bruno Pagani
 * 2017-11-11: Version 1.2.1
  * Handle more I/O error cases.  Also, when an I/O error does occur,
    never stop listening (with servers), and
    never exit (when running the built-in event loop).
  * Bugfix: Tolerate unsigned and unused RRsets in the authority section.
            Fixes DNSSEC with BIND upstream.
  * Bugfix: DNSSEC validation without support records
  * Bugfix: Validation of full recursive DNSKEY lookups
  * Bugfix: Retry to validate full recursion BOGUS replies with zero
    configuration DNSSEC only when DNSSEC was actually requested
  * Bugfix #348: Fix a linking issue in stubby when libbsd is present
    Thanks Remi Gacogne
  * More robust scheduling; Eliminating a segfault with long running
    applications.
  * Miscellaneous Windows portability fixes from Jim Hague.
  * Fix Makefile dependencies for parallel install.
    Thanks ilovezfs
 * 2017-09-29: Version 1.2.0
  * Bugfix of rc1: authentication of first query with TLS
    Thanks Travis Burtrum
  * A function to set the location for library specific data,
    like trust-anchors: getdns_context_set_appdata().
  * Zero configuration DNSSEC - build upon the scheme
    described in RFC7958.  The URL from which to fetch
    the trust anchor, the verification CA and email
    can be set with the new getdns_context_set_trust_anchor_url(),
    getdns_context_set_trust_anchor_verify_CA() and
    getdns_context_set_trust_anchor_verify_email() functions.
    The default values are to fetch from IANA and to validate
    with the ICANN CA.
  * Update of Stubby with yaml configuration file and
    logging from a certain severity support.
  * Fix tpkg exit status on test failure. Thanks Jim Hague.
  * Refined logging levels for upstream statistics
  * Reuse (best behaving) backed-off TLS upstreams when non are usable.
  * Let TLS upstreams back-off a incremental amount of time.
    Back-off time starts with 1 second and is doubled each failure, but
    will not exceed the time given by getdns_context_set_tls_backoff_time()
  * Make TLS upstream management more resilient to temporary outages
    (like laptop sleeps)
 * 2017-09-04: Version 1.1.3
  * Small bugfixes that came out of static analysis
  * No annotations with the output of getdns_query anymore,
    unless -V option is given to increase verbosity
    Thanks Ollivier Robert
  * getdns_query will now exit with failure status if replies are BOGUS
  * Bugfix: dnssec_return_validation_chain now also works when fallback
    to full recursion was needed with dnssec_roadblock_avoidance
  * More clear build instructions from Paul Hoffman.  Thanks.
  * Bugfix #320.1: Eliminate multiple closing of file descriptors
    Thanks Neil Cook
  * Bugfix #320.2: Array bounds bug in upstream_select
    Thanks Neil Cook
  * Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
    pages.  Thanks James Raftery
  * Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
    but does not have it implemented.  Thanks Joel Purra
  * Compile without Stubby by default.  Stubby now has a git repository
    of its own.  The new Stubby repository is added as a submodule.
    Stubby will still be build alongside getdns with the --with-stubby
    configure option.
 * 2017-07-03: Version 1.1.2
  * Bugfix for parallel make install
  * Bugfix to trigger event callbacks on socket errors
  * A getdns_context_set_logfunc() function with which one may
    register a callback log function for certain library subsystems
    at certain levels.  Currently this can only be used for
    upstream stastistics subsystem.
 * 2017-06-15: Version 1.1.1
  * Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
  * Spelling fix s/receive/receive.  Thanks Andreas Schulze.
  * Added stubby-setdns-macos.sh script to support Homebrew formula
  * Include stubby.conf in the districution tarball
  * Bugfix #286 reschedule reused listening addresses
  * Bugfix #166 Allow parallel builds and unit-tests
  * NSAP-PTR, EID and NIMLOC, TALINK, AVC support
  * Bugfix of TA RR type
  * OPENPGPKEY and SMIMEA support
  * Bugfix TAG rdata type presentation format for CAA RR type
  * Bugfix Zero sized gateways with IPSECKEY gateway_type 0
  * Guidance for integration with systemd
  * Also check for memory leaks with advances server capabilities.
  * Bugfix convert IP string to IP dict with getdns_str2dict() directly.
 * 2017-04-13: Version 1.1.0
  * bugfix: Check size of tls_auth_name.
  * Improvements that came from Visual Studio static analysis
  * Fix to compile with libressl.  Thanks phicoh.
  * Spelling fixes.  Thanks Andreas Schulze.
  * bugfix: Reschedule request timeout when getting the DNSSEC chain.
  * getdns_context_unset_edns_maximum_udp_payload_size() to reset
    to default IPv4/IPv6 dependent edns max udp payload size.
  * Implement sensible default edns0 padding policy.  Thanks DKG.
  * Keep connections open with sync requests too.
  * Fix of event loops so they do not give up with naked timers with
    windows.  Thanks Christian Huitema.
  * Include peer certificate with DNS-over-TLS in combination with
    the return_call_reporting extension.
  * More fine grained control over TLS upstream retry and back off
    behaviour with getdns_context_set_tls_backoff_time() and
    getdns_context_set_tls_connection_retries().
  * New round robin over the available upstreams feaure.
    Enable with getdns_context_set_round_robin_upstreams()
  * Bugfix: Queue requests when no sockets available for outgoing queries.
  * Obey the outstanding query limit with STUB resolution mode too.
  * Updated stubby config file
  * Draft MDNS client implementation by Christian Huitema.
    Enable with --enable-draft-mdns-support to configure
  * bugfix: Let synchronous queries use fds > MAX_FDSETSIZE;
            By moving default eventloop from select to poll
    Thanks Neil Cook
  * bugfix: authentication failure for self signed cert + only pinset
  * bugfix: issue with session re-use making authentication appear to fail
 * 2017-01-13: Version 1.0.0
  * edns0_cookies extension enabled by default (per RFC7873)
  * dnssec_roadblock_avoidance enabled by default (per RFC8027)
  * bugfix: DSA support with OpenSSL 1.1.0
  * Initialize OpenSSL just once in a thread safe way
  * Thread safety with arc4random function
  * Improvements that came from Visual Studio static analysis
    Thanks Christian Huitema
  * Conventional RFC3986 IPv6 [address]:port parsing from getdns_query
  * bugfix: OpenSSL 1.1.0 style crypto locking
    Thanks volkommenheit
  * configure tells *which* dependency is missing
  * bugfix: Exclude terminating '\0' from bindata's returned by
    getdns_get_suffix(). Thanks Jim Hague
  * Better README.md.  Thanks Andrew Sullivan
 * 2016-10-19: Version 1.1.0-a2
  * Improved TLS connection management
  * OpenSSL 1.1 support
  * Stubby, Server version of getdns_query that by default listens
    on 127.0.0.1 and ::1 and reads config from /etc/stubby.conf
    and $HOME/.stubby.conf
 * 2016-07-14: Version 1.1.0a1
  * Conversion functions from text strings to getdns native types:
    getdns_str2dict(), getdns_str2list(), getdns_str2bindata() and
    getdns_str2int()
  * A getdns_context_config() function that configures a context
    with settings given in a getdns_dict
  * A a getdns_context_set_listen_addresses() function and companion
    getdns_reply() function to construct simple name servers.
  * Relocate getdns_query to src/tools and build by default
  * Enhancements to the logic used to select connection based upstream
    transports (TCP, TLS) to improve robustness and re-use of
    connections/upstreams.
 * 2016-07-14: Version 1.0.0b2
  * Collect coverage information from the unit tests
    Thanks Shane Kerr
  * pkg-config for the getdns_ext_event library
    Thanks Tom Pusateri
  * Bugfix: Multiple requests on the same upstream with a transport 
    that keeps connections open in synchronous stub mode.
  * Canonicalized DNSSEC chain with dnssec_return_validation_chain
    (when validated)
  * A dnssec_return_full_validation_chain extension which includes
    then validated resource records.
  * Bugfix: Callbacks fired while scheduling (answer from cache)
    with the unbound plugable event API
  * header extension to set opcode and flags in stub mode
  * Unit tests that cover more code
  * Static checking with the clang analyzer
  * getdns_pretty_print_dict prints dname's as primitives
  * Accept just bindata's instead of address dicts.
    Allow misshing "address_type" in address dicts.
  * TLS session resumption
  * -C <config file> option to getdns_query to configure context 
    from a json like formatted file.  The output of -i (print API
    information) can be used as config file directly.
    Settings may also be given in this format as arguments of
    the getdns_query command directly.
  * DNS server mode for getdns_query.  Enable by providing addresses
    to listen on, either by giving "-z <listen address>" options or by
    providing "listen_addresses" in the config file or settings.
  * Bugfixes from deckard testing: CNAME loop protection.
  * "srv_addresses" in response dict with getdns_service()
  * use libbsd when available
    Thanks Guillem Jover
  * Bugfix: DNSSEC wildcard validation issue
  * Bugfix: TLS timeouts not re-using a connection
  * A getdns_context_get_eventloop(), to get the current
    (pluggable) eventloop from context
  * getdns_query now uses the default event loop (instead of custom)
  * Return call_reporting info in case of timeout
    Thanks Robert Groenenberg
  * Bugfix: Build fails with autoconf 2.63, works with 2.68.
    Thanks Robert Groenenberg
  * Doxygen output for getdns.h and getdns_extra.h only
  * Do not call SSL_library_init() from getdns_context_create() when
    the second bit from the set_from_os parameter is set.
 * 2016-03-31: Version 1.0.0b1
  * openssl 1.1.0 support
  * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST default suffix handling
  * getdns_context_set_follow_redirects()
  * Read suffix list from registry on Windows
  * A dnssec_return_all_statuses extension
  * Set root servers without temporary file (libunbound >= 1.5.8 needed)
  * Eliminate unit test's ldns dependency
  * pkts wireformat <-> getdns_dict <-> string
    conversion functions
  * Eliminate all side effects when doing sync requests
    (libunbound >= 1.5.9 needed)
  * Bugfix: Load gost algorithm if digest is seen before key algorithm
    Thanks Jelte Janssen
  * Bugfix: Respect DNSSEC skew.
  * Offline dnssec validation for any given point in time
  * Correct return value in documentation for getdns_pretty_print_dict().
    Thanks Linus Nordberg
  * Bugfix: Don't treat "domain" or "search" as a nameserver.
    Thanks Linus Nordberg
  * Use the default CA trust store on Windows (for DNS over TLS).
  * Propagate eventloop to unbound when unbound has pluggable event loops
    (libunbound >= 1.5.9 needed)
  * Replace mini_event extension by default_eventloop
  * Bugfix: Segfault on NULL pin
  * Bugfix: Correct output of get_api_settings
  * Bugfix: Memory leak with getdns_get_api_information() 
    Thanks Robert Groenenberg.
 * 2015-12-31: Version 0.9.0
  * Update of unofficial extension to the API that supports stub mode 
    TLS verification. GETDNS_AUTHENTICATION_HOSTNAME is replaced by 
@ -512,7 +40,7 @@
    '-1' to append suffix only to single label after failure
    '-M' to append suffix only to multi label name after failure
    '-N' to never append a suffix
-    '-Z <suffixes>' to set suffixes with the given comma separated list
+    '-Z <suffixes>' to set suffixes with the given comma separed list
  * Better help text for getdns_query (printed with the '-h' option)
  * Setting the +specify_class extension with getdns_query
  * Return NOT_IMPLEMENTED for not implemented namespaces, and the
@ -566,7 +94,7 @@
 * 2015-09-04: Version 0.3.2
  * Fix returned upstreams list by getdns_context_get_api_information()
  * Fix some autoconf issues when srcdir != builddir
-  * Fix remove build date from manpage version for reproducible builds
+  * Fix remove build date from manpage version for reproducable builds
  * Fix transport fallback issues plus transport fallback unit test script
  * Fix string bindata's need not contain trailing zero byte
  * --enable-stub-only configure option for stub only operation.
@ -719,7 +247,7 @@
  * Build from separate build directory
  * Anticipate libunbound not returning the answer packet
  * Pretty print bindata's representing IP addresses
-  * Anticipate absence of implicit DSO linking
+  * Anticipate absense of implicit DSO linking
  * Mention getdns specific options to configure in INSTALL
    Thanks Paul Hoffman
  * Mac OSX package built instructions for generic user in README.md
--- a/project-doc/CodingStyle
+++ b/project-doc/CodingStyle
--- a/404
+++ b/404
@ -0,0 +1,404 @@
 Installation Instructions
 *************************
 Copyright (C) 1994-1996, 1999-2002, 2004-2012 Free Software Foundation,
 Inc.
   Copying and distribution of this file, with or without modification,
 are permitted in any medium without royalty provided the copyright
 notice and this notice are preserved.  This file is offered as-is,
 without warranty of any kind.
 (Options specific to getdns are listed at the end of this document.)
 Basic Installation
 ==================
   Briefly, the shell commands `./configure; make; make install' should
 configure, build, and install this package.  The following
 more-detailed instructions are generic; see the `README' file for
 instructions specific to this package.  Some packages provide this
 `INSTALL' file but do not implement all of the features documented
 below.  The lack of an optional feature in a given package is not
 necessarily a bug.  More recommendations for GNU packages can be found
 in *note Makefile Conventions: (standards)Makefile Conventions.
   The `configure' shell script attempts to guess correct values for
 various system-dependent variables used during compilation.  It uses
 those values to create a `Makefile' in each directory of the package.
 It may also create one or more `.h' files containing system-dependent
 definitions.  Finally, it creates a shell script `config.status' that
 you can run in the future to recreate the current configuration, and a
 file `config.log' containing compiler output (useful mainly for
 debugging `configure').
   It can also use an optional file (typically called `config.cache'
 and enabled with `--cache-file=config.cache' or simply `-C') that saves
 the results of its tests to speed up reconfiguring.  Caching is
 disabled by default to prevent problems with accidental use of stale
 cache files.
   If you need to do unusual things to compile the package, please try
 to figure out how `configure' could check whether to do them, and mail
 diffs or instructions to the address given in the `README' so they can
 be considered for the next release.  If you are using the cache, and at
 some point `config.cache' contains results you don't want to keep, you
 may remove or edit it.
   The file `configure.ac' (or `configure.in') is used to create
 `configure' by a program called `autoconf'.  You need `configure.ac' if
 you want to change it or regenerate `configure' using a newer version
 of `autoconf'.
   The simplest way to compile this package is:
  1. `cd' to the directory containing the package's source code and type
     `./configure' to configure the package for your system.
     Running `configure' might take a while.  While running, it prints
     some messages telling which features it is checking for.
  2. Type `make' to compile the package.
  3. Optionally, type `make check' to run any self-tests that come with
     the package, generally using the just-built uninstalled binaries.
  4. Type `make install' to install the programs and any data files and
     documentation.  When installing into a prefix owned by root, it is
     recommended that the package be configured and built as a regular
     user, and only the `make install' phase executed with root
     privileges.
  5. Optionally, type `make installcheck' to repeat any self-tests, but
     this time using the binaries in their final installed location.
     This target does not install anything.  Running this target as a
     regular user, particularly if the prior `make install' required
     root privileges, verifies that the installation completed
     correctly.
  6. You can remove the program binaries and object files from the
     source code directory by typing `make clean'.  To also remove the
     files that `configure' created (so you can compile the package for
     a different kind of computer), type `make distclean'.  There is
     also a `make maintainer-clean' target, but that is intended mainly
     for the package's developers.  If you use it, you may have to get
     all sorts of other programs in order to regenerate files that came
     with the distribution.
  7. Often, you can also type `make uninstall' to remove the installed
     files again.  In practice, not all packages have tested that
     uninstallation works correctly, even though it is required by the
     GNU Coding Standards.
  8. Some packages, particularly those that use Automake, provide `make
     distcheck', which can by used by developers to test that all other
     targets like `make install' and `make uninstall' work correctly.
     This target is generally not run by end users.
 Compilers and Options
 =====================
   Some systems require unusual options for compilation or linking that
 the `configure' script does not know about.  Run `./configure --help'
 for details on some of the pertinent environment variables.
   You can give `configure' initial values for configuration parameters
 by setting variables in the command line or in the environment.  Here
 is an example:
     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
   *Note Defining Variables::, for more details.
 Compiling For Multiple Architectures
 ====================================
   You can compile the package for more than one kind of computer at the
 same time, by placing the object files for each architecture in their
 own directory.  To do this, you can use GNU `make'.  `cd' to the
 directory where you want the object files and executables to go and run
 the `configure' script.  `configure' automatically checks for the
 source code in the directory that `configure' is in and in `..'.  This
 is known as a "VPATH" build.
   With a non-GNU `make', it is safer to compile the package for one
 architecture at a time in the source code directory.  After you have
 installed the package for one architecture, use `make distclean' before
 reconfiguring for another architecture.
   On MacOS X 10.5 and later systems, you can create libraries and
 executables that work on multiple system types--known as "fat" or
 "universal" binaries--by specifying multiple `-arch' options to the
 compiler but only a single `-arch' option to the preprocessor.  Like
 this:
     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
                 CPP="gcc -E" CXXCPP="g++ -E"
   This is not guaranteed to produce working output in all cases, you
 may have to build one architecture at a time and combine the results
 using the `lipo' tool if you have problems.
 Installation Names
 ==================
   By default, `make install' installs the package's commands under
 `/usr/local/bin', include files under `/usr/local/include', etc.  You
 can specify an installation prefix other than `/usr/local' by giving
 `configure' the option `--prefix=PREFIX', where PREFIX must be an
 absolute file name.
   You can specify separate installation prefixes for
 architecture-specific files and architecture-independent files.  If you
 pass the option `--exec-prefix=PREFIX' to `configure', the package uses
 PREFIX as the prefix for installing programs and libraries.
 Documentation and other data files still use the regular prefix.
   In addition, if you use an unusual directory layout you can give
 options like `--bindir=DIR' to specify different values for particular
 kinds of files.  Run `configure --help' for a list of the directories
 you can set and what kinds of files go in them.  In general, the
 default for these options is expressed in terms of `${prefix}', so that
 specifying just `--prefix' will affect all of the other directory
 specifications that were not explicitly provided.
   The most portable way to affect installation locations is to pass the
 correct locations to `configure'; however, many packages provide one or
 both of the following shortcuts of passing variable assignments to the
 `make install' command line to change installation locations without
 having to reconfigure or recompile.
   The first method involves providing an override variable for each
 affected directory.  For example, `make install
 prefix=/alternate/directory' will choose an alternate location for all
 directory configuration variables that were expressed in terms of
 `${prefix}'.  Any directories that were specified during `configure',
 but not in terms of `${prefix}', must each be overridden at install
 time for the entire installation to be relocated.  The approach of
 makefile variable overrides for each directory variable is required by
 the GNU Coding Standards, and ideally causes no recompilation.
 However, some platforms have known limitations with the semantics of
 shared libraries that end up requiring recompilation when using this
 method, particularly noticeable in packages that use GNU Libtool.
   The second method involves providing the `DESTDIR' variable.  For
 example, `make install DESTDIR=/alternate/directory' will prepend
 `/alternate/directory' before all installation names.  The approach of
 `DESTDIR' overrides is not required by the GNU Coding Standards, and
 does not work on platforms that have drive letters.  On the other hand,
 it does better at avoiding recompilation issues, and works well even
 when some directory options were not specified in terms of `${prefix}'
 at `configure' time.
 Optional Features
 =================
   If the package supports it, you can cause programs to be installed
 with an extra prefix or suffix on their names by giving `configure' the
 option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
   Some packages pay attention to `--enable-FEATURE' options to
 `configure', where FEATURE indicates an optional part of the package.
 They may also pay attention to `--with-PACKAGE' options, where PACKAGE
 is something like `gnu-as' or `x' (for the X Window System).  The
 `README' should mention any `--enable-' and `--with-' options that the
 package recognizes.
   For packages that use the X Window System, `configure' can usually
 find the X include and library files automatically, but if it doesn't,
 you can use the `configure' options `--x-includes=DIR' and
 `--x-libraries=DIR' to specify their locations.
   Some packages offer the ability to configure how verbose the
 execution of `make' will be.  For these packages, running `./configure
 --enable-silent-rules' sets the default to minimal output, which can be
 overridden with `make V=1'; while running `./configure
 --disable-silent-rules' sets the default to verbose, which can be
 overridden with `make V=0'.
 Particular systems
 ==================
   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
 CC is not installed, it is recommended to use the following options in
 order to use an ANSI C compiler:
     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
 and if that doesn't work, install pre-built binaries of GCC for HP-UX.
   HP-UX `make' updates targets which have the same time stamps as
 their prerequisites, which makes it generally unusable when shipped
 generated files such as `configure' are involved.  Use GNU `make'
 instead.
   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
 parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
 a workaround.  If GNU CC is not installed, it is therefore recommended
 to try
     ./configure CC="cc"
 and if that doesn't work, try
     ./configure CC="cc -nodtk"
   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
 directory contains several dysfunctional programs; working variants of
 these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
 in your `PATH', put it _after_ `/usr/bin'.
   On Haiku, software installed for all users goes in `/boot/common',
 not `/usr/local'.  It is recommended to use the following options:
     ./configure --prefix=/boot/common
   On Mac OSX getdns will not build against the version of OpenSSL shipped with
 OSX. If you link against a self-complied version of OpenSSL then manual 
 configuration of certificates into the default OpenSSL directory 
 /usr/local/etc/openssl/certs is currently required for TLS authentication to work.
 However if linking against the version of OpenSSL installed via Homebrew TLS 
 authentication will work out of the box.
 Specifying the System Type
 ==========================
   There may be some features `configure' cannot figure out
 automatically, but needs to determine by the type of machine the package
 will run on.  Usually, assuming the package is built to be run on the
 _same_ architectures, `configure' can figure that out, but if it prints
 a message saying it cannot guess the machine type, give it the
 `--build=TYPE' option.  TYPE can either be a short name for the system
 type, such as `sun4', or a canonical name which has the form:
     CPU-COMPANY-SYSTEM
 where SYSTEM can have one of these forms:
     OS
     KERNEL-OS
   See the file `config.sub' for the possible values of each field.  If
 `config.sub' isn't included in this package, then this package doesn't
 need to know the machine type.
   If you are _building_ compiler tools for cross-compiling, you should
 use the option `--target=TYPE' to select the type of system they will
 produce code for.
   If you want to _use_ a cross compiler, that generates code for a
 platform different from the build platform, you should specify the
 "host" platform (i.e., that on which the generated programs will
 eventually be run) with `--host=TYPE'.
 Sharing Defaults
 ================
   If you want to set default values for `configure' scripts to share,
 you can create a site shell script called `config.site' that gives
 default values for variables like `CC', `cache_file', and `prefix'.
 `configure' looks for `PREFIX/share/config.site' if it exists, then
 `PREFIX/etc/config.site' if it exists.  Or, you can set the
 `CONFIG_SITE' environment variable to the location of the site script.
 A warning: not all `configure' scripts look for a site script.
 Defining Variables
 ==================
   Variables not defined in a site shell script can be set in the
 environment passed to `configure'.  However, some packages may run
 configure again during the build, and the customized values of these
 variables may be lost.  In order to avoid this problem, you should set
 them in the `configure' command line, using `VAR=value'.  For example:
     ./configure CC=/usr/local2/bin/gcc
 causes the specified `gcc' to be used as the C compiler (unless it is
 overridden in the site shell script).
 Unfortunately, this technique does not work for `CONFIG_SHELL' due to
 an Autoconf limitation.  Until the limitation is lifted, you can use
 this workaround:
     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
 `configure' Invocation
 ======================
   `configure' recognizes the following options to control how it
 operates.
 `--help'
 `-h'
     Print a summary of all of the options to `configure', and exit.
 `--help=short'
 `--help=recursive'
     Print a summary of the options unique to this package's
     `configure', and exit.  The `short' variant lists options used
     only in the top level, while the `recursive' variant lists options
     also present in any nested packages.
 `--version'
 `-V'
     Print the version of Autoconf used to generate the `configure'
     script, and exit.
 `--cache-file=FILE'
     Enable the cache: use and save the results of the tests in FILE,
     traditionally `config.cache'.  FILE defaults to `/dev/null' to
     disable caching.
 `--config-cache'
 `-C'
     Alias for `--cache-file=config.cache'.
 `--quiet'
 `--silent'
 `-q'
     Do not print messages saying which checks are being made.  To
     suppress all normal output, redirect it to `/dev/null' (any error
     messages will still be shown).
 `--srcdir=DIR'
     Look for the package's source code in directory DIR.  Usually
     `configure' can determine that directory automatically.
 `--prefix=DIR'
     Use DIR as the installation prefix.  *note Installation Names::
     for more details, including other options available for fine-tuning
     the installation locations.
 `--no-create'
 `-n'
     Run the configure checks, but stop before creating any output
     files.
 `configure' also accepts some other, not widely useful, options.  Run
 `configure --help' for more details.
 getdns-specific Options
 =======================
 `--with-libidn=pathname'
 	path to libidn (default: search /usr/local ..)
 `--with-libldns=pathname'
 	path to libldns (default: search /usr/local ..)
 `--with-libunbound=pathname'
 	path to libunbound (default: search /usr/local ..)
 `--with-libevent'
 	path to libevent (default: search /usr/local ..)
 `--with-libuv'
 	path to libuv (default: search /usr/local ..)
 `--with-libev'
 	path to libev (default: search /usr/local ..)
 `--with-trust-anchor=KEYFILE'
 	Default location of the trust anchor file.
 	[default=SYSCONFDIR/unbound/getdns-root.key]
--- a/Makefile.in
+++ b/Makefile.in
@ -0,0 +1,250 @@
 #
 # @configure_input@
 #
 #
 # Copyright (c) 2013, Verisign, Inc., NLnet Labs
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
 # * Redistributions of source code must retain the above copyright
 # notice, this list of conditions and the following disclaimer.
 # * Redistributions in binary form must reproduce the above copyright
 #   notice, this list of conditions and the following disclaimer in the
 #   documentation and/or other materials provided with the distribution.
 # * Neither the names of the copyright holders nor the
 #   names of its contributors may be used to endorse or promote products
 #   derived from this software without specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 package = @PACKAGE_NAME@
 version = @PACKAGE_VERSION@@RELEASE_CANDIDATE@
 tarname	= @PACKAGE_TARNAME@
 PACKAGE_TARNAME	= @PACKAGE_TARNAME@
 distdir	= $(tarname)-$(version)
 bintar  = $(distdir)-bin.tar.gz
 prefix = @prefix@
 datarootdir=@datarootdir@
 exec_prefix = @exec_prefix@
 bindir = @bindir@
 docdir = @docdir@
 libdir = @libdir@
 srcdir = @srcdir@
 INSTALL = @INSTALL@
 all : default @GETDNS_QUERY@ 
 default:
 	cd src && $(MAKE) $@
 install: all getdns.pc @INSTALL_GETDNS_QUERY@
 	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/COPYING $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/INSTALL $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/LICENSE $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/NEWS $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/README.md $(DESTDIR)$(docdir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig
 	$(INSTALL) -m 644 getdns.pc $(DESTDIR)$(libdir)/pkgconfig
 	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)/spec
 	$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
 	$(INSTALL) -m 644 $(srcdir)/spec/getdns*tgz $(DESTDIR)$(docdir)/spec || true
 	cd src && $(MAKE) $@
 	cd doc && $(MAKE) $@
 	@echo "***"
 	@echo "***  !!! IMPORTANT !!!!  libgetdns needs a DNSSEC trust anchor!"
 	@echo "***"
 	@echo "***  For the library to be able to perform DNSSEC, the root"
 	@echo "***  trust anchor needs to be present in presentation format"
 	@echo "***  in the file: "
 	@echo "***        @TRUST_ANCHOR_FILE@"
 	@echo "***"
 	@echo "***  We recomend using unbound-anchor to retrieve and install"
 	@echo "***  the root trust anchor like this: "
 	@echo "***        mkdir -p `dirname @TRUST_ANCHOR_FILE@`"
 	@echo "***        unbound-anchor -a \"@TRUST_ANCHOR_FILE@\""
 	@echo "***"
 	@echo "***  We strongly recommend package maintainers to provide the"
 	@echo "***  root trust anchor by installing it with unbound-anchor"
 	@echo "***  at package installation time from the post-install script."
 	@echo "***"
 uninstall: @UNINSTALL_GETDNS_QUERY@
 	rm -rf $(DESTDIR)$(docdir)
 	cd doc && $(MAKE) $@
 	cd src && $(MAKE) $@
 doc:	FORCE
 	cd doc && $(MAKE) $@
 example:
 	cd spec/example && $(MAKE) $@
 test:
 	cd src && $(MAKE) $@
 getdns_query:
 	cd src && $(MAKE) $@
 scratchpad:
 	cd src && $(MAKE) $@
 pad: scratchpad
 	src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
 install-getdns_query:
 	cd src/test && $(MAKE) install
 uninstall-getdns_query:
 	cd src/test && $(MAKE) uninstall
 clean:
 	cd src && $(MAKE) $@
 	cd doc && $(MAKE) $@
 	cd spec/example && $(MAKE) $@
 	rm -f *.o *.pc
 depend:
 	cd src && $(MAKE) $@
 	cd spec/example && $(MAKE) $@
 distclean:
 	cd src && $(MAKE) $@
 	rmdir src 2>/dev/null || true
 	cd doc && $(MAKE) $@
 	rmdir doc 2>/dev/null || true
 	cd spec/example && $(MAKE) $@
 	rmdir spec/example 2>/dev/null || true
 	rmdir spec 2>/dev/null || true
 	rm -f config.log config.status Makefile libtool getdns.pc
 	rm -fR autom4te.cache
 	rm -f m4/libtool.m4
 	rm -f m4/lt~obsolete.m4
 	rm -f m4/ltoptions.m4
 	rm -f m4/ltsugar.m4
 	rm -f m4/ltversion.m4
 	rm -f $(distdir).tar.gz $(distdir).tar.gz.sha1
 	rm -f $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
 megaclean:
 	cd $(srcdir) && rm -fr * .dir-locals.el .gitignore .indent.pro .travis.yml && git reset --hard
 dist: $(distdir).tar.gz
 pub: $(distdir).tar.gz.sha1 $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
 $(distdir).tar.gz.sha1: $(distdir).tar.gz
 	openssl sha1 $(distdir).tar.gz >$@
 $(distdir).tar.gz.md5: $(distdir).tar.gz
 	openssl md5 $(distdir).tar.gz >$@
 $(distdir).tar.gz.asc: $(distdir).tar.gz
 	gpg --armor --detach-sig $(distdir).tar.gz
 bindist: $(bintar)
 $(bintar): $(distdir)
 	chown -R 0:0 $(distdir) 2>/dev/null || true
 	cd $(distdir); ./configure; make
 	tar chof - $(distdir) | gzip -9 -c > $@
 	rm -rf $(distdir)
 $(distdir).tar.gz: $(distdir)
 	chown -R 0:0 $(distdir) 2>/dev/null || true
 	tar chof - $(distdir) | gzip -9 -c > $@
 	rm -rf $(distdir)
 $(distdir):
 	mkdir -p $(distdir)/m4
 	mkdir -p $(distdir)/src
 	mkdir -p $(distdir)/src/getdns
 	mkdir -p $(distdir)/src/test
 	mkdir -p $(distdir)/src/extension
 	mkdir -p $(distdir)/src/compat
 	mkdir -p $(distdir)/src/util
 	mkdir -p $(distdir)/src/gldns
 	mkdir -p $(distdir)/doc
 	mkdir -p $(distdir)/spec
 	mkdir -p $(distdir)/spec/example
 	cp $(srcdir)/configure.ac $(distdir)
 	cp $(srcdir)/configure $(distdir)
 	cp $(srcdir)/AUTHORS $(distdir)
 	cp $(srcdir)/ChangeLog $(distdir)
 	cp $(srcdir)/COPYING $(distdir)
 	cp $(srcdir)/INSTALL $(distdir)
 	cp $(srcdir)/LICENSE $(distdir)
 	cp $(srcdir)/NEWS $(distdir)
 	cp $(srcdir)/README.md $(distdir)
 	cp $(srcdir)/Makefile.in $(distdir)
 	cp $(srcdir)/install-sh $(distdir)
 	cp $(srcdir)/config.sub $(distdir)
 	cp $(srcdir)/config.guess $(distdir)
 	cp $(srcdir)/getdns.pc.in $(distdir)
 	cp libtool $(distdir)
 	cp $(srcdir)/ltmain.sh $(distdir)
 	cp $(srcdir)/m4/*.m4 $(distdir)/m4
 	cp $(srcdir)/src/*.in $(distdir)/src
 	cp $(srcdir)/src/*.[ch] $(distdir)/src
 	cp $(srcdir)/src/*.symbols $(distdir)/src
 	cp $(srcdir)/src/extension/*.[ch] $(distdir)/src/extension
 	cp $(srcdir)/src/extension/*.symbols $(distdir)/src/extension
 	cp $(srcdir)/src/getdns/*.in $(distdir)/src/getdns
 	cp $(srcdir)/src/getdns/getdns_*.h $(distdir)/src/getdns
 	cp $(srcdir)/src/test/Makefile.in $(distdir)/src/test
 	cp $(srcdir)/src/test/*.[ch] $(distdir)/src/test
 	cp $(srcdir)/src/test/*.sh $(distdir)/src/test
 	cp $(srcdir)/src/test/*.good $(distdir)/src/test
 	cp $(srcdir)/src/compat/*.[ch] $(distdir)/src/compat
 	cp $(srcdir)/src/util/*.[ch] $(distdir)/src/util
 	cp $(srcdir)/src/gldns/*.[ch] $(distdir)/src/gldns
 	cp $(srcdir)/doc/Makefile.in $(distdir)/doc
 	cp $(srcdir)/doc/*.in $(distdir)/doc
 	cp $(srcdir)/doc/manpgaltnames $(distdir)/doc
 	cp $(srcdir)/spec/*.html $(distdir)/spec
 	cp $(srcdir)/spec/*.tgz $(distdir)/spec || true
 	cp $(srcdir)/spec/example/Makefile.in $(distdir)/spec/example
 	cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
 	rm -f $(distdir)/Makefile $(distdir)/src/Makefile $(distdir)/src/getdns/getdns.h $(distdir)/spec/example/Makefile $(distdir)/src/test/Makefile $(distdir)/doc/Makefile $(distdir)/src/config.h
 distcheck: $(distdir).tar.gz
 	gzip -cd $(distdir).tar.gz | tar xvf -
 	cd $(distdir) && ./configure
 	cd $(distdir) && $(MAKE) all
 	cd $(distdir) && $(MAKE) check
 	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst install
 	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst uninstall
 	@remaining="`find $${PWD}/$(distdir)/_inst -type f | wc -l`"; \
 	if test "$${remaining}" -ne	0; then
 	echo "@@@	$${remaining} file(s) remaining	in stage directory!"; \
 	exit 1; \
 	fi
 	cd $(distdir) && $(MAKE) clean
 	rm -rf $(distdir)
 	@echo "*** Package $(distdir).tar.gz is ready for distribution"
 getdns.pc: $(srcdir)/getdns.pc.in
 	./config.status $@
 Makefile: $(srcdir)/Makefile.in config.status
 	./config.status $@
 configure.status: configure
 	./config.status --recheck
 .PHONY: all distclean clean default doc test
 FORCE:
--- a/README.md
+++ b/README.md
@ -1,156 +1,133 @@
-getdns
+getdns API
-======
+==========
 # Overview of getdns
 * Date:    2015-12-30
 * GitHub:  <https://github.com/getdnsapi/getdns>
-getdns is an implementation of a modern asynchronous DNS API; the specification was originally edited by Paul Hoffman.  It is intended to make all types of DNS information easily available to application developers and non-DNS experts.
+getdns is an implementation of a modern asynchronous DNS API specification
-
+originally edited by Paul Hoffman.  It is intended to make all types of DNS
-## Why you might want getdns
+information easily available to application developers and non-DNS experts.
-
+The project home page at [getdnsapi.net](https://getdnsapi.net) provides
-Traditional access to DNS data from applications has several limitations:
+documentation, binary downloads and new regarding the getdns API
-
+implementation.  This implementation is licensed under the New BSD License
-* APIs require applications to have considerable sophistication about DNS data and data types
+(BSD-new).
 * Some kinds of data about the response (notably, the resource record set time to live) is not exposed via any API, so applications need to process raw protocol responses to get such data
 * APIs are often blocking, meaning asynchronous access is not possible without some work
 * Sophisticated uses of the DNS (things like IDNA and DNSSEC validation) require considerable application work, possibly by application developers with little experience with the vagaries of DNS.
 getdns also provides an experimental DNS Privacy enabled client called 'stubby' - see below for more details.
 ## Motivation for providing the API
 The developers are of the opinion that DNSSEC offers a unique global infrastructure for establishing and enhancing cryptographic trust relations.  With the development of this API we intend to offer application developers a modern and flexible interface that enables end-to-end trust in the DNS architecture, and which will inspire application developers to implement innovative security solutions in their applications.
 ### API Documentation
 Note that this implementation offers additional functionality to supplement that in the [official getdns API](https://getdnsapi.net/documentation/spec/). Some additions are convenient utility functions but other functionality is experimental prior to be being recommended for inclusion in the official API.  The [Doxygen documentation](https://getdnsapi.net/doxygen/modules.html)  provides the details of the full API for this implementation.
 ## License
 This implementation is licensed under the New BSD License (BSD-new).
 Obtaining and getting started with getdns
 =========================================
 The project home page at [getdnsapi.net](https://getdnsapi.net) provides documentation, binary downloads, and news regarding the getdns API implementation.  This README file captures the goals and direction of the project and the current state of the implementation.
 If you are just getting started with the library take a look at the section below that describes building and handling external dependencies for the library.
 ### Examples
 Once it is built you should take a look at `spec/example` to see how the library is used.
 # Download
 Download the sources from our [github repo](https://github.com/getdnsapi/getdns) 
 or from [getdnsapi.net](https://getdnsapi.net) and verify the download using
 the checksums (SHA1 or MD5) or using gpg to verify the signature.  Our keys are
-available from the [openpgp keyserver](https://keys.openpgp.org/)
+available from the [pgp keyservers](https://keyserver.pgp.com)
-* `willem@nlnetlabs.nl`, key id E5F8F8212F77A498
+* willem@nlnetlabs.nl, key id E5F8F8212F77A498
 * gwiley@verisign.com, key id 9DC3D572A6B73532
-# Releases
+We have a [users list](https://getdnsapi.net/mailman/listinfo/spec) for this implementation.
 The [getdns-api mailing list](https://getdnsapi.net/mailman/listinfo/spec)
 is a good place to engage in discussions regarding the design of the API.
 If you are just getting started with the library take a look at the section
 below that describes building and handling external dependencies for the
 library.  Once it is built you should take a look at src/examples to see how
 the library is used.
 This file captures the goals and direction of the project and the current state
 of the implementation.
 The goals of this implementation of the getdns API are:
 * Provide an open source implementation, in C, of the formally described getdns API by getdns API team at <https://getdnsapi.net/spec.html>
 * Initial support for FreeBSD, OSX, Linux (CentOS/RHEL, Ubuntu) via functional "configure" script
 * Initial support for Windows 8.1 
 * Initial support to include the Android platform
 * Include examples and tests as part of the build
 * Document code using doxygen
 * Leverage github as much as possible for project coordination
 * Coding style/standards follow the BSD coding style <ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/share/misc/style>
 Non-goals (things we will not be doing at least initially) include:
 * implementation of the traditional DNS related routines (gethostbyname, etc.)
 ## Language Bindings
 In parallel, the team is actively developing bindings for various languages.
 For more information, visit the
 [wiki](https://github.com/getdnsapi/getdns/wiki/Language-Bindings).
 Motivation for providing the API
 ================================
 The developers are of the opinion that DNSSEC offers a unique global
 infrastructure for establishing and enhancing cryptographic trust relations.
 With the development of this API we intend to offer application developers a
 modern and flexible way that enables end-to-end trust in the DNS architecture
 and will inspire application developers towards innovative security solutions
 in their applications.
 Releases
 ========
 Release numbering follows the [Semantic Versioning](http://semver.org/)
 approach.  The code is currently under active development.
 The following requirements were met as conditions for the present release:
-* code compiles cleanly on at least the primary target platforms: OSX, Linux (RHEL/CentOS, Ubuntu), FreeBSD
+* code compiles cleanly on at least the primary target platforms: OSX, RHEL/CentOS Linux, FreeBSD
-* examples must compile and run cleanly
+* examples must compile and run clean
-* there must be clear documentation of supported and unsupported elements of the API
+* clearly document supported/unsupported elements of the API
 # External Dependencies
 If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files.
 External dependencies are linked outside the getdns API build tree (we rely on CMake to find them).  We would like to keep the dependency tree short, see [Minimising Dependancies](#minimizing-dependancies) for more details.
 Required for all builds:
 * [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 1.0.2 or later. Using OpenSSL 1.1 is recommended due to TSL 1.3 support.
 Required for all builds that include recursive functionality:
 * [libunbound from NLnet Labs](https://unbound.net/) version 1.5.9 or later. (Note: linking to libunbound is not yet supported on Windows, see [Windows 10](#microsoft-windows-10))
 Required for all builds that include IDN functionality:
 * [libidn2 from the FSF](https://www.gnu.org/software/libidn/) version 2.0.0 and higher.
 Required to build the documentation:
 * [Doxygen](http://www.doxygen.nl) is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
 For example, to build on Ubuntu 18.04 or later, you would need the following packages for a full build:
    # apt install build-essential libunbound-dev libidn2-dev libssl-dev cmake
 # Building
 If you are building from git, you need to do the following before building:
    # git submodule update --init
 From release 1.6.0 getdns uses CMake (previous versions used autoconf/libtool). To build from this release and later use:
    # cmake .
    # make
 If you are unfamiliar with CMake, see our [CMake Quick Start](https://getdnsapi.net/quick-start/cmake-quick-start/) for how to use CMake options to customise the getdns build.
 As well as building the getdns library two other tools are installed by default:
 * getdns_query: a command line test script wrapper for getdns. This can be used to quickly check the functionality of the library, see (#using-getdnsquery)
 * getdns_server_mon: test DNS server function and capabilities
 Additionally `Stubby` a DNS Privacy enabled client can also be built and installed by using the `BUILD_STUBBY` option when running `cmake`, see [Stubby](#stubby).
-## Minimizing dependencies
+Tickets/Bug Reports
 ===================
 Tickets and bug reports should be reported via the [GitHub issues list](https://github.com/getdnsapi/getdns/issues).
-* getdns can be configured for stub resolution mode only with the `ENABLE_STUB_ONLY` option to `cmake`.  This removes the dependency on `libunbound`.
+Additionally, we have a mailing list at users@getdns.net.
 * Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`.  If you do not need these functions, getdns can be configured to compile without them by setting the`USE_LIBIDN2` option to `cmake` to OFF.
 * When `ENABLE_STUB_ONLY` is ON, and `USE_LIBIDN2` is OFF, getdns has only one dependency left, which is OpenSSL.
 ## Extensions and Event loop dependencies
-The implementation works with a variety of event loops, each built as a separate shared library.  See [this Doxygen page](https://getdnsapi.net/doxygen/group__eventloops.html) and [this man page](https://getdnsapi.net/documentation/manpages/#ASYNCHRONOUS USE) for more details.
+Building/External Dependencies
 ==============================
-* [libevent](http://libevent.org).  Note: the examples *require* this. libevent 2.x is required.
+External dependencies are linked outside the getdns API build tree (we rely on configure to find them).  We would like to keep the dependency tree short.
-* [libuv](https://libuv.org/)
+Please refer to section for building on Windows for separate dependency and build instructions.
 * [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later.
 * [libidn from the FSF](https://www.gnu.org/software/libidn/) version 1.
 * [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
 * Doxygen is used to generate documentation, while this is not technically necessary for the build it makes things a lot more pleasant.
 You have to install the library and also the library-devel (or -dev) for your
 package management system to install the compile time files.  If you checked
 out our git you need to copy the libtool helper scripts and rebuild configure
 with:
    # libtoolize -ci
    # autoreconf -fi
 ## Minimal dependencies
 * getdns can be configured for stub resolution mode only with the `--enable-stub-only` option to configure.  This removed the dependency on `libunbound`.
 * Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`.  If you do not need these functions, getdns can be configured to compile without them with the `--without-libidn` option to configure.
 * When both `--enable-stub-only` and `--with-libidn` options are used, getdns has only one dependency left, which is OpenSSL.
 ## Extensions / Event loop dependencies
 The implementation works with a variety of event loops, each built as a separate shared library.  See [the wiki](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support#wiki-included-event-loop-integrations) for more details.
 * [libevent](http://libevent.org).  Note: the examples *require* this and should work with either libevent 1.x or 2.x.  2.x is preferred.
 * [libuv](https://github.com/joyent/libuv)
 * [libev](http://software.schmorp.de/pkg/libev.html)
-## Using getdns_query
+NOTE: The current Windows implementation does not support the above.
 Example test queries using `getdns_query` (pointed at Google Public DNS) and requesting the `call_reporting` extension which provides information on the transport and query time:
   getdns_query -s example.com A @8.8.8.8     +return_call_reporting (UDP)
   getdns_query -s example.com A @8.8.8.8 -T  +return_call_reporting (TCP)
   getdns_query -s example.com A @8.8.8.8 -L  +return_call_reporting (TLS without authentication)
   getdns_query -s getdnsapi.net A +dnssec_return_status +return_call_reporting (DNSSEC)
 ## Stubby
 * Stubby is an implementation of a DNS Privacy enabled stub resolver that encrypts DNS queries using TLS. It is currently suitable for advanced/technical users - all feedback is welcome!
 * Details on how to use Stubby can be found in the [Stubby Reference Guide](https://dnsprivacy.org/wiki/x/JYAT).
 * Also see [dnsprivacy.org](https://dnsprivacy.org) for more information on DNS Privacy.
 ## Experimental support for GnuTLS
 A project to allow user selection of either OpenSSL or GnuTLS is currently a work in progress. At present a user may select to use GnuTLS for the majority of the supported functionality, however, OpenSSL is still required for some cryptographic functions.
 ## Regression Tests
 A suite of regression tests are included with the library, if you make changes or just
 want to sanity check things on your system take a look at src/test.  You will need
-to install [libcheck](https://libcheck.github.io/check/).  The check library is also available from many of the package repositories for the more popular operating systems.
+to install [libcheck](https://libcheck.github.io/check/) and [libldns from NLnet Labs](https://nlnetlabs.nl/projects/ldns/) version 1.6.17 or later.  Both libraries are also available from
-Note: The tests currently do not run on Windows because of a dependancy on bash.
+many of the package repositories for the more popular operating systems.
-## DNSSEC dependencies
+NOTE: The current Windows implementation does not support the above.
 ## DNSSEC
 For the library to be DNSSEC capable, it needs to know the root trust anchor.
 The library will try to load the root trust anchor from
@ -158,151 +135,138 @@ The library will try to load the root trust anchor from
 or more `DS` or `DNSKEY` resource records in presentation (i.e. zone file)
 format.  Note that this is different than the format of BIND.keys.
-## Zero configuration DNSSEC
+The best way to setup or update the root trust anchor is by using
 [`unbound-anchor`](https://www.unbound.net/documentation/unbound-anchor.html).
 To setup the library with the root trust anchor at the default location,
 execute the following steps as root:
-When the root trust anchor is not installed in the default location and a DNSSEC query is done, getdns will try to use the trust anchors published here: http://data.iana.org/root-anchors/root-anchors.xml .
+    # mkdir -p /etc/unbound
-It will validate these anchors with the ICANN Certificate Authority certificate following the procedure described in [RFC7958].
+    # unbound-anchor -a /etc/unbound/getdns-root.key
 The `root-anchors.xml` and `root-anchors.p7s` S/MIME signature will be cached in the `$HOME/.getdns` directory on Unixes, and the `%appdata%\getdns` directory on Windows.
-When using trust-anchors from the `root-anchors.xml` file, getdns will track the keys in the root DNSKEY rrset and store a copy in `$HOME/.getdns/root.key` on Unixes, and `%appdata%\getdns\root.key` on Windows.
+#Unsupported Features
 Only when the KSK DNSKEY's change, a new version of `root-anchors.xml` is tried to be retrieved from [data.iana.org](https://data.iana.org/root-anchors/).
 A installed trust-anchor from the default location (`/etc/unbound/getdns-root.key`) that fails to validate the root DNSKEY RRset, will also trigger the "Zero configuration DNSSEC" procedure described above.
 Support
 =======
 ## Mailing lists
 We have a [getdns users list](https://lists.getdnsapi.net/mailman/listinfo/users) for this implementation.
 ## Tickets and Bug Reports
 Tickets and bug reports should be reported via the [GitHub issues list](https://github.com/getdnsapi/getdns/issues).
 Features of this release
 ========================
 ## Goals
 The goals of this implementation of the getdns API are:
 * Provide an open source implementation, in C, of the formally described getdns API by getdns API team at <https://getdnsapi.net/spec.html>
 * Support FreeBSD, OSX, Linux (CentOS/RHEL, Ubuntu)
 * Support Windows 10
 * Include examples and tests as part of the build
 * Document code using doxygen
 * Leverage github as much as possible for project coordination
 * Follow the BSD coding style/standards <ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/share/misc/style>
 Non-goals (things we will not be doing at least initially) include:
 * implementation of the traditional DNS related routines (gethostbyname, etc.)
 ## Language Bindings
 In parallel, the team is actively developing bindings for various languages.
 For more information, visit this
 [webpage](https://getdnsapi.net/bindings/).
 ## Unsupported getDNS Features
 The following API calls are documented in getDNS but *not supported* by the implementation at this time:
 * Disabling following of `CNAME`s with `getdns_context_set_follow_redirects()`
 * Detecting changes to resolv.conf and hosts
 * MDNS, NIS and NetBIOS namespaces (only DNS and LOCALFILES are supported)
-### Minor omissions
+#Known Issues
-The following minor implementation omissions are noted:
+There are a few known issues which we have summarized below - the most recent
 and helpful list is being maintained in the git issues list in the repository.
 Other known issues are being managed in the git repository issue list.
-Recursive mode does not support:
+* When doing a synchronous lookup with a context that has outstanding asynchronous lookups, the callbacks for the asynchronous lookups might get called as a side effect of the synchronous lookup.
 * TLS as a transport
 * Non-zero connection idle timeouts or query pipelining
 * Anything other than query_type and resolution_type in the return_call_reporting extension
 Stub mode does not support:
 * Non zero idle timeouts for synchronous calls
 # Known Issues
 * None
 # Supported Platforms
 The platforms listed here are intended to help ensure that we catch platform specific breakage prior to release.
 * Ubuntu 18.04 LTS and newer LTS releases
 * Microsoft Windows 10
 * FreeBSD 11.3 and newer
 * RHEL/CentOS 8
 * OSX 10.14 and 10.15
-###  Platform Specific Build Notes
+#Supported Platforms
 The primary platforms targeted are Linux and FreeBSD, other platform are supported as we get time.  The names listed here are intended to help ensure that we catch platform specific breakage, not to limit the work that folks are doing.
 * RHEL/CentOS 6.4
 * OSX 10.8
 * Ubuntu 14.04
 * Microsoft Windows 8.1 (initial support for DNSSEC but no TLS provided for version 0.5.1)
 We intend to add Android and other platforms to the releases as we have time to port it.
 ##Platform Specific Build Reports
 [![Build Status](https://travis-ci.org/getdnsapi/getdns.png?branch=master)](https://travis-ci.org/getdnsapi/getdns)
-## FreeBSD
+###FreeBSD
 If you're using [FreeBSD](https://www.freebsd.org/), you may install getdns via the [ports tree](https://www.freshports.org/dns/getdns/) by running: `cd /usr/ports/dns/getdns && make install clean`
 If you are using FreeBSD 10 getdns can be intalled via 'pkg install getdns'.
-## Ubuntu
+###CentOS/RHEL 6.5
-getdns should also work on Ubuntu 16.04, however if you require IDN functionality you will have to install a recent version of libidn2 via a ppa e.g. from https://launchpad.net/~ondrej/+archive/ubuntu/php
+We rely on the most excellent package manager fpm to build the linux packages which
 means that the packaging platform requires ruby 2.1.0.  There are other ways to
 build the packages, this is simplythe one we chose to use.
-You will also have to build Unbound from source code to provide libunbound at version >= 1.5.9.
+    # cat /etc/redhat-release
    CentOS release 6.5 (Final)
    # uname -a
    Linux host-10-1-1-6 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
    # cd getdns-0.2.0rc1
    # ./configure --prefix=/home/deploy/build
    # make; make install
    # cd /home/deploy/build
    # mv lib lib64
    # . /usr/local/rvm/config/alias
    # fpm -x "*.la" -a native -s dir -t rpm -n getdns -v 0.2.0rc1 -d "unbound" -d "ldns" -d "libevent" -d "libidn" --prefix /usr --vendor "Verisign Inc., NLnet Labs" --license "BSD New" --url "https://getdnsapi.net" --description "Modern asynchronous API to the DNS" .
-## OSX
+###OSX
-A self-compiled version of OpenSSL or the version installed via Homebrew is required and the options OPENSSL_ROOT_DIR, OPENSSL_CRYPTO_LIBRARY and OPENSSL_SSL_LIBRARY can be used to specify the location of the libraries.
+    # sw_vers
-Note: If using a self-compiled version, manual configuration of certificates into /usr/local/etc/openssl/certs is required for TLS authentication to work.
+    ProductName:	Mac OS X
    ProductVersion:	10.8.5
    BuildVersion:	12F45
-### Homebrew
+    Built using PackageMaker, libevent2.
    # ./configure --with-libevent --prefix=$HOME/getdnsosx/export
    # make
    # make install
    edit/fix hardcoded paths in lib/*.la to reference /usr/local
    update getdns.pmdoc to match release info
    build package using PackageMaker
    create dmg
    A self-compiled version of OpenSSL or the version installed via Homebrew is required.
    Note: If using a self-compiled version manual configuration of certificates into /usr/local/etc/openssl/certs is required for TLS authentication to work.
 #### Homebrew
 If you're using [Homebrew](http://brew.sh/), you may run `brew install getdns`.  By default, this will only build the core library without any 3rd party event loop support.
-To install the [event loop integration libraries](https://getdnsapi.net/doxygen/group__eventloops.html) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev`.  All switches are optional.
+To install the [event loop integration libraries](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev`.  All switches are optional.
 Note that in order to compile the examples, the `--with-libevent` switch is required.
-Additionally, getdns is linked against the the OpenSSL library installed by Homebrew. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
+As of the 0.2.0 release, when installing via Homebrew, the trust anchor is expected to be located at `$(brew --prefix)/etc/getdns-root.key`.  Additionally, the OpenSSL library installed by Homebrew is linked against. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
 ## Microsoft Windows 10
-You will need CMake for Windows. Installers can be downloaded from https://cmake.org/download/.
+### Microsoft Windows 8.1
-Windows versions of the following libraries are available using [the vcpkg package manager](https://docs.microsoft.com/en-us/cpp/build/vcpkg).
+This section has some Windows specific build instructions. 
-* OpenSSL
+Build tested using [Mingw(3.21.0) and Msys 1.0](http://www.mingw.org/) on Windows 8.1
 * libevent
 * libiconv (required for libidn2)
 * libidn2
 * libyaml
 * libuv
-Once these are installed, set CMake variables CMAKE_INCLUDE_PATH and CMAKE_LIBRARY_PATH to the vcpkg include and library directories e.g. `../vcpkg/installed/x64-windows/include` and `../vcpkg/installed/x64-windows/lib`.
+Dependencies: 
 The following dependencies are built from source on Mingw
 openssl1.0.2a
 libidn
-To generate a project suitable for use in Visual Studio, select the appropriate Visual Studio generator in CMake. Once generated, the cmake-gui Open Project button can be used to load the project into Visual Studio.
+The windows version of getdns currently only is supported in the stub only mode. 
-### Limitations on Windows
+To configure:
-Full support for Windows is a work in progress. The following limitations will  be addresses in future:
+    ./configure --enable-stub-only --with-trust-anchor="c:\\\MinGW\\\msys\\\1.0\\\etc\\\unbound\\\getdns-root.key" --with-ssl=/c/OpenSSL --with-getdns_query
-* At present, no native Windows DLL version of libunbound exists; support for linking against libunbound is not currently available. The default build option for ENABLE_STUB_ONLY_ is ON for Windows.
+ The trust anchor is also installed by unbound on c:\program Files (X86)\unbound\root.key and can be referenced from there
 or anywhere else that the user chooses to configure it.
-* The getdns unit tests (built with `make test`) require libcheck which is not currently available for Windows and so cannot be built.
+ After configuring, do a `make` and `make install` to build getdns for Windows.
-* The getdns tpkg test suite is not currently supported on Windows.
+ Example test queries:
-* The detection of the location of the `/etc/hosts` file should be optimised - it currently assumes Windows is installed in the default directory on the C: drive
+    ./getdns_query.exe -s gmadkat.com A @64.6.64.6  +return_call_reporting (UDP)
    ./getdns_query.exe -s gmadkat.com A @64.6.64.6 -T  +return_call_reporting (TCP)
    ./getdns_query.exe -s gmadkat.com A -l L @185.49.141.37  +return_call_reporting (TLS without authentication)
    ./getdns_query.exe -s www.huque.com A +dnssec_return_status +return_call_reporting (DNSSEC)
 Contributors
 ============
 * Claus Assman
 * Theogene Bucuti
 * Andrew Cathrow, Verisign Labs
 * Neil Cook
@ -310,45 +274,32 @@ Contributors
 * Craig Despeaux, Verisign, Inc.
 * John Dickinson, Sinodun
 * Sara Dickinson, Sinodun
 * Robert Edmonds
 * Angelique Finan, Verisign, Inc.
 * Simson Garfinkel
 * Daniel Kahn Gillmor
 * Neel Goyal, Verisign, Inc.
 * Bryan Graham, Verisign, Inc.
 * Robert Groenenberg
 * Jim Hague, Sinodun
 * Paul Hoffman
 * Scott Hollenbeck, Verising, Inc.
 * Christian Huitema
 * Shumon Huque, Verisign Labs
 * Jelte Janssen
 * Guillem Jover
 * Shane Kerr
 * Anthony Kirby
 * Olaf Kolkman, NLnet Labs
 * Sanjay Mahurpawar, Verisign, Inc.
 * Allison Mankin, Verisign, Inc. - Verisign Labs.
 * Sai Mogali, Verisign, Inc.
 * Linus Nordberg
 * Benno Overeinder, NLnet Labs
 * Joel Purra
 * Tom Pusateri
 * Prithvi Ranganath, Verisign, Inc.
 * Hoda Rohani, NLnet Labs
 * Rushi Shah, Verisign, Inc.
 * Vinay Soni, Verisign, Inc.
 * Melinda Shore, No Mountain Software LLC
 * Bob Steagall, Verisign, Inc.
 * Andrew Sullivan
 * Ondřej Surý
 * Willem Toorop, NLnet Labs
 * Gowri Visweswaran, Verisign Labs
 * Wouter Wijngaards, NLnet Labs
 * Glen Wiley, Verisign, Inc.
 * Paul Wouters
 Acknowledgements
 ================
-The development team explicitly acknowledges Paul Hoffman for his initiative and efforts to develop a consensus based DNS API. We would like to thank the participants of the getdns-api mailing list (discontinued) for their contributions.
+The development team explicitly acknowledges Paul Hoffman for his initiative and efforts to develop a consensus based DNS API. We would like to thank the participants of the [mailing list](https://getdnsapi.net/mailman/listinfo/spec) for their contributions.
--- a/cmake/include/cmakeconfig.h.in
+++ b/cmake/include/cmakeconfig.h.in
@ -1,540 +0,0 @@
 #ifndef CONFIG_H
 #define CONFIG_H
 #cmakedefine PACKAGE            "@PACKAGE@"
 #cmakedefine PACKAGE_NAME       "@PACKAGE_NAME@"
 #cmakedefine PACKAGE_VERSION    "@PACKAGE_VERSION@"
 #cmakedefine PACKAGE_URL        "@PACKAGE_URL@"
 #cmakedefine PACKAGE_BUGREPORT  "@PACKAGE_BUGREPORT@"
 #cmakedefine PACKAGE_STRING     "@PACKAGE_STRING@"
 #cmakedefine PACKAGE_TARNAME    "@PACKAGE_TARNAME@"
 #cmakedefine HAVE_ASSERT_H      1
 #cmakedefine HAVE_INTTYPES_H    1
 #cmakedefine HAVE_LIMITS_H      1
 #cmakedefine HAVE_SYS_LIMITS_H  1
 #cmakedefine HAVE_STDARG_H      1
 #cmakedefine HAVE_STDDEF_H      1
 #cmakedefine HAVE_STDINT_H      1
 #cmakedefine HAVE_STDIO_H       1
 #cmakedefine HAVE_STDLIB_H      1
 #cmakedefine HAVE_STRING_H      1
 #cmakedefine HAVE_TIME_H        1
 #cmakedefine HAVE_UNISTD_H	1
 #cmakedefine HAVE_FCNTL_H	1
 #cmakedefine HAVE_SIGNAL_H      1
 #cmakedefine HAVE_SYS_POLL_H    1
 #cmakedefine HAVE_POLL_H        1
 #cmakedefine HAVE_RESOURCE_H    1
 #cmakedefine HAVE_SYS_TYPES_H   1
 #cmakedefine HAVE_SYS_STAT_H    1
 #cmakedefine HAVE_ENDIAN_H      1
 #cmakedefine HAVE_NETDB_H       1
 #cmakedefine HAVE_ARPA_INET_H   1
 #cmakedefine HAVE_NETINET_IN_H  1
 #cmakedefine HAVE_NETINET_TCP_H 1
 #cmakedefine HAVE_SYS_SELECT_H  1
 #cmakedefine HAVE_SYS_SOCKET_H  1
 #cmakedefine HAVE_SYS_SYSCTL_H  1
 #cmakedefine HAVE_SYS_TIME_H    1
 #cmakedefine HAVE_SYS_WAIT_H    1
 #cmakedefine HAVE_WINDOWS_H     1
 #cmakedefine HAVE_WINSOCK_H     1
 #cmakedefine HAVE_WINSOCK2_H    1
 #cmakedefine HAVE_WS2TCPIP_H    1
 #cmakedefine GETDNS_ON_WINDOWS  1
 #cmakedefine USE_WINSOCK	1
 #cmakedefine HAVE_SSL           1
 #cmakedefine USE_DANESSL	1
 #cmakedefine HAVE_OPENSSL_SSL_H         1
 #cmakedefine HAVE_OPENSSL_EVP_H         1
 #cmakedefine HAVE_OPENSSL_ERR_H         1
 #cmakedefine HAVE_OPENSSL_RAND_H        1
 #cmakedefine HAVE_OPENSSL_CONF_H        1
 #cmakedefine HAVE_OPENSSL_ENGINE_H      1
 #cmakedefine HAVE_OPENSSL_BN_H          1
 #cmakedefine HAVE_OPENSSL_DSA_H         1
 #cmakedefine HAVE_OPENSSL_RSA_H         1
 #cmakedefine HAVE_OPENSSL_PARAM_BUILD_H 1
 #cmakedefine HAVE_DSA_SIG_SET0		1
 #cmakedefine HAVE_DSA_SET0_PQG		1
 #cmakedefine HAVE_DSA_SET0_KEY		1
 #cmakedefine HAVE_RSA_SET0_KEY		1
 #cmakedefine HAVE_EVP_MD5		1
 #cmakedefine HAVE_EVP_SHA1		1
 #cmakedefine HAVE_EVP_SHA224		1
 #cmakedefine HAVE_EVP_SHA256		1
 #cmakedefine HAVE_EVP_SHA384		1
 #cmakedefine HAVE_EVP_SHA512		1
 #cmakedefine HAVE_EVP_DSS1		1
 #cmakedefine HAVE_EVP_DIGESTVERIFY	1
 #cmakedefine HAVE_EVP_MD_CTX_NEW	1
 #cmakedefine HAVE_HMAC_CTX_NEW		1
 #cmakedefine HAVE_NETTLE_GET_SECP_256R1	1
 #cmakedefine HAVE_NETTLE_GET_SECP_384R1	1
 #cmakedefine HAVE_TLS_CLIENT_METHOD	1
 #cmakedefine HAVE_OPENSSL_VERSION_NUM	1
 #cmakedefine HAVE_OPENSSL_VERSION	1
 #cmakedefine HAVE_SSL_CTX_DANE_ENABLE	1
 #cmakedefine HAVE_SSL_CTX_SET_CIPHERSUITES	1
 #cmakedefine HAVE_SSL_SET_CIPHERSUITES	1
 #cmakedefine HAVE_OPENSSL_INIT_CRYPTO	1
 #cmakedefine HAVE_OSSL_PARAM_BLD_NEW	1
 #cmakedefine HAVE_SSL_DANE_ENABLE			1
 #cmakedefine HAVE_DECL_SSL_CTX_SET1_CURVES_LIST		1
 #cmakedefine HAVE_DECL_SSL_SET1_CURVES_LIST		1
 #cmakedefine HAVE_DECL_SSL_SET_MIN_PROTO_VERSION	1
 #cmakedefine HAVE_X509_GET_NOTAFTER			1
 #cmakedefine HAVE_X509_GET0_NOTAFTER			1
 #cmakedefine HAVE_PTHREAD               1
 #cmakedefine HAVE_WINDOWS_THREADS       1
 #cmakedefine RUNSTATEDIR                "@RUNSTATEDIR@"
 #cmakedefine TRUST_ANCHOR_FILE          "@PATH_TRUST_ANCHOR_FILE@"
 #cmakedefine GETDNS_FN_RESOLVCONF       "@PATH_RESOLVCONF@"
 #cmakedefine GETDNS_FN_HOSTS            "@PATH_HOSTS@"
 #cmakedefine DNSSEC_ROADBLOCK_AVOIDANCE         1
 #cmakedefine HAVE_MDNS_SUPPORT			1
 #cmakedefine STUB_NATIVE_DNSSEC                 1
 #cmakedefine MAXIMUM_UPSTREAM_OPTION_SPACE      @MAXIMUM_UPSTREAM_OPTION_SPACE@
 #cmakedefine EDNS_PADDING_OPCODE                @EDNS_PADDING_OPCODE@
 #cmakedefine MAX_CNAME_REFERRALS                @MAX_CNAME_REFERRALS@
 #cmakedefine DRAFT_RRTYPES                      @DRAFT_RRTYPES@
 #cmakedefine EDNS_COOKIES			1
 #cmakedefine EDNS_COOKIE_OPCODE                 @EDNS_COOKIE_OPCODE@
 #cmakedefine EDNS_COOKIE_ROLLOVER_TIME          @EDNS_COOKIE_ROLLOVER_TIME@
 #cmakedefine UDP_MAX_BACKOFF			@MAX_UDP_BACKOFF@
 #cmakedefine HAVE_DECL_GETENTROPY       1
 #cmakedefine HAVE_DECL_INET_PTON        1
 #cmakedefine HAVE_DECL_INET_NTOP        1
 #cmakedefine HAVE_WIN_DECL_INET_PTON    1
 #cmakedefine HAVE_WIN_DECL_INET_NTOP    1
 #cmakedefine HAVE_DECL_MKSTEMP          1
 #cmakedefine HAVE_DECL_SIGEMPTYSET      1
 #cmakedefine HAVE_DECL_SIGFILLSET       1
 #cmakedefine HAVE_DECL_SIGADDSET        1
 #cmakedefine HAVE_DECL_STRPTIME         1
 #cmakedefine HAVE_DECL_TCP_FASTOPEN		1
 #cmakedefine HAVE_DECL_TCP_FASTOPEN_CONNECT	1
 #cmakedefine HAVE_DECL_MSG_FASTOPEN		1
 #if defined(HAVE_DECL_INET_PTON) || defined(HAVE_WIN_DECL_INET_PTON)
 #undef HAVE_DECL_INET_PTON
 #define HAVE_DECL_INET_PTON 1
 #endif
 #if defined(HAVE_DECL_INET_NTOP) || defined(HAVE_WIN_DECL_INET_NTOP)
 #undef HAVE_DECL_INET_NTOP
 #define HAVE_DECL_INET_NTOP 1
 #endif
 #cmakedefine HAVE_FCNTL		        1
 #cmakedefine HAVE_GETTIMEOFDAY		1
 #cmakedefine HAVE_IOCTLSOCKET		1
 #cmakedefine HAVE_SIGEMPTYSET           1
 #cmakedefine HAVE_SIGFILLSET            1
 #cmakedefine HAVE_SIGADDSET             1
 #cmakedefine HAVE_STRPTIME              1
 #cmakedefine HAVE_SIGSET_T              1
 #cmakedefine HAVE__SIGSET_T             1
 #cmakedefine HAVE_BSD_STDLIB_H		1
 #cmakedefine HAVE_BSD_STRING_H		1
 #cmakedefine HAVE_DECL_STRLCPY                  1
 #cmakedefine HAVE_DECL_ARC4RANDOM               1
 #cmakedefine HAVE_DECL_ARC4RANDOM_UNIFORM       1
 #cmakedefine HAVE_BSD_DECL_STRLCPY              1
 #cmakedefine HAVE_BSD_DECL_ARC4RANDOM           1
 #cmakedefine HAVE_BSD_DECL_ARC4RANDOM_UNIFORM   1
 #cmakedefine HAVE_STRLCPY               1
 #cmakedefine HAVE_ARC4RANDOM            1
 #cmakedefine HAVE_ARC4RANDOM_UNIFORM    1
 #cmakedefine HAVE_LIBUNBOUND		1
 #cmakedefine HAVE_UNBOUND_EVENT_H	1
 #cmakedefine HAVE_UNBOUND_EVENT_API	1
 #cmakedefine HAVE_UB_CTX_SET_STUB	1
 #cmakedefine HAVE_LIBIDN		1
 #cmakedefine HAVE_LIBIDN2		1
 #cmakedefine HAVE_NETTLE		1
 #cmakedefine HAVE_NETTLE_DSA_COMPAT_H	1
 #cmakedefine HAVE_NETTLE_EDDSA_H	1
 #cmakedefine HAVE_EVENT2_EVENT_H	1
 #cmakedefine HAVE_EVENT_BASE_NEW	1
 #cmakedefine HAVE_EVENT_BASE_FREE	1
 #cmakedefine DEFAULT_EVENTLOOP          "@DEFAULT_EVENTLOOP@"
 #cmakedefine USE_POLL_DEFAULT_EVENTLOOP 1
 #cmakedefine STRPTIME_WORKS		1
 #cmakedefine FD_SETSIZE			@FD_SETSIZE@
 #cmakedefine REQ_DEBUG			1
 #cmakedefine SCHED_DEBUG		1
 #cmakedefine STUB_DEBUG			1
 #cmakedefine DAEMON_DEBUG		1
 #cmakedefine SEC_DEBUG			1
 #cmakedefine SERVER_DEBUG		1
 #cmakedefine ANCHOR_DEBUG		1
 #cmakedefine KEEP_CONNECTIONS_OPEN_DEBUG  1
 #cmakedefine USE_SHA1			1
 #cmakedefine USE_SHA2			1
 #cmakedefine USE_GOST			1
 #cmakedefine USE_ECDSA			1
 #cmakedefine USE_DSA			1
 #cmakedefine USE_ED25519		1
 #cmakedefine USE_ED448			1
 #cmakedefine USE_OSX_TCP_FASTOPEN	1
 #cmakedefine HAVE_DECL_TCP_USER_TIMEOUT	1
 #cmakedefine HAVE_NEW_UV_TIMER_CB	1
 #cmakedefine HAVE_TARGET_ENDIANNESS
 #cmakedefine TARGET_IS_BIG_ENDIAN
 #cmakedefine HAVE___FUNC__		1
 #ifdef HAVE___FUNC__
 #define __FUNC__ __func__
 #else
 #define __FUNC__ __FUNCTION__
 #endif
 #ifdef GETDNS_ON_WINDOWS
 /* On windows it is allowed to increase the FD_SETSIZE
  * (and nescessary to make our custom eventloop work)
  * See: https://support.microsoft.com/en-us/kb/111855
  */
 # ifndef FD_SETSIZE
 #  define FD_SETSIZE 1024
 # endif
 #ifdef __cplusplus
 extern "C" {
 #endif
 /* the version of the windows API enabled */
 # ifndef WINVER
 #  define WINVER 0x0600 // 0x0502
 # endif
 # ifndef _WIN32_WINNT
 #  define _WIN32_WINNT 0x0600 // 0x0502
 # endif
 # ifdef HAVE_WS2TCPIP_H
 #  include <ws2tcpip.h>
 # endif
 # ifdef _MSC_VER
 #  if _MSC_VER >= 1800
 #   define PRIsz "zu"
 #  else
 #   define PRIsz "Iu"
 #  endif
 #  include <BaseTsd.h>
   typedef SSIZE_T ssize_t;
 # else
 #  define PRIsz "Iu"
 # endif
 # ifdef HAVE_WINSOCK2_H
 #  include <winsock2.h>
 # endif
 /* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
 # ifdef HAVE_WINSOCK2_H
 #  define FD_SET_T (u_int)
 # else
 #  define FD_SET_T
 # endif
 /* Windows wants us to use _strdup instead of strdup */
 # ifndef strdup
 #  define strdup _strdup
 # endif
 /* Windows doesn't have strcasecmp and strncasecmp. */
 # define strcasecmp _stricmp
 # define strncasecmp _strnicmp
 #else
 # define PRIsz "zu"
 #endif
 #ifdef HAVE_STDINT_H
 #include <stdint.h>
 #endif
 #ifdef HAVE_STDIO_H
 #include <stdio.h>
 #endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
 #endif
 #ifdef HAVE_STRING_H
 #include <string.h>
 #endif
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>
 #endif
 #ifdef HAVE_STDDEF_H
 #include <stddef.h>
 #endif
 #ifdef HAVE_BSD_STDLIB_H
 #include <bsd/stdlib.h>
 #endif
 #ifdef HAVE_BSD_STRING_H
 #include <bsd/string.h>
 #endif
 #if !defined(HAVE_STRLCPY) || !HAVE_DECL_STRLCPY || !defined(strlcpy)
 size_t strlcpy(char *dst, const char *src, size_t siz);
 #else
 #ifndef __BSD_VISIBLE
 #define __BSD_VISIBLE 1
 #endif
 #endif
 #if !defined(HAVE_ARC4RANDOM) || !HAVE_DECL_ARC4RANDOM
 uint32_t arc4random(void);
 #endif
 #if !defined(HAVE_ARC4RANDOM_UNIFORM) || !HAVE_DECL_ARC4RANDOM_UNIFORM
 uint32_t arc4random_uniform(uint32_t upper_bound);
 #endif
 #ifndef HAVE_ARC4RANDOM
 void explicit_bzero(void* buf, size_t len);
 int getentropy(void* buf, size_t len);
 void arc4random_buf(void* buf, size_t n);
 void _ARC4_LOCK(void);
 void _ARC4_UNLOCK(void);
 #endif
 #ifdef COMPAT_SHA512
 #ifndef SHA512_DIGEST_LENGTH
 #define SHA512_BLOCK_LENGTH             128
 #define SHA512_DIGEST_LENGTH            64
 #define SHA512_DIGEST_STRING_LENGTH     (SHA512_DIGEST_LENGTH * 2 + 1)
 typedef struct _SHA512_CTX {
        uint64_t        state[8];
        uint64_t        bitcount[2];
        uint8_t buffer[SHA512_BLOCK_LENGTH];
 } SHA512_CTX;
 #endif /* SHA512_DIGEST_LENGTH */
 void SHA512_Init(SHA512_CTX*);
 void SHA512_Update(SHA512_CTX*, void*, size_t);
 void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
 unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest);
 #endif /* COMPAT_SHA512 */
 #ifdef USE_WINSOCK
 # ifndef  _CUSTOM_VSNPRINTF
 #  define _CUSTOM_VSNPRINTF
 static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *format, va_list ap)
 { int r = vsnprintf(str, size, format, ap); return r == -1 ? _vscprintf(format, ap) : r; }
 #  define vsnprintf _gldns_custom_vsnprintf
 # endif
 #endif
 #ifdef __cplusplus
 }
 #endif
 /** Use on-board gldns */
 #define USE_GLDNS 1
 #ifdef HAVE_SSL
 #  define GLDNS_BUILD_CONFIG_HAVE_SSL 1
 #endif
 #ifdef HAVE_STDARG_H
 #include <stdarg.h>
 #endif
 #include <errno.h>
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #endif
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #ifdef HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
 #ifdef HAVE_NETINET_TCP_H
 #include <netinet/tcp.h>
 #endif
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
 #ifdef HAVE_SIGNAL_H
 #include <signal.h>
 #endif
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #ifdef HAVE_INTTYPES_H
 #include <inttypes.h>
 #endif
 #ifdef HAVE_LIMITS_H
 #include <limits.h>
 #endif
 #ifdef HAVE_SYS_LIMITS_H
 #include <sys/limits.h>
 #endif
 #ifdef PATH_MAX
 #define _GETDNS_PATH_MAX PATH_MAX
 #else
 #define _GETDNS_PATH_MAX 2048
 #endif
 #ifndef PRIu64
 #define PRIu64 "llu"
 #endif
 #ifdef HAVE_ATTR_FORMAT
 #  define ATTR_FORMAT(archetype, string_index, first_to_check) \
    __attribute__ ((format (archetype, string_index, first_to_check)))
 #else /* !HAVE_ATTR_FORMAT */
 #  define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
 #endif /* !HAVE_ATTR_FORMAT */
 #if defined(DOXYGEN)
 #  define ATTR_UNUSED(x)  x
 #elif defined(__cplusplus)
 #  define ATTR_UNUSED(x)
 #elif defined(__GNUC__)
 #  define ATTR_UNUSED(x)  x __attribute__((unused))
 #else /* !HAVE_ATTR_UNUSED */
 #  define ATTR_UNUSED(x)  x
 #endif /* !HAVE_ATTR_UNUSED */
 #ifdef TIME_WITH_SYS_TIME
 # include <sys/time.h>
 # include <time.h>
 #else
 # ifdef HAVE_SYS_TIME_H
 #  include <sys/time.h>
 # else
 #  include <time.h>
 # endif
 #endif
 #ifdef __cplusplus
 extern "C" {
 #endif
 #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
 #define strptime unbound_strptime
 struct tm;
 char *strptime(const char *s, const char *format, struct tm *tm);
 #endif
 #if !defined(HAVE_SIGSET_T) && defined(HAVE__SIGSET_T)
 typedef _sigset_t sigset_t;
 #endif
 #if !defined(HAVE_SIGEMPTYSET)
 #  define sigemptyset(pset)    (*(pset) = 0)
 #endif
 #if !defined(HAVE_SIGFILLSET)
 #  define sigfillset(pset)     (*(pset) = (sigset_t)-1)
 #endif
 #if !defined(HAVE_SIGADDSET)
 #  define sigaddset(pset, num) (*(pset) |= (1L<<(num)))
 #endif
 #ifdef HAVE_LIBUNBOUND
 # include <unbound.h>
 # ifdef HAVE_UNBOUND_EVENT_H
 #  include <unbound-event.h>
 # else
 #  ifdef HAVE_UNBOUND_EVENT_API
 #   ifndef _UB_EVENT_PRIMITIVES
 #    define _UB_EVENT_PRIMITIVES
 struct ub_event_base;
 struct ub_ctx* ub_ctx_create_ub_event(struct ub_event_base* base);
 typedef void (*ub_event_callback_t)(void*, int, void*, int, int, char*);
 int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
        int rrclass, void* mydata, ub_event_callback_t callback, int* async_id);
 #   endif
 #  endif
 # endif
 #endif
 #ifndef HAVE_DECL_INET_PTON
 int inet_pton(int af, const char* src, void* dst);
 #endif
 #ifndef HAVE_DECL_INET_NTOP
 const char *inet_ntop(int af, const void *src, char *dst, size_t size);
 #endif
 #ifndef HAVE_DECL_MKSTEMP
 int mkstemp(char *template);
 #endif
 #ifndef HAVE_GETTIMEOFDAY
 int gettimeofday(struct timeval* tv, void* tz);
 #endif
 #ifdef __cplusplus
 }
 #endif
 #endif /* CONFIG_H */
--- a/cmake/include/getdns_shared_version.rc.in
+++ b/cmake/include/getdns_shared_version.rc.in
@ -1,19 +0,0 @@
 1 VERSIONINFO
    FILEVERSION @version_current@,@version_revision@,@version_age@,0
    PRODUCTVERSION @version_current@,@version_revision@,0,0
    FILEOS 4
    FILETYPE 2
    FILESUBTYPE 0
 BEGIN
    BLOCK "StringFileInfo"
    BEGIN
        BLOCK "040904e4"
        BEGIN
            VALUE "CompanyName", "getdns project\0"
            VALUE "ProductName", "getdns\0"
            VALUE "FileVersion", "@version_current@.@version_revision@\0"
            VALUE "ProductVersion", "@version_current@.@version_revision@\0"
            VALUE "LegalCopyright", "NLnet Labs, Sinodun, No Mountain Software. New BSD licence.\0"
        END
    END
 END
--- a/cmake/modules/FindCheck.cmake
+++ b/cmake/modules/FindCheck.cmake
@ -1,114 +0,0 @@
 #[=======================================================================[.rst:
 FindCheck
 --------
 Find the Check (Unit Testing Framework for C) library
 Imported targets
 ^^^^^^^^^^^^^^^^
 This module defines the following :prop_tgt:`IMPORTED` targets:
 ``Check::Check``
  The Check library, if found.
 Result variables
 ^^^^^^^^^^^^^^^^
 This module will set the following variables in your project:
 ``Check_FOUND``
  If false, do not try to use Check.
 ``CHECK_INCLUDE_DIR``
  where to find check.h, etc.
 ``CHECK_LIBRARIES``
  the libraries needed to use Check.
 ``CHECK_VERSION``
  the version of the Check library found
 #]=======================================================================]
 find_package(PkgConfig QUIET)
 if (PKG_CONFIG_FOUND)
    pkg_check_modules(PkgCheck IMPORTED_TARGET GLOBAL check)
 endif ()
 if (PkgCheck_FOUND)
  set(CHECK_INCLUDE_DIR ${PkgCheck_INCLUDE_DIRS} CACHE FILEPATH "check include path")
  set(CHECK_LIBRARIES ${PkgCheck_LIBRARIES} CACHE STRING "check libraries")
  set(CHECK_VERSION ${PkgCheck_VERSION})
  add_library(Check::Check ALIAS PkgConfig::PkgCheck)
  set(Check_FOUND ON)
 else ()
  find_path(CHECK_INCLUDE_DIR check.h
    HINTS
    "${CHECK_DIR}"
    "${CHECK_DIR}/include"
    )
  # Check for PIC and non-PIC libraries. If PIC present, use that
  # in preference (as per Debian check.pc).
  find_library(CHECK_LIBRARY NAMES check_pic libcheck_pic
    HINTS
    "${CHECK_DIR}"
    "${CHECK_DIR}/lib"
    )
  if (NOT CHECK_LIBRARY)
    find_library(CHECK_LIBRARY NAMES check libcheck
      HINTS
      "${CHECK_DIR}"
      "${CHECK_DIR}/lib"
      )
  endif ()
  set(_CHECK_LIBARIES "")
  # Check may need the math, subunit and rt libraries on Unix
  if (UNIX)
    find_library(CHECK_MATH_LIBRARY m)
    find_library(CHECK_RT_LIBRARY rt)
    find_library(CHECK_SUBUNIT_LIBRARY subunit)
    if (CHECK_MATH_LIBRARY)
      list(APPEND _CHECK_LIBARIES "${CHECK_MATH_LIBRARY}")
    endif ()
    if (CHECK_RT_LIBRARY)
      list(APPEND _CHECK_LIBARIES "${CHECK_RT_LIBRARY}")
    endif ()
    if (CHECK_SUBUNIT_LIBRARY)
      list(APPEND _CHECK_LIBARIES "${CHECK_SUBUNIT_LIBRARY}")
    endif ()
  endif()
  set(CHECK_LIBRARIES ${_CHECK_LIBARIES} ${CHECK_LIBRARY} CACHE STRING "check libraries")
  if (CHECK_INCLUDE_DIR AND CHECK_LIBRARY)
    if (NOT TARGET Check::Check)
      add_library(Check::Check UNKNOWN IMPORTED)
      set_target_properties(Check::Check PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${CHECK_INCLUDE_DIR}"
        INTERFACE_LINK_LIBRARIES "${CHECK_LIBRARIES}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${CHECK_LIBRARY}"
        )
    endif ()
    if (NOT CHECK_VERSION AND CHECK_INCLUDE_DIR AND EXISTS "${CHECK_INCLUDE_DIR}/check.h")
      file(STRINGS "${CHECK_INCLUDE_DIR}/check.h" CHECK_H REGEX "^#define CHECK_M[A-Z]+_VERSION")
      string(REGEX REPLACE "^.*\(([0-9]+)\).*\(([0-9]+)\).*\(([0-9]+)\).*$" "\\1.\\2.\\3" CHECK_VERSION "${CHECK_H}")
    endif ()
  endif()
  list(APPEND CHECK_LIBRARIES "${CHECK_LIBRARY}")
  include(FindPackageHandleStandardArgs)
  find_package_handle_standard_args(Check
    REQUIRED_VARS CHECK_LIBRARIES CHECK_INCLUDE_DIR
    VERSION_VAR CHECK_VERSION
    )
 endif()
 mark_as_advanced(CHECK_INCLUDE_DIR CHECK_LIBRARIES CHECK_LIBRARY
  CHECK_MATH_LIBRARY CHECK_RT_LIBRARY CHECK_SUBUNIT_LIBRARY)
--- a/cmake/modules/FindGnuTLS.cmake
+++ b/cmake/modules/FindGnuTLS.cmake
@ -1,101 +0,0 @@
 #[=======================================================================[.rst:
 FindGnuTLS
 ----------
 Find the GnuTLS library.
 Imported targets
 ^^^^^^^^^^^^^^^^
 This module defines the following :prop_tgt:`IMPORTED` targets:
 ``GnuTLS::GnuTLS``
  The GnuTLS library, if found.
 ``GnuTLS::Dane``
  The GnuTLS DANE library, if found.
 Result variables
 ^^^^^^^^^^^^^^^^
 This module will set the following variables in your project:
 ``GnuTLS_FOUND``
  If false, do not try to use GnuTLS.
 ``GNUTLS_INCLUDE_DIR``
  where to find GnuTLS headers.
 ``GNUTLS_LIBRARIES``
  the libraries needed to use GnuTLS.
 ``GNUTLS_VERSION``
  the version of the GnuTLS library found
 #]=======================================================================]
 find_package(PkgConfig QUIET)
 if (PKG_CONFIG_FOUND)
  pkg_check_modules(PkgGnuTLS IMPORTED_TARGET GLOBAL QUIET gnutls)
  pkg_check_modules(PkgGnuTLSDane IMPORTED_TARGET GLOBAL QUIET gnutls-dane)
 endif ()
 if (PkgGnuTLS_FOUND AND PkgGnuTLSDane_FOUND)
  set(GNUTLS_INCLUDE_DIR ${PkgGnuTLS_INCLUDE_DIRS} $PkgGnuTLSDane_INCLUDE_DIRS} CACHE FILEPATH "GnuTLS include path")
  set(NETTLE_LIBRARIES ${PkgGnuTLS_LIBRARIES} ${PkgGnuTLSDane_LIBRARIES} CACHE STRING "GnuTLS libraries")
  set(NETTLE_VERSION ${PkgGnuTLS_VERSION})
  add_library(GnuTLS::GnuTLS ALIAS PkgConfig::PkgGnuTLS)
  add_library(GnuTLS::Dane ALIAS PkgConfig::PkgGnuTLSDane)
  set(GnuTLS_FOUND ON)
 else ()
  find_path(GNUTLS_INCLUDE_DIR gnutls/gnutls.h
    HINTS
    "${GNUTLS_DIR}"
    "${GNUTLS_DIR}/include"
  )
  find_library(GNUTLS_LIBRARY NAMES gnutls libgnutls
    HINTS
    "${GNUTLS_DIR}"
    "${GNUTLS_DIR}/lib"
  )
  find_library(GNUTLS_DANE_LIBRARY NAMES gnutls-dane libgnutls-dane
    HINTS
    "${GNUTLS_DIR}"
    "${GNUTLS_DIR}/lib"
  )
  set(_GNUTLS_LIBRARIES "")
  if (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARY AND GNUTLS_DANE_LIBRARY)
    if (NOT TARGET GnuTLS::GnuTLS)
      add_library(GnuTLS::GnuTLS UNKNOWN IMPORTED)
      set_target_properties(GnuTLS::GnuTLS PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${GNUTLS_INCLUDE_DIR}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${GNUTLS_LIBRARY}"
        )
    endif ()
    if (NOT TARGET GnuTLS::Dane)
      add_library(GnuTLS::Dane UNKNOWN IMPORTED)
      set_target_properties(GnuTLS::Dane PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${GNUTLS_INCLUDE_DIR}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${GNUTLS_DANE_LIBRARY}"
        )
    endif ()
    if (NOT GNUTLS_VERSION AND GNUTLS_INCLUDE_DIR)
      file(STRINGS "${GNUTLS_INCLUDE_DIR}/gnutls/gnutls.h" GNUTLS_VER_H REGEX "^#define GNUTLS_VERSION_(MAJOR|MINOR|PATCH) ")
      string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*_PATCH ([0-9]+).*$" "\\1.\\2.\\3c" GNUTLS_VERSION "${GNUTLS_VER_H}")
    endif ()
  endif ()
  list(APPEND _GNUTLS_LIBRARIES "${GNUTLS_LIBRARY}" "${GNUTLS_DANE_LIBRARY}")
  set(GNUTLS_LIBRARIES ${_GNUTLS_LIBRARIES} CACHE STRING "GnuTLS libraries")
  include(FindPackageHandleStandardArgs)
  find_package_handle_standard_args(GnuTLS
    REQUIRED_VARS GNUTLS_LIBRARIES GNUTLS_INCLUDE_DIR
    VERSION_VAR GNUTLS_VERSION
    )
 endif ()
 mark_as_advanced(GNUTLS_INCLUDE_DIR GNUTLS_LIBRARIES GNUTLS_LIBRARY GNUTLS_DANE_LIBRARY)
--- a/cmake/modules/FindLibev.cmake
+++ b/cmake/modules/FindLibev.cmake
@ -1,63 +0,0 @@
 #[=======================================================================[.rst:
 FindLibev
 ---------
 Find the Libev library.
 Imported targets
 ^^^^^^^^^^^^^^^^
 This module defines the following :prop_tgt:`IMPORTED` targets:
 ``Libev::Libev``
  The Libev library, if found.
 Result variables
 ^^^^^^^^^^^^^^^^
 This module will set the following variables in your project:
 ``Libev_FOUND``
  If false, do not try to use Libev.
 ``LIBEV_INCLUDE_DIR``
  where to find libev headers.
 ``LIBEV_LIBRARIES``
  the libraries needed to use Libev.
 ``LIBEV_VERSION``
  the version of the Libev library found
 #]=======================================================================]
 find_path(LIBEV_INCLUDE_DIR ev.h
  HINTS
  "${LIBEV_DIR}"
  "${LIBEV_DIR}/include"
 )
 find_library(LIBEV_LIBRARY NAMES ev libev
  HINTS
  "${LIBEV_DIR}"
  "${LIBEV_DIR}/lib"
 )
 set(LIBEV_LIBRARIES "")
 if (LIBEV_INCLUDE_DIR AND LIBEV_LIBRARY)
  if (NOT TARGET Libev::Libev)
    add_library(Libev::Libev UNKNOWN IMPORTED)
    set_target_properties(Libev::Libev PROPERTIES
      INTERFACE_INCLUDE_DIRECTORIES "${LIBEV_INCLUDE_DIR}"
      IMPORTED_LINK_INTERFACE_LANGUAGES "C"
      IMPORTED_LOCATION "${LIBEV_LIBRARY}"
      )
  endif ()
 endif()
 list(APPEND LIBEV_LIBRARIES "${LIBEV_LIBRARY}")
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(Libev
  REQUIRED_VARS LIBEV_LIBRARIES LIBEV_INCLUDE_DIR
  )
 mark_as_advanced(LIBEV_INCLUDE_DIR LIBEV_LIBRARIES LIBEV_LIBRARY)
--- a/cmake/modules/FindLibevent2.cmake
+++ b/cmake/modules/FindLibevent2.cmake
@ -1,78 +0,0 @@
 #[=======================================================================[.rst:
 FindLibevent2
 -------------
 Find the Libevent2 library. For now this finds the core library only.
 Imported targets
 ^^^^^^^^^^^^^^^^
 This module defines the following :prop_tgt:`IMPORTED` targets:
 ``Libevent2::Libevent_core``
  The Libevent2 library, if found.
 Result variables
 ^^^^^^^^^^^^^^^^
 This module will set the following variables in your project:
 ``Libevent2_FOUND``
  If false, do not try to use Libevent2.
 ``LIBEVENT2_INCLUDE_DIR``
  where to find libevent headers.
 ``LIBEVENT2_LIBRARIES``
  the libraries needed to use Libevent2.
 ``LIBEVENT2_VERSION``
  the version of the Libevent2 library found
 #]=======================================================================]
 find_package(PkgConfig QUIET)
 if (PKG_CONFIG_FOUND)
    pkg_check_modules(PkgLibevent IMPORTED_TARGET GLOBAL QUIET libevent>=2)
 endif ()
 if (PkgLibevent_FOUND)
  set(LIBEVENT2_INCLUDE_DIR ${PkgLibevent_INCLUDE_DIRS} CACHE FILEPATH "libevent2 include path")
  set(LIBEVENT2_LIBRARIES ${PkgLibevent_LIBRARIES} CACHE STRING "libevent2 libraries")
  set(LIBEVENT2_VERSION ${PkgLibevent_VERSION})
  add_library(Libevent2::Libevent_core ALIAS PkgConfig::PkgLibevent)
  set(Libevent2_FOUND ON)
 else ()
  find_path(LIBEVENT2_INCLUDE_DIR event2/event.h
    HINTS
    "${LIBEVENT2_DIR}"
    "${LIBEVENT2_DIR}/include"
  )
  find_library(LIBEVENT2_LIBRARIES NAMES event_core libevent_core
    HINTS
    "${LIBEVENT2_DIR}"
    "${LIBEVENT2_DIR}/lib"
  )
  if (LIBEVENT2_INCLUDE_DIR AND LIBEVENT2_LIBRARIES)
    if (NOT TARGET Libevent2::Libevent_core)
      add_library(Libevent2::Libevent_core UNKNOWN IMPORTED)
      set_target_properties(Libevent2::Libevent_core PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${LIBEVENT2_INCLUDE_DIR}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${LIBEVENT2_LIBRARIES}"
        )
    endif ()
    if (NOT LIBEVENT2_VERSION AND LIBEVENT2_INCLUDE_DIR AND EXISTS "${LIBEVENT2_INCLUDE_DIR}/event2/event.h")
      file(STRINGS "${LIBEVENT2_INCLUDE_DIR}/event2/event-config.h" LIBEVENT2_H REGEX "^#define _?EVENT_+VERSION ")
      string(REGEX REPLACE "^.*EVENT_+VERSION \"([^\"]+)\".*$" "\\1" LIBEVENT2_VERSION "${LIBEVENT2_H}")
    endif ()
  endif ()
  include(FindPackageHandleStandardArgs)
  find_package_handle_standard_args(Libevent2
    REQUIRED_VARS LIBEVENT2_LIBRARIES LIBEVENT2_INCLUDE_DIR
    VERSION_VAR LIBEVENT2_VERSION
  )
 endif ()
 mark_as_advanced(LIBEVENT2_INCLUDE_DIR LIBEVENT2_LIBRARIES)
--- a/cmake/modules/FindLibidn2.cmake
+++ b/cmake/modules/FindLibidn2.cmake
@ -1,77 +0,0 @@
 #[=======================================================================[.rst:
 FindLibidn2
 -----------
 Find the Libidn2 library
 Imported targets
 ^^^^^^^^^^^^^^^^
 This module defines the following :prop_tgt:`IMPORTED` targets:
 ``Libidn2::Libidn2``
  The Libidn2 library, if found.
 Result variables
 ^^^^^^^^^^^^^^^^
 This module will set the following variables in your project:
 ``Libidn2_FOUND``
  If false, do not try to use Libidn2.
 ``LIBIDN2_INCLUDE_DIR``
  where to find libidn2 headers.
 ``LIBIDN2_LIBRARIES``
  the libraries needed to use Libidn2.
 ``LIBIDN2_VERSION``
  the version of the Libidn2 library found
 #]=======================================================================]
 find_package(PkgConfig QUIET)
 if (PKG_CONFIG_FOUND)
    pkg_check_modules(PkgLibIdn2 IMPORTED_TARGET GLOBAL libidn2)
 endif ()
 if (PkgLibIdn2_FOUND)
  set(LIBIDN2_INCLUDE_DIR ${PkgLibIdn2_INCLUDE_DIRS} CACHE FILEPATH "libidn2 include path")
  set(LIBIDN2_LIBRARIES ${PkgLibIdn2_LIBRARIES} CACHE STRING "libidn2 libraries")
  set(LIBIDN2_VERSION ${PkgLibIdn2_VERSION})
  add_library(Libidn2::Libidn2 ALIAS PkgConfig::PkgLibIdn2)
  set(Libidn2_FOUND ON)
 else ()
  find_path(LIBIDN2_INCLUDE_DIR idn2.h
    HINTS
      "${LIBIDN2_DIR}"
      "${LIBIDN2_DIR}/include"
  )
  find_library(LIBIDN2_LIBRARIES NAMES idn2 libidn2
    HINTS
      "${LIBIDN2_DIR}"
      "${LIBIDN2_DIR}/lib"
  )
  if (LIBIDN2_INCLUDE_DIR AND LIBIDN2_LIBRARIES)
    if (NOT TARGET Libidn2::Libidn2)
      add_library(Libidn2::Libidn2 UNKNOWN IMPORTED)
      set_target_properties(Libidn2::Libidn2 PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${LIBIDN2_INCLUDE_DIR}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${LIBIDN2_LIBRARIES}"
      )
    endif ()
    if (NOT LIBIDN2_VERSION AND LIBIDN2_INCLUDE_DIR AND EXISTS "${LIBIDN2_INCLUDE_DIR}/idn2.h")
      file(STRINGS "${LIBIDN2_INCLUDE_DIR}/idn2.h" LIBIDN2_H REGEX "^[ \t]*#[ \t]*define[ \t]+IDN2_VERSION[ \t]")
      string(REGEX REPLACE "^.*IDN2_VERSION[ \t]+\"([0-9.]+)\".*$" "\\1" LIBIDN2_VERSION "${LIBIDN2_H}")
    endif ()
  endif ()
  include(FindPackageHandleStandardArgs)
  find_package_handle_standard_args(Libidn2
    REQUIRED_VARS LIBIDN2_LIBRARIES LIBIDN2_INCLUDE_DIR
    VERSION_VAR LIBIDN2_VERSION
  )
 endif ()
 mark_as_advanced(LIBIDN2_INCLUDE_DIR LIBIDN2_LIBRARIES)
--- a/cmake/modules/FindLibunbound.cmake
+++ b/cmake/modules/FindLibunbound.cmake
@ -1,104 +0,0 @@
 #[=======================================================================[.rst:
 FindLibunbound
 --------------
 Find the Libunbound library
 Imported targets
 ^^^^^^^^^^^^^^^^
 This module defines the following :prop_tgt:`IMPORTED` targets:
 ``Libunbound::Libunbound``
  The Libunbound library, if found.
 Result variables
 ^^^^^^^^^^^^^^^^
 This module will set the following variables in your project:
 ``Libunbound_FOUND``
  If false, do not try to use Libunbound.
 ``LIBUNBOUND_INCLUDE_DIR``
  where to find libunbound headers.
 ``LIBUNBOUND_LIBRARIES``
  the libraries needed to use Libunbound.
 ``LIBUNBOUND_VERSION``
  the version of the Libunbound library found
 #]=======================================================================]
 find_package(PkgConfig QUIET)
 if (PKG_CONFIG_FOUND)
  pkg_check_modules(PkgLibunbound IMPORTED_TARGET GLOBAL QUIET libunbound)
 endif ()
 if (PkgLibunbound_FOUND)
  set(LIBUNBOUND_INCLUDE_DIR ${PkgLibunbound_INCLUDE_DIRS} CACHE FILEPATH "libunbound include path")
  set(LIBUNBOUND_LIBRARIES ${PkgLibunbound_LIBRARIES} CACHE STRING "libunbound libraries")
  set(LIBUNBOUND_VERSION ${PkgLibunbound_VERSION})
  add_library(Libunbound::Libunbound ALIAS PkgConfig::PkgLibunbound)
  set(Libunbound_FOUND ON)
 else ()
  find_path(LIBUNBOUND_INCLUDE_DIR unbound.h
    HINTS
    "${LIBUNBOUND_DIR}"
    "${LIBUNBOUND_DIR}/include"
  )
  find_library(LIBUNBOUND_LIBRARY NAMES unbound
    HINTS
    "${LIBUNBOUND_DIR}"
    "${LIBUNBOUND_DIR}/lib"
  )
  set(_LIBUNBOUND_LIBRARIES "")
  if (UNIX)
    find_package(Threads REQUIRED)
    find_package(OpenSSL REQUIRED)
    list(APPEND _LIBUNBOUND_LIBRARIES "${CMAKE_THREAD_LIBS_INIT}")
    list(APPEND _LIBUNBOUND_LIBRARIES "${OPENSSL_LIBRARIES}")
  endif()
  if (LIBUNBOUND_INCLUDE_DIR AND LIBUNBOUND_LIBRARY)
    if (NOT TARGET Libunbound::Libunbound)
      add_library(Libunbound::Libunbound UNKNOWN IMPORTED)
      set_target_properties(Libunbound::Libunbound PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${LIBUNBOUND_INCLUDE_DIR}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${LIBUNBOUND_LIBRARY}"
        )
      if(UNIX AND TARGET Threads::Threads)
        set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
          INTERFACE_LINK_LIBRARIES Threads::Threads)
      endif ()
      if(UNIX AND TARGET OpenSSL::SSL)
        set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
          INTERFACE_LINK_LIBRARIES OpenSSL::SSL)
      endif ()
      if(UNIX AND TARGET OpenSSL::Crypto)
        set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
          INTERFACE_LINK_LIBRARIES OpenSSL::Crypto)
      endif ()
    endif ()
    if (NOT LIBUNBOUND_VERSION AND LIBUNBOUND_INCLUDE_DIR AND EXISTS "${LIBUNBOUND_INCLUDE_DIR}/unbound.h")
      file(STRINGS "${LIBUNBOUND_INCLUDE_DIR}/unbound.h" LIBUNBOUND_H REGEX "^#define UNBOUND_VERSION_M[A-Z]+")
      string(REGEX REPLACE "^.*MAJOR ([0-9]+).*MINOR ([0-9]+).*MICRO ([0-9]+).*$" "\\1.\\2.\\3" LIBUNBOUND_VERSION "${LIBUNBOUND_H}")
    endif ()
  endif ()
  list(APPEND _LIBUNBOUND_LIBRARIES "${LIBUNBOUND_LIBRARY}")
  set(LIBUNBOUND_LIBRARIES ${_LIBUNBOUND_LIBRARIES} CACHE STRING "libunbound libraries")
  include(FindPackageHandleStandardArgs)
  find_package_handle_standard_args(Libunbound
    REQUIRED_VARS LIBUNBOUND_LIBRARIES LIBUNBOUND_INCLUDE_DIR
    VERSION_VAR LIBUNBOUND_VERSION
    )
 endif ()
 mark_as_advanced(LIBUNBOUND_INCLUDE_DIR LIBUNBOUND_LIBRARIES LIBUNBOUND_LIBRARY)
--- a/cmake/modules/FindLibuv.cmake
+++ b/cmake/modules/FindLibuv.cmake
@ -1,82 +0,0 @@
 #[=======================================================================[.rst:
 FindLibuv
 ---------
 Find the Libuv library.
 Imported targets
 ^^^^^^^^^^^^^^^^
 This module defines the following :prop_tgt:`IMPORTED` targets:
 ``Libuv::Libuv``
  The Libuv library, if found.
 Result variables
 ^^^^^^^^^^^^^^^^
 This module will set the following variables in your project:
 ``Libuv_FOUND``
  If false, do not try to use Libuv.
 ``LIBUV_INCLUDE_DIR``
  where to find libuv headers.
 ``LIBUV_LIBRARIES``
  the libraries needed to use Libuv.
 ``LIBUV_VERSION``
  the version of the Libuv library found
 #]=======================================================================]
 find_package(PkgConfig QUIET)
 if (PKG_CONFIG_FOUND)
  pkg_check_modules(PkgLibuv IMPORTED_TARGET GLOBAL libuv)
 endif ()
 if (PkgLibuv_FOUND)
  set(LIBUV_INCLUDE_DIR ${PkgLibuv_INCLUDE_DIRS} CACHE FILEPATH "libuv include path")
  set(LIBUV_LIBRARIES ${PkgLibuv_LIBRARIES} CACHE STRING "libuv libraries")
  set(LIBUV_VERSION ${PkgLibuv_VERSION})
  add_library(Libuv::Libuv ALIAS PkgConfig::PkgLibuv)
  set(Libuv_FOUND ON)
 else ()
  find_path(LIBUV_INCLUDE_DIR uv.h
    HINTS
    "${LIBUV_DIR}"
    "${LIBUV_DIR}/include"
  )
  find_library(LIBUV_LIBRARIES NAMES uv libuv
    HINTS
    "${LIBUV_DIR}"
    "${LIBUV_DIR}/lib"
  )
  if (LIBUV_INCLUDE_DIR AND LIBUV_LIBRARIES)
    if (NOT TARGET Libuv::Libuv)
      add_library(Libuv::Libuv UNKNOWN IMPORTED)
      set_target_properties(Libuv::Libuv PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${LIBUV_INCLUDE_DIR}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${LIBUV_LIBRARIES}"
        )
    endif ()
    if (NOT LIBUV_VERSION AND LIBUV_INCLUDE_DIR)
      if (EXISTS "${LIBUV_INCLUDE_DIR}/uv-version.h")
        file(STRINGS "${LIBUV_INCLUDE_DIR}/uv-version.h" LIBUV_VER_H REGEX "^#define UV_VERSION_(MAJOR|MINOR|PATCH) ")
      elseif (EXISTS "${LIBUV_INCLUDE_DIR}/uv/version.h")
        file(STRINGS "${LIBUV_INCLUDE_DIR}/uv/version.h" LIBUV_VER_H REGEX "^#define UV_VERSION_(MAJOR|MINOR|PATCH) ")
      endif ()
      string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*_PATCH ([0-9]+).*$" "\\1.\\2.\\3" LIBUV_VERSION "${LIBUV_VER_H}")
    endif ()
  endif ()
  include(FindPackageHandleStandardArgs)
  find_package_handle_standard_args(Libuv
    REQUIRED_VARS LIBUV_LIBRARIES LIBUV_INCLUDE_DIR
    VERSION_VAR LIBUV_VERSION
  )
 endif ()
 mark_as_advanced(LIBUV_INCLUDE_DIR LIBUV_LIBRARIES)
--- a/cmake/modules/FindNettle.cmake
+++ b/cmake/modules/FindNettle.cmake
@ -1,111 +0,0 @@
 #[=======================================================================[.rst:
 FindNettle
 ----------
 Find the Nettle library.
 Imported targets
 ^^^^^^^^^^^^^^^^
 This module defines the following :prop_tgt:`IMPORTED` targets:
 ``Nettle::Nettle``
  The Nettle library, if found.
 ``Nettle::Hogweed``
  The Hogweed library, if found.
 Result variables
 ^^^^^^^^^^^^^^^^
 This module will set the following variables in your project:
 ``Nettle_FOUND``
  If false, do not try to use Nettle.
 ``NETTLE_INCLUDE_DIR``
  where to find Nettle headers.
 ``NETTLE_LIBRARIES``
  the libraries needed to use Nettle.
 ``NETTLE_VERSION``
  the version of the Nettle library found
 #]=======================================================================]
 find_package(PkgConfig QUIET)
 if(PKG_CONFIG_FOUND)
  pkg_check_modules(PkgNettle IMPORTED_TARGET GLOBAL nettle)
  pkg_check_modules(PkgHogweed IMPORTED_TARGET GLOBAL QUIET hogweed)
 endif()
 if(PkgNettle_FOUND AND PkHogweed_FOUND)
  set(NETTLE_INCLUDE_DIR ${PkgNettle_INCLUDE_DIRS} ${PkgHogweed_INCLUDE_DIRS} CACHE FILEPATH "Nettle include path")
  set(NETTLE_LIBRARIES ${PkgNettle_LIBRARIES} ${PkgHogweed_LIBRARIES} CACHE STRING "Nettle libraries")
  set(NETTLE_VERSION ${PkgNettle_VERSION})
  add_library(Nettle::Nettle ALIAS PkgConfig::PkgNettle)
  add_library(Nettle::Hogweed ALIAS PkgConfig::PkgHogweed)
  set(Nettle_FOUND ON)
 else()
  find_path(NETTLE_INCLUDE_DIR nettle/version.h
    HINTS
    "${NETTLE_DIR}"
    "${NETTLE_DIR}/include"
  )
  find_library(NETTLE_LIBRARY NAMES nettle libnettle
    HINTS
    "${NETTLE_DIR}"
    "${NETTLE_DIR}/lib"
  )
  find_library(HOGWEED_LIBRARY NAMES hogweed libhogweed
    HINTS
    "${NETTLE_DIR}"
    "${NETTLE_DIR}/lib"
  )
  set(_NETTLE_LIBRARIES ${NETTLE_LIBRARY} ${HOGWEED_LIBRARY})
  # May need gmp library on Unix.
  if (UNIX)
    find_library(NETTLE_GMP_LIBRARY gmp)
  endif ()
  if (NETTLE_GMP_LIBRARY)
    list(APPEND _NETTLE_LIBRARIES "${NETTLE_GMP_LIBRARY}")
 endif ()
  set(NETTLE_LIBRARIES ${_NETTLE_LIBRARIES} CACHE STRING "nettle libraries")
  if (NETTLE_INCLUDE_DIR AND NETTLE_LIBRARY AND HOGWEED_LIBRARY)
    if (NOT TARGET Nettle::Nettle)
      add_library(Nettle::Nettle UNKNOWN IMPORTED)
      set_target_properties(Nettle::Nettle PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${NETTLE_INCLUDE_DIR}"
        INTERFACE_LINK_LIBRARIES "${NETTLE_LIBRARIES}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${NETTLE_LIBRARY}"
        )
    endif ()
    if (NOT TARGET Nettle::Hogweed)
      add_library(Nettle::Hogweed UNKNOWN IMPORTED)
      set_target_properties(Nettle::Hogweed PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${NETTLE_INCLUDE_DIR}"
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
        IMPORTED_LOCATION "${HOGWEED_LIBRARY}"
        )
    endif ()
    if (NOT NETTLE_VERSION AND NETTLE_INCLUDE_DIR)
      file(STRINGS "${NETTLE_INCLUDE_DIR}/nettle/version.h" NETTLE_VER_H REGEX "^#define NETTLE_VERSION_(MAJOR|MINOR) ")
      string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*$" "\\1.\\2" NETTLE_VERSION "${NETTLE_VER_H}")
    endif ()
  endif()
  list(APPEND NETTLE_LIBRARIES "${NETTLE_LIBRARY}" "${HOGWEED_LIBRARY}")
  include(FindPackageHandleStandardArgs)
  find_package_handle_standard_args(Nettle
    REQUIRED_VARS NETTLE_LIBRARIES NETTLE_INCLUDE_DIR
    VERSION_VAR NETTLE_VERSION
  )
 endif()
 mark_as_advanced(NETTLE_INCLUDE_DIR NETTLE_LIBRARIES NETTLE_LIBRARY HOGWEED_LIBRARY NETTLE_GMP_LIBRARY)
--- a/cmake/modules/TargetSharedLibraryExports.cmake
+++ b/cmake/modules/TargetSharedLibraryExports.cmake
@ -1,27 +0,0 @@
 # Export only named entry points from shared library.
 function(target_shared_library_exports lib libname symbols)
  if (WIN32)
    file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def" "LIBRARY ${libname}\n  EXPORTS\n")
    foreach (symbol IN LISTS symbols)
      file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def" "    ${symbol}\n")
    endforeach ()
    target_sources(${lib} PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def")
  elseif (APPLE)
    file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms" "")
    foreach (symbol IN LISTS symbols)
      file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms" "_${symbol}\n")
    endforeach ()
    target_sources(${lib} PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms")
    target_link_libraries(${lib} PRIVATE "-exported_symbols_list ${libname}.syms")
  elseif (UNIX)
    # Assume GNU ld.
    file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "{ global:\n")
    foreach (symbol IN LISTS symbols)
      file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "  ${symbol};\n")
    endforeach ()
    file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "local:\n  *;\n};\n")
    target_link_libraries(${lib} PRIVATE "-Wl,--version-script=${libname}.ver")
  else ()
    message(WARNING "Unknown platform, ${lib} exports not set.")
  endif ()
 endfunction ()
--- a/cmake/modules/TargetSharedLibraryVersion.cmake
+++ b/cmake/modules/TargetSharedLibraryVersion.cmake
@ -1,25 +0,0 @@
 # Add version to given shared library linkage.
 function(target_shared_library_version lib version_current version_revision version_age)
  if (APPLE)
    # Follow libtool. Add one to major version, as version 0 doesn't work.
    # But tag dynlib name with current-age.
    math(EXPR major_version "${version_current}+1")
    math(EXPR dynlib_version "${version_current}-${version_age}")
    set_target_properties(${lib} PROPERTIES VERSION "${dynlib_version}")
    target_link_libraries(${lib} PRIVATE "-compatibility_version ${major_version}")
    target_link_libraries(${lib} PRIVATE "-current_version ${major_version}.${version_revision}")
  elseif (UNIX OR MINGW OR MSYS OR CYGWIN)
    # Assume GNU ld, and again follow libtool. Major version is current-age.
    math(EXPR compat_version "${version_current}-${version_age}")
    set_target_properties(${lib} PROPERTIES VERSION "${compat_version}.${version_age}.${version_revision}" SOVERSION "${compat_version}")
  elseif (WIN32)
    set(rc_template "${CMAKE_CURRENT_SOURCE_DIR}/cmake/include/${lib}_version.rc.in")
    if (EXISTS ${rc_template})
      configure_file(${rc_template} ${lib}.rc @ONLY)
      target_sources(${lib} PRIVATE ${lib}.rc)
    endif ()
    target_link_libraries(${lib} PRIVATE "-VERSION:${version_current}.${version_revision}")
  else ()
    message(WARNING "Unknown platform, ${lib} will not be versioned.")
  endif ()
 endfunction ()
--- a/cmake/tests/test_func.c
+++ b/cmake/tests/test_func.c
@ -1,4 +0,0 @@
 int main (int ac, char *av[])
 {
 	char *s = __func__;
 }
--- a/cmake/tests/test_poll.c
+++ b/cmake/tests/test_poll.c
@ -1,11 +0,0 @@
 #ifdef HAVE_SYS_POLL_H
 #include <sys/poll.h>
 #else
 #include <poll.h>
 #endif
 int main (int ac, char *av[])
 {
    int rc;
    rc = poll((struct pollfd *)(0), 0, 0);
 }
--- a/cmake/tests/test_uv_cb.c
+++ b/cmake/tests/test_uv_cb.c
@ -1,12 +0,0 @@
 #include <uv.h>
 void test_cb(uv_timer_t *handle)
 {
    (void) handle;
 }
 int main(int ac, char *av[])
 {
    uv_timer_cb cb = test_cb;
    (*cb)(0);
 }
--- a/configure.ac
+++ b/configure.ac
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@ -0,0 +1,92 @@
 #
 # @configure_input@
 #
 #
 # Copyright (c) 2013, Verisign, Inc., NLnet Labs
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
 # * Redistributions of source code must retain the above copyright
 # notice, this list of conditions and the following disclaimer.
 # * Redistributions in binary form must reproduce the above copyright
 #   notice, this list of conditions and the following disclaimer in the
 #   documentation and/or other materials provided with the distribution.
 # * Neither the names of the copyright holders nor the
 #   names of its contributors may be used to endorse or promote products
 #   derived from this software without specific prior written permission.
 # 
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 package = @PACKAGE_NAME@
 version = @PACKAGE_VERSION@
 tarname = @PACKAGE_TARNAME@
 distdir = $(tarname)-$(version)
 api_version = @API_VERSION@
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 bindir = @bindir@
 # datarootdir is here to please some checkers
 datarootdir=@datarootdir@
 mandir = @mandir@
 INSTALL = @INSTALL@
 srcdir = @srcdir@
 VPATH = @srcdir@
 EDITS=-e 's/@''version@/$(version)/g'
 DOXYGEN = @DOXYGEN@
 DOCDIRS = html latex man
 MANPAGES3 = libgetdns.3 getdns_address.3 getdns_cancel_callback.3 getdns_context.3 getdns_context_set.3 getdns_context_set_context_update_callback.3 getdns_convert.3 getdns_dict.3 getdns_dict_get.3 getdns_dict_set.3 getdns_display_ip_address.3 getdns_general.3 getdns_hostname.3 getdns_list.3 getdns_list_get.3 getdns_list_set.3 getdns_pretty_print_dict.3 getdns_root_trust_anchor.3 getdns_service.3 getdns_validate_dnssec.3 
 default: all
 all: doc
 doc: 	$(MANPAGES3)
 	if test x_$(DOXYGEN) != x_ ; then cd ../src; doxygen; fi
 .SUFFIXES: .3.in .3
 .3.in.3:
 	sed $(EDITS) -e "s/@date@/$(api_version)/g" $< > $@
 # we assume that we want a separate file for each "name" specified for each man page
 # and consider these "alternate names" simple copies of the main man page
 install:	$(MANPAGES3)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man3
 	for x in $(MANPAGES3); do echo $(INSTALL) -m 644 $$x $(DESTDIR)$(mandir)/man3; $(INSTALL) -m 644 $$x $(DESTDIR)$(mandir)/man3; for altpg in $$($(srcdir)/manpgaltnames $$x); do cp $$x $$altpg; echo $(INSTALL) -m 644 $$altpg $(DESTDIR)$(mandir)/man3; $(INSTALL) -m 644 $$altpg $(DESTDIR)$(mandir)/man3; done; done
 check: $(MANPAGES3)
 	for x in $(MANPAGES3); do LC_ALL=en_US.UTF-8 MANROFFSEQ='' MANWIDTH=80 man --warnings -E UTF-8 -l -Tutf8 -Z $$x 2>&1 >/dev/null | awk "-vpage=$$x" '{printf("%s: ", page);print}'; if ! lexgrog $$x >/dev/null 2>&1 ; then echo $$x: manpage-has-bad-whatis-entry; fi; done
 uninstall:
 	for x in $(MANPAGES3); do echo rm -f $(DESTDIR)$(mandir)/man3/$$x; rm -f $(DESTDIR)$(mandir)/man3/$$x; for altpg in $$($(srcdir)/manpgaltnames $$x); do echo rm -f $(DESTDIR)$(mandir)/man3/$$altpg;  rm -f $(DESTDIR)$(mandir)/man3/$$altpg; done; done
 clean:
 	for x in $(MANPAGES3); do rm -f $$($(srcdir)/manpgaltnames $$x); done
 	rm -rf $(DOCDIRS) $(MANPAGES3)
 distclean : clean
 	rm -f Makefile config.status config.log
 	rm -Rf autom4te.cache
 Makefile: Makefile.in ../config.status
 	cd .. && ./config.status $@
 configure.status: configure
 	cd .. && ./config.status --recheck
 .PHONY: clean $(DOC)
--- a/project-doc/check_getdns_testcases.doc
+++ b/project-doc/check_getdns_testcases.doc
--- a/doc/getdns_address.3.in
+++ b/doc/getdns_address.3.in
@ -33,7 +33,7 @@
 -- get ip address(es) for a name
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_cancel_callback.3.in
+++ b/doc/getdns_cancel_callback.3.in
@ -32,7 +32,7 @@
 -- cancel an outstanding asyn getdns request
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_context.3.in
+++ b/doc/getdns_context.3.in
@ -39,7 +39,7 @@
 .ad n
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
@ -134,16 +134,6 @@ will be called with a callback_type of GETDNS_CALLBACK_CANCEL.
 getdns_context_destroy() returns after all of the needed cleanup is done and
 callbacks are made.
 .LP
 If you are using getdns in a multi-threaded manner, you are then of course using
 the underlying OpenSSL library multi-threaded and the version of that library
 in use might have a requirements on this issue. You may need to provide one or 
 two functions to allow it to function properly. For example before you call 
 getdns_context_create() you may need to use 
 the openssl functions CRYPTO_set_id_callback and CRYPTO_set_locking_callback to set up
 asynchronous operation (the  application calls these functions once for initialisation).
 Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function.
 .HP 3
 .I context
 Used to return the pointer to an opaque structure.  The caller passes the address of a pointer (decl: getdns_context *context; passed as &context) which will be populated as a result of returning from the function.  The result is a newly allocated and initialized context (if there are no errors).  In the getdns_destroy_context function this is the context whose associated memory will be released.
--- a/doc/getdns_context_set.3.in
+++ b/doc/getdns_context_set.3.in
@ -45,7 +45,7 @@
 .ad n
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_context_set_context_update_callback.3.in
+++ b/doc/getdns_context_set_context_update_callback.3.in
@ -32,7 +32,7 @@
 -- get informed on getdns context updates
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_convert.3.in
+++ b/doc/getdns_convert.3.in
@ -34,7 +34,7 @@
 -- convert dname between presentation- and wire-format
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_dict.3.in
+++ b/doc/getdns_dict.3.in
@ -38,7 +38,7 @@
 .ad n
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_dict_get.3.in
+++ b/doc/getdns_dict_get.3.in
@ -38,7 +38,7 @@
 -- get value by name from a getdns dict
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_dict_set.3.in
+++ b/doc/getdns_dict_set.3.in
@ -36,7 +36,7 @@
 -- set a value by name in a getdns dict
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_display_ip_address.3.in
+++ b/doc/getdns_display_ip_address.3.in
@ -32,7 +32,7 @@
 -- convert an getdns ip address to string
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_general.3.in
+++ b/doc/getdns_general.3.in
@ -33,7 +33,7 @@
 -- do a getdns DNS lookup
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
@ -76,7 +76,7 @@ getdns_dict **response)
 The getdns_general(3) and getdns_general_sync functions provide public entry
 points into the getdns API library to retrieve any valid responses to a query
 from the DNS (note that other namespaces in the context are not used).   Most
-typical use cases for applications are probably satisfied via calls to
+typical use cases for applications are probably satisifed via calls to
 getdns_address(3) which would replace getaddrinfo(3).
 .HP 3
--- a/doc/getdns_hostname.3.in
+++ b/doc/getdns_hostname.3.in
@ -33,7 +33,7 @@
 -- get hostname by address
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_list.3.in
+++ b/doc/getdns_list.3.in
@ -38,7 +38,7 @@
 .ad n
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_list_get.3.in
+++ b/doc/getdns_list_get.3.in
@ -38,7 +38,7 @@
 -- get a value by index from a getdns list
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_list_set.3.in
+++ b/doc/getdns_list_set.3.in
@ -36,7 +36,7 @@
 -- set a value by index from a getdns list
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_pretty_print_dict.3.in
+++ b/doc/getdns_pretty_print_dict.3.in
@ -32,12 +32,12 @@
 -- return a string representation of a getdns dict
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
-char *
+getdns_list * 
 .br
 .B getdns_pretty_print_dict
 (const getdns_dict *this_dict)
--- a/doc/getdns_root_trust_anchor.3.in
+++ b/doc/getdns_root_trust_anchor.3.in
@ -32,7 +32,7 @@
 -- return the getdns list of default root trust anchors
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_service.3.in
+++ b/doc/getdns_service.3.in
@ -33,7 +33,7 @@
 -- getdns lookup of a service
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/getdns_validate_dnssec.3.in
+++ b/doc/getdns_validate_dnssec.3.in
@ -32,7 +32,7 @@
 -- DNSSEC validate a given getdns record
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 #include <getdns.h>
--- a/doc/libgetdns.3.in
+++ b/doc/libgetdns.3.in
@ -32,7 +32,7 @@ libgetdns
 -- an implementation of a modern asynchronous DNS API by and for application developers
 .SH LIBRARY
-DNS Resolver library (libgetdns, \-lgetdns)
+DNS Resolver library (libgetdns, -lgetdns)
 .SH SYNOPSIS
 .B libgetdns
@ -230,7 +230,7 @@ Set to GETDNS_EXTENSION_TRUE to include the DNSSEC status for each DNS record in
 .HP 3
 "dnssec_return_only_secure" (int)
-Set to GETDNS_EXTENSION_TRUE to cause only records that the API can validate as secure with DNSSEC to be returned in the
+Set to GETDNS_EXTENSION_TRUE to cause only records that the API can validate as secure withe DNSSEC to be returned in the
 .I replies_tree
 and
 .I replies_full lists
--- a/getdns.pc.in
+++ b/getdns.pc.in
@ -1,7 +1,7 @@
 prefix=@prefix@
 exec_prefix=${prefix}
-libdir=@libdir_for_pc_file@
+libdir=${exec_prefix}/lib
-includedir=@includedir_for_pc_file@
+includedir=${prefix}/include
 Name: getdns 
 Version: @GETDNS_VERSION@
--- a/getdns_ext_event.pc.in
+++ b/getdns_ext_event.pc.in
@ -1,11 +0,0 @@
 prefix=@prefix@
 exec_prefix=${prefix}
 libdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@
 includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
 Name: getdns_ext_event
 Version: @GETDNS_VERSION@
 Description: A modern asynchronous DNS library
 Libs: -L${libdir} -lgetdns_ext_event
 Cflags: -I${includedir}
--- a/m4/acx_getaddrinfo.m4
+++ b/m4/acx_getaddrinfo.m4
@ -0,0 +1,81 @@
 # Taken from acx_nlnetlabs.m4 - common macros for configure checks
 # Copyright 2009, Wouter Wijngaards, NLnet Labs.   
 # BSD licensed.
 #
 dnl Check getaddrinfo.
 dnl Works on linux, solaris, bsd and windows(links winsock).
 dnl defines HAVE_GETADDRINFO, USE_WINSOCK.
 AC_DEFUN([ACX_CHECK_GETADDRINFO_WITH_INCLUDES],
 [AC_REQUIRE([AC_PROG_CC])
 AC_MSG_CHECKING(for getaddrinfo)
 ac_cv_func_getaddrinfo=no
 AC_LINK_IFELSE(
 [AC_LANG_SOURCE([[
 #ifdef __cplusplus
 extern "C"
 {
 #endif
 char* getaddrinfo();
 char* (*f) () = getaddrinfo;
 #ifdef __cplusplus
 }
 #endif
 int main() {
        ;
        return 0;
 }
 ]])],
 dnl this case on linux, solaris, bsd
 [ac_cv_func_getaddrinfo="yes"
 dnl see if on windows
 if test "$ac_cv_header_windows_h" = "yes"; then
 	AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
 	USE_WINSOCK="1"
 	LIBS="$LIBS -lws2_32"
 fi
 ],
 dnl no quick getaddrinfo, try mingw32 and winsock2 library.
 ORIGLIBS="$LIBS"
 LIBS="$LIBS -lws2_32"
 AC_LINK_IFELSE(
 [AC_LANG_PROGRAM(
 [
 #define _WIN32_WINNT 0x0501
 #ifdef HAVE_WINDOWS_H
 #include <windows.h>
 #endif
 #ifdef HAVE_WINSOCK_H
 #include <winsock.h>
 #endif
 #ifdef HAVE_WINSOCK2_H
 #include <winsock2.h>
 #endif
 #include <stdio.h>
 #ifdef HAVE_WS2TCPIP_H
 #include <ws2tcpip.h>
 #endif
 ],
 [
        (void)getaddrinfo(NULL, NULL, NULL, NULL);
 ]
 )],
 [
 ac_cv_func_getaddrinfo="yes"
 dnl already: LIBS="$LIBS -lws2_32"
 AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
 USE_WINSOCK="1"
 ],
 [
 ac_cv_func_getaddrinfo="no"
 LIBS="$ORIGLIBS"
 ])
 )
 AC_MSG_RESULT($ac_cv_func_getaddrinfo)
 if test $ac_cv_func_getaddrinfo = yes; then
  AC_DEFINE(HAVE_GETADDRINFO, 1, [Whether getaddrinfo is available])
 fi
 ])dnl Endof AC_CHECK_GETADDRINFO_WITH_INCLUDES
 dnl End of file
--- a/m4/acx_openssl.m4
+++ b/m4/acx_openssl.m4
@ -0,0 +1,164 @@
 # Taken from acx_nlnetlabs.m4 - common macros for configure checks
 # Copyright 2009, Wouter Wijngaards, NLnet Labs.   
 # BSD licensed.
 #
 dnl Add a -R to the RUNTIME_PATH.  Only if rpath is enabled and it is
 dnl an absolute path.
 dnl $1: the pathname to add.
 AC_DEFUN([ACX_RUNTIME_PATH_ADD], [
 	if test "x$enable_rpath" = xyes; then
 		if echo "$1" | grep "^/" >/dev/null; then
 			RUNTIME_PATH="$RUNTIME_PATH -R$1"
 		fi
 	fi
 ])
 dnl Common code for both ACX_WITH_SSL and ACX_WITH_SSL_OPTIONAL
 dnl Takes one argument; the withval checked in those 2 functions
 dnl sets up the environment for the given openssl path
 AC_DEFUN([ACX_SSL_CHECKS], [
    withval=$1
    if test x_$withval != x_no; then
        AC_MSG_CHECKING(for SSL)
        if test x_$withval = x_ -o x_$withval = x_yes; then
            withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr"
        fi
        for dir in $withval; do
            ssldir="$dir"
            if test -f "$dir/include/openssl/ssl.h"; then
                found_ssl="yes"
                AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.])
                dnl assume /usr/include is already in the include-path.
                if test "$ssldir" != "/usr"; then
                        CPPFLAGS="$CPPFLAGS -I$ssldir/include"
                        LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include"
                fi
                break;
            fi
        done
        if test x_$found_ssl != x_yes; then
            AC_MSG_ERROR(Cannot find the SSL libraries in $withval)
        else
            AC_MSG_RESULT(found in $ssldir)
            HAVE_SSL=yes
            dnl assume /usr is already in the lib and dynlib paths.
            if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
                LDFLAGS="$LDFLAGS -L$ssldir/lib"
                LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
                ACX_RUNTIME_PATH_ADD([$ssldir/lib])
            fi
            AC_MSG_CHECKING([for HMAC_CTX_init in -lcrypto])
            LIBS="$LIBS -lssl -lcrypto"
            LIBSSL_LIBS="$LIBSSL_LIBS -lssl -lcrypto"
            AC_TRY_LINK(, [
                int HMAC_CTX_init(void);
                (void)HMAC_CTX_init();
              ], [
                AC_MSG_RESULT(yes)
                AC_DEFINE([HAVE_HMAC_CTX_INIT], 1, 
                          [If you have HMAC_CTX_init])
              ], [
                AC_MSG_RESULT(no)
                # check if -lwsock32 or -lgdi32 are needed.	
                BAKLIBS="$LIBS"
                BAKSSLLIBS="$LIBSSL_LIBS"
                LIBS="$LIBS -lgdi32"
                LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
                AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
                AC_TRY_LINK([], [
                    int HMAC_CTX_init(void);
                    (void)HMAC_CTX_init();
                  ],[
                    AC_DEFINE([HAVE_HMAC_CTX_INIT], 1, 
                        [If you have HMAC_CTX_init])
                    AC_MSG_RESULT(yes) 
                  ],[
                    AC_MSG_RESULT(no)
                    LIBS="$BAKLIBS"
                    LIBSSL_LIBS="$BAKSSLLIBS"
                    LIBS="$LIBS -ldl"
                    LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
                    AC_MSG_CHECKING([if -lcrypto needs -ldl])
                    AC_TRY_LINK([], [
                        int HMAC_CTX_init(void);
                        (void)HMAC_CTX_init();
                      ],[
                        AC_DEFINE([HAVE_HMAC_CTX_INIT], 1, 
                            [If you have HMAC_CTX_init])
                        AC_MSG_RESULT(yes) 
                      ],[
                        AC_MSG_RESULT(no)
                    AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
                    ])
                ])
            ])
        fi
        AC_SUBST(HAVE_SSL)
        AC_SUBST(RUNTIME_PATH)
    fi
 AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
 dnl TLS v1.2 requires OpenSSL 1.0.1
 AC_CHECK_LIB(ssl, TLSv1_2_client_method,AC_DEFINE([HAVE_TLS_v1_2], [1],
    [Define if you have libssl with tls 1.2]),[AC_MSG_WARN([Cannot find TLSv1_2_client_method in libssl library. TLS will not be available.])])
 dnl Native OpenSSL hostname verification requires OpenSSL 1.0.2
 AC_CHECK_LIB(ssl, SSL_CTX_get0_param,AC_DEFINE([HAVE_SSL_HN_AUTH], [1],
    [Define if you have libssl with host name verification]),[AC_MSG_WARN([Cannot find SSL_CTX_get0_param in libssl library. TLS hostname verification will not be available.])])
 ])
 dnl Check for SSL, where SSL is mandatory
 dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found
 dnl Setup of CPPFLAGS, CFLAGS.  Adds -lcrypto to LIBS. 
 dnl Checks main header files of SSL.
 dnl
 AC_DEFUN([ACX_WITH_SSL],
 [
 AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
                                    [enable SSL (will check /usr/local/ssl
                            /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
        ],[
            withval="yes"
        ])
    if test x_$withval = x_no; then
 	AC_MSG_ERROR([Need SSL library to do digital signature cryptography])
    fi
    ACX_SSL_CHECKS($withval)
 ])dnl End of ACX_WITH_SSL
 dnl Check for SSL, where ssl is optional (--without-ssl is allowed)
 dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found
 dnl Setup of CPPFLAGS, CFLAGS.  Adds -lcrypto to LIBS. 
 dnl Checks main header files of SSL.
 dnl
 AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
 [
 AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
                                [enable SSL (will check /usr/local/ssl
                                /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
        ],[
            withval="yes"
        ])
    ACX_SSL_CHECKS($withval)
 ])dnl End of ACX_WITH_SSL_OPTIONAL
 dnl Setup to use -lssl
 dnl To use -lcrypto, use the ACX_WITH_SSL setup (before this one).
 AC_DEFUN([ACX_LIB_SSL],
 [
 # check if libssl needs libdl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
 AC_MSG_CHECKING([if libssl needs libdl])
 AC_TRY_LINK_FUNC([SSL_CTX_new], [
 	AC_MSG_RESULT([no])
 	LIBS="$BAKLIBS"
 ] , [
 	AC_MSG_RESULT([yes])
 	LIBS="$BAKLIBS"
 	AC_SEARCH_LIBS([dlopen], [dl])
 ]) ])dnl End of ACX_LIB_SSL
--- a/m4/ax_check_compile_flag.m4
+++ b/m4/ax_check_compile_flag.m4
@ -0,0 +1,74 @@
 # ===========================================================================
 #   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
 # ===========================================================================
 #
 # SYNOPSIS
 #
 #   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
 #
 # DESCRIPTION
 #
 #   Check whether the given FLAG works with the current language's compiler
 #   or gives an error.  (Warnings, however, are ignored)
 #
 #   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
 #   success/failure.
 #
 #   If EXTRA-FLAGS is defined, it is added to the current language's default
 #   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
 #   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
 #   force the compiler to issue an error when a bad flag is given.
 #
 #   INPUT gives an alternative input source to AC_COMPILE_IFELSE.
 #
 #   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
 #   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
 #
 # LICENSE
 #
 #   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
 #   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
 #
 #   This program is free software: you can redistribute it and/or modify it
 #   under the terms of the GNU General Public License as published by the
 #   Free Software Foundation, either version 3 of the License, or (at your
 #   option) any later version.
 #
 #   This program is distributed in the hope that it will be useful, but
 #   WITHOUT ANY WARRANTY; without even the implied warranty of
 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
 #   Public License for more details.
 #
 #   You should have received a copy of the GNU General Public License along
 #   with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #   As a special exception, the respective Autoconf Macro's copyright owner
 #   gives unlimited permission to copy, distribute and modify the configure
 #   scripts that are the output of Autoconf when processing the Macro. You
 #   need not follow the terms of the GNU General Public License when using
 #   or distributing such scripts, even though portions of the text of the
 #   Macro appear in them. The GNU General Public License (GPL) does govern
 #   all other use of the material that constitutes the Autoconf Macro.
 #
 #   This special exception to the GPL applies to versions of the Autoconf
 #   Macro released by the Autoconf Archive. When you make and distribute a
 #   modified version of the Autoconf Macro, you may extend this special
 #   exception to the GPL to apply to your modified version as well.
 #serial 3
 AC_DEFUN([AX_CHECK_COMPILE_FLAG],
 [AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
 AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
 AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
  AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
    [AS_VAR_SET(CACHEVAR,[yes])],
    [AS_VAR_SET(CACHEVAR,[no])])
  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
 AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
  [m4_default([$2], :)],
  [m4_default([$3], :)])
 AS_VAR_POPDEF([CACHEVAR])dnl
 ])dnl AX_CHECK_COMPILE_FLAGS
--- a/m4/pkg.m4
+++ b/m4/pkg.m4
@ -0,0 +1,214 @@
 # pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
 # serial 1 (pkg-config-0.24)
 # 
 # Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 # PKG_PROG_PKG_CONFIG([MIN-VERSION])
 # ----------------------------------
 AC_DEFUN([PKG_PROG_PKG_CONFIG],
 [m4_pattern_forbid([^_?PKG_[A-Z_]+$])
 m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
 m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
 AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
 AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
 AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
 if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
 	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
 fi
 if test -n "$PKG_CONFIG"; then
 	_pkg_min_version=m4_default([$1], [0.9.0])
 	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
 	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
 		AC_MSG_RESULT([yes])
 	else
 		AC_MSG_RESULT([no])
 		PKG_CONFIG=""
 	fi
 fi[]dnl
 ])# PKG_PROG_PKG_CONFIG
 # PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
 #
 # Check to see whether a particular set of modules exists.  Similar
 # to PKG_CHECK_MODULES(), but does not set variables or print errors.
 #
 # Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
 # only at the first occurence in configure.ac, so if the first place
 # it's called might be skipped (such as if it is within an "if", you
 # have to call PKG_CHECK_EXISTS manually
 # --------------------------------------------------------------
 AC_DEFUN([PKG_CHECK_EXISTS],
 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
 if test -n "$PKG_CONFIG" && \
    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
  m4_default([$2], [:])
 m4_ifvaln([$3], [else
  $3])dnl
 fi])
 # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
 # ---------------------------------------------
 m4_define([_PKG_CONFIG],
 [if test -n "$$1"; then
    pkg_cv_[]$1="$$1"
 elif test -n "$PKG_CONFIG"; then
    PKG_CHECK_EXISTS([$3],
                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
 		      test "x$?" != "x0" && pkg_failed=yes ],
 		     [pkg_failed=yes])
 else
    pkg_failed=untried
 fi[]dnl
 ])# _PKG_CONFIG
 # _PKG_SHORT_ERRORS_SUPPORTED
 # -----------------------------
 AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])
 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
        _pkg_short_errors_supported=yes
 else
        _pkg_short_errors_supported=no
 fi[]dnl
 ])# _PKG_SHORT_ERRORS_SUPPORTED
 # PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
 # [ACTION-IF-NOT-FOUND])
 #
 #
 # Note that if there is a possibility the first call to
 # PKG_CHECK_MODULES might not happen, you should be sure to include an
 # explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
 #
 #
 # --------------------------------------------------------------
 AC_DEFUN([PKG_CHECK_MODULES],
 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
 AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
 AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
 pkg_failed=no
 AC_MSG_CHECKING([for $1])
 _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
 _PKG_CONFIG([$1][_LIBS], [libs], [$2])
 m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
 and $1[]_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.])
 if test $pkg_failed = yes; then
   	AC_MSG_RESULT([no])
        _PKG_SHORT_ERRORS_SUPPORTED
        if test $_pkg_short_errors_supported = yes; then
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
        else 
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
        fi
 	# Put the nasty error message in config.log where it belongs
 	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
 	m4_default([$4], [AC_MSG_ERROR(
 [Package requirements ($2) were not met:
 $$1_PKG_ERRORS
 Consider adjusting the PKG_CONFIG_PATH environment variable if you
 installed software in a non-standard prefix.
 _PKG_TEXT])[]dnl
        ])
 elif test $pkg_failed = untried; then
     	AC_MSG_RESULT([no])
 	m4_default([$4], [AC_MSG_FAILURE(
 [The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full
 path to pkg-config.
 _PKG_TEXT
 To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
        ])
 else
 	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
 	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
        AC_MSG_RESULT([yes])
 	$3
 fi[]dnl
 ])# PKG_CHECK_MODULES
 # PKG_INSTALLDIR(DIRECTORY)
 # -------------------------
 # Substitutes the variable pkgconfigdir as the location where a module
 # should install pkg-config .pc files. By default the directory is
 # $libdir/pkgconfig, but the default can be changed by passing
 # DIRECTORY. The user can override through the --with-pkgconfigdir
 # parameter.
 AC_DEFUN([PKG_INSTALLDIR],
 [m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
 m4_pushdef([pkg_description],
    [pkg-config installation directory @<:@]pkg_default[@:>@])
 AC_ARG_WITH([pkgconfigdir],
    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
    [with_pkgconfigdir=]pkg_default)
 AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
 m4_popdef([pkg_default])
 m4_popdef([pkg_description])
 ]) dnl PKG_INSTALLDIR
 # PKG_NOARCH_INSTALLDIR(DIRECTORY)
 # -------------------------
 # Substitutes the variable noarch_pkgconfigdir as the location where a
 # module should install arch-independent pkg-config .pc files. By
 # default the directory is $datadir/pkgconfig, but the default can be
 # changed by passing DIRECTORY. The user can override through the
 # --with-noarch-pkgconfigdir parameter.
 AC_DEFUN([PKG_NOARCH_INSTALLDIR],
 [m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
 m4_pushdef([pkg_description],
    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
 AC_ARG_WITH([noarch-pkgconfigdir],
    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
    [with_noarch_pkgconfigdir=]pkg_default)
 AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
 m4_popdef([pkg_default])
 m4_popdef([pkg_description])
 ]) dnl PKG_NOARCH_INSTALLDIR
 # PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
 # [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
 # -------------------------------------------
 # Retrieves the value of the pkg-config variable for the given module.
 AC_DEFUN([PKG_CHECK_VAR],
 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
 AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
 _PKG_CONFIG([$1], [variable="][$3]["], [$2])
 AS_VAR_COPY([$1], [pkg_cv_][$1])
 AS_VAR_IF([$1], [""], [$5], [$4])dnl
 ])# PKG_CHECK_VAR
--- a/project-doc/cachedesign.txt
+++ b/project-doc/cachedesign.txt
@ -13,10 +13,10 @@ Recursive Resolver Cache
 Caching is arguably an important feature for most recursive resolvers.
 In this case we are not intending a replacement for the fully
 functional recursive resolvers already available (BIND, Unbound, etc.)
-so we should limit a cache implementation to behaviors important to
+so we shoudl limit a cache implementation to behaviors important to
 proper operation of a recursive resolver.
-DNSSEC validation can potentially trigger more queries than a simple
+DNSSEC validation can potentially triggers more queries than a simple
 request for a A RR so I think it makes sense to cache root and TLD
 data.  Once we have gone that far it isn't much of a reach to cache
 at each layer in the hierarchy (depth will not increase the coding
@ -53,9 +53,9 @@ Local configuration via API or local file (e.g. /etc/getdns.conf, ~/.getdnsrc)
    - max TTL/TTL override (separate for pos/neg cache entries)
    - inclusions (use cache for specified domains) (maybe over-eng)
    - exceptions (avoid ache for specified domains) (maybe over-eng)
-    - persistent vs. transitory cache
+    - persistant vs. transitory cache
- cache data store via Berkely db to allow for persistence
+- cache data store via Berkely db to allow for persistance
 - negative cache TTL derived from SOA
--- a/project-doc/freebsd-tests-notes.txt
+++ b/project-doc/freebsd-tests-notes.txt
@ -1,10 +0,0 @@
 pkg update
 pkg upgrade
 pkg install -y gawk unbound valgrind bash check cmake git libyaml libevent libuv
 git clone git@github.com:getdnsapi/getdns.git
 cd getdns/
 git checkout remotes/origin/release/1.6.0-beta.1
 mkdir test
 cd test/
 ../src/test/tpkg/run-all.sh
--- a/project-doc/getdns_query-deamon-behaviour.ods
+++ b/project-doc/getdns_query-deamon-behaviour.ods
--- a/project-doc/getdns_query-deamon-behaviour.pdf
+++ b/project-doc/getdns_query-deamon-behaviour.pdf
--- a/project-doc/makedist.sh
+++ b/project-doc/makedist.sh
@ -1,21 +0,0 @@
 #!/bin/bash
 [ ! -f git-archive-all.sh ] && wget "https://raw.githubusercontent.com/meitar/git-archive-all.sh/master/git-archive-all.sh"
 [ ! -x git-archive-all.sh ] && chmod +x git-archive-all.sh
 [ ! -f git-archive-all.sh ] && exit 1
 GIT_ARCHIVE="`pwd`/git-archive-all.sh"
 git submodule update --init
 GIT_ROOT=`git rev-parse --show-toplevel`
 version=`awk '/^set\(PACKAGE_VERSION/{V=$2}
              /^set\(RELEASE_CANDIDATE/{RC=$2}
              END{print V""RC}' "$GIT_ROOT/CMakeLists.txt" | sed 's/[")]//g'`
 output_file="getdns-${version}.tar.gz"
 ( cd "$GIT_ROOT" \
  && "$GIT_ARCHIVE" --prefix "getdns-$version/" --format tar.gz \
                    --worktree-attributes -- - ) > "$output_file"
 openssl md5 "$output_file" > "${output_file}.md5"
 openssl sha1 "$output_file" > "${output_file}.sha1"
 openssl sha256 "$output_file" > "${output_file}.sha256"
 gpg --armor --detach-sig "$output_file"
 [ -f "$output_file" -a -f "${output_file}.md5" -a -f "${output_file}.sha1" -a -f "${output_file}.sha256" -a -f "${output_file}.asc" ] \
 && rm git-archive-all.sh
--- a/project-doc/packages.txt
+++ b/project-doc/packages.txt
@ -1,20 +0,0 @@
 Some notes about packages and maintainers.
 For Homebrew, created and maintained by ilovezfs
 https://github.com/Homebrew/homebrew-core/Formula/getdns.rb
 https://github.com/Homebrew/homebrew-core/Formula/stubby.rb
 For Arch, created and maintained by Bruno Pagani (ArchangeGabriel)
 For OpenWRT, created and maintained by David Mora (iamperson347)
 https://github.com/openwrt/packages/tree/master/libs/getdns
 https://github.com/openwrt/packages/tree/master/net/stubby
 For AstLinux Project, created and maintained by Lonnie Abelbeck (abelbeck)
 https://github.com/astlinux-project/astlinux/tree/master/package/getdns
 For Genode, created and maintained by Emery Hemingway (ehmry)
 https://github.com/genodelabs/genode/blob/master/repos/ports/ports/getdns.port
 For Gentoo, created and maintained by CaseOf (Quentin R.?)
 https://packages.gentoo.org/packages/net-dns/getdns
--- a/project-doc/release-procedure.txt
+++ b/project-doc/release-procedure.txt
@ -1,93 +1,168 @@
-High level release procedure for formal release for the getdns API project.  
+High level release procedure that we follow to make a formal release for the
 getdns API project.  This is a recipe - if you have a better way to do it then
 update this document and share it with us.
-1) Git branching for a release
+- code freeze
-    -- Confirm with core team (preferably via email) that all commits to be included
+    confirm with core team that all commits are in, from this point forward
-    in the release are in the develop branch. Development for the next release can
+    only bug fixes should be committed to the release branch, once the release
-    continue on develop.
+    is cut nothing should be committed to the release branch (make a new release)
    -- Create a release branch. We use the pattern "release/v1.0.0-b3" for naming
    release branches. This branch is used for testing
 	and bug fixing while preparing the release (which can take several days
    if there are un-foreseen issues). Note that from this point forward _only_ 
    bug fixes for this release should be committed to the release branch. 
    -- Once the release is published there should be no further commits on that
       release branch.
-2) Prepare the release
+- create a release branch
-	-- Clone the upstream to a _new_ local  directory. (Do NOT re-use and 
+    in git repository named for the release, e.g. "v0.1.2"
-	existing working copy as this can lead to issues).
+    we do this because folks may want to continue to work in the master branch
    and be free to commit changes without injuring the release process.  Since
    building and testing binaries for a release takes a few days we don't want to
    force changes to queue up.
-    # git clone -b v1.0.0-b3 https://github.com/getdnsapi/getdns.git getdns-1.0.0-b3
+    One might argue that a release can be cut more quickly, however there are 
    inevitably little tweaks that need to be made that get uncovered as a result
    of the binary builds - these tweaks need to be included in the souces for
    this release so building the source tarball can't be done until all of the
    binaries have been built and tested.
-    -- Update several files to reflect release number/date
+- clone repo release branch to a clean local repo
    this should be a brand spanking new directory - don't try to shortcut it and
    use a working directory with lots of cruft - crap will find its way into the
    release and embarass you:
    # git clone -b v0.1.2 https://github.com/getdnsapi/getdns.git getdns-0.1.2
 - update files to reflect release number/date
    ./README.md
    ./ChangeLog 
-	    ./configure.ac 
+    ./configure.ac (AC_INIT)
-	      - Check and change the values for:
+    ./src/Makefile.in (-version-info, follow libtool guidelines)
 	        - AC_INIT
 	        - RELEASE_CANDIDATE
 	        - GETDNS_NUMERIC_VERSION
 		- API_VERSION and API_NUMERUC_VERSION
 		- read the section "Library version" and update GETDNS_LIBVERSION carefully!
-	    # autoreconf -fi
+    # make clean
    # autoreconf
-	    Commit these changes to the release branch
+    commit these changes to the release branch
    # git commit -a -m "release number and date updates"
    # git push
-3) Test
+- prepare to build binaries for each target platform
-	The unit and tpkg tests should be run on all the supported platforms.  They must all
+  you need to remove libs and headers that might be lingering from previous builds
-	be able to fulfil all requirements. So they must have libidn, libev, libuv, libevent,
+  to avoid accidentally including the wrong headers or linking the wrong libs
 	latest libunbound, latest openssl (at least 1.0.2) latest clang compiler
 	(for static analysis), latest valgrind.  The tests can be run using:
-	# ${GETDNS_SRCDIR}/src/test/tpkg/run-all.sh
+    - create clean local repo
-	and evaluating the results.
+- build source distribution tar
 4) Build and sign source distribution tarball
    # rm -fr *
    # git reset --hard
    # git submodule update --init
    # autoreconf -fi
    # libtoolize -ci
    # ./configure
-    # make pub
+    # make dist
    # openssl sha1 getdns-0.1.2.tar.gz > getdns-0.1.2.tar.gz.sha1
    # openssl md5 getdns-0.1.2.tar.gz > getdns-0.1.2.tar.gz.md5
    # gpg --armor --detach-sig --default-key gwiley@verisign.com getdns-0.1.2.tar.gz
-    The resulting tarball must be built, installed and tested on all the supported
+    - test the resulting tar by building it and running the regression tests
 	platforms. Be sure to use a user that was NOT used for the build, this will uncover 
    any issues related to absolute paths in the build
-5) Fix any problems
+- build CentOS binary
-	-- If a build breaks or an install fails then commit fixes to the release branch.
+    # tar -xzvf getdns-0.1.2.tar.gz
-	Then re-run steps 3 and 4 for all supported platforms using the new code.
+    # cd getdns-0.1.2
    # ./configure --with-libevent --prefix=$HOME/build
    # make
    # make install
    # cd ~/build
    - fix the libdir path in the *.la files to point to /usr/local/lib
    - fix the dependency_libs entry in the *.la files to point to /usr/local/lib
    # fpm -x "*.la" -a native -s dir --rpm-sign -t rpm -n getdns -v 0.1.2 -d "unbound" -d "ldns" -d "libevent" -d "libidn" --prefix /usr/local --vendor "Verisign Inc., NLnet Labs" --license "BSD New" --url "http://www.getdnsapi.net" --description "Modern asynchronous API to the DNS" .
        - make sure your signing key is in the keyring on the build machine
        - contents of ~/.rpmmacros
            %_signature gpg
            %_gpg_path /root/.gnupg
            %_gpg_name A6B73532
            %_gpgbin /usr/bin/gpg
-6) Merge branch changes back into master/develop
+    - name the rpm and checksum files something like this:
-	-- If this is a production release - then the release branch must be merged into master
+      getdns-0.1.3-1.CentOS_6_5.x86_64.rpm
-	Sign the merge tag if possible. 
+      getdns-0.1.3-1.CentOS_6_5.x86_64.rpm.sha1
-	-- Now the release is ready, all the relevant commits on the release branch
+      getdns-0.1.3-1.CentOS_6_5.x86_64.rpm.md5
-	should also be merged back into develop. 
+    - check the signature
    - install
    - test
-7) Create the tarball
+- build OSX binary disk image
    - build code (no additional libraries, note that regression tests will not build)
      if you are building a simple binary tar then something like this works
      # ./configure --prefix=/Users/gwiley/getdnsox/export
      # make
      # make install
      # tar -C /Users/gwiley/getdnsosx/export -cvf getdns-0.1.2.tar *
    - build code (with libevent)
      # ./configure --with-libevent2
    - run regression tests and verify that alls well
    if you have do do anything even mildly interesting to get the build or install to
    work then we either have to add it to the README.md or, preferably, fix it
    and update the branch
    Be careful about tool sets loaded on your build hosts.  You may have 'solved' 
    problems while you are working that mask issues with the build for more typical
    users - this is why we want to build on hosts that are representative of
    our users.
 - install on each target platform
    - make sure and use a user that was NOT used for the build, this will uncover 
      any silliness related to absolute paths in the build
 - if a build breaks or an install fails then commit fixes to the relase branch
  - rebuild EVERY binary using the changed release branch
 - merge branch changes back into master
 - once all binaries are built and tested clean, create source tar ball
  and the actual package for each platform
  you may need to run this as root to permit the chown
  # make clean
-	# make pub
+  # make dist
-	This generates getdns-1.0.0-b3.tar.gz + checksums + signatures.
+  generates getdns-0.1.2.tar.gz
-8) Upload source tarball and checksums and signatures to the getdnsapi.net site
+- sign each binary/source tar using one or more developers keys
    - make sure that the keys you use to sign the release are also up to date 
      on the getdnsapi.net site
-  	# scp getdns-1.0.0-b3.tar.gz* getdnsapi.net:/usr/local/www/apache24/data/dist
+- generate checksums for each binary/source tar
-9) Create and push signed tags to github
+- upload source and binaries to the getdnsapi.net site
-  	# git -s v1.0.0-b3
+- create a release in the github repository
-  	# git push --tags
+    - from the main repo choose 'releases'
    - choose 'Draft a new release'
    - use tag v0.x.y to match the branch being released
    - for a release name use v0.x.y
    - for description cut/paste the ChangeLog entry
    - check the 'pre-release' checkbox (unless this is a production release)
-10) Update getdnsapi.net web site 
+- update getdnsapi.net web site 
-	- Create an entry the the 'Checksum' page using the content of ChangeLog
+    - push binaries to getdnsapi.net 
-	- Create a new 'News' entry
+        /usr/local/www/apache24/data/dist
    - news entry for the release
        /usr/local/www/apache24/data/news.html
    -  download links and checksums
        /usr/local/www/apache24/data/frontpage.html
    - rebuild website
        # ./build.sh
-11) Announce the release to the lists (make sure to sign the emails)
+- announce message to
-    users@getdnsapi.net, spec@getdnsapi.net and maintainers@nlnetlabs.nl
+    getdns mailing list
    stub-resolvers mailing list
    Verisign internal via the matrix
 - update the 
 List of Build Targets
 ---------------------
 The naming conventions for each of these build products are specific to the
 platform they target.  The result is that the naming seems a little inconsistent,
 however I felt that it is best to follow naming standards for the platform rather
 than try to impose a project specific standard across platforms.
 - source tar: getdns-0.1.2.tar.gz
 - OSX binary package: getdns-0.1.2-OSX_10_8.dmg
 - RHEL/CentOS: getdns-0.1.0-1.CentOS_6_5.x86_64.rpm
 - Debian/Ubuntu:
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@ -0,0 +1,164 @@
 #
 # @configure_input@
 #
 # Copyright (c) 2013, Verisign, Inc., NLNet Labs
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
 # * Redistributions of source code must retain the above copyright
 # notice, this list of conditions and the following disclaimer.
 # * Redistributions in binary form must reproduce the above copyright
 #   notice, this list of conditions and the following disclaimer in the
 #   documentation and/or other materials provided with the distribution.
 # * Neither the names of the copyright holders nor the
 #   names of its contributors may be used to endorse or promote products
 #   derived from this software without specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 package = @PACKAGE_NAME@
 version = @PACKAGE_VERSION@
 tarname = @PACKAGE_TARNAME@
 distdir = $(tarname)-$(version)
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 bindir = @bindir@
 LIBTOOL = ../../libtool
 srcdir = @srcdir@
 EXTENSION_LIBEVENT_EXT_LIBS=@EXTENSION_LIBEVENT_EXT_LIBS@
 EXTENSION_LIBEVENT_LDFLAGS=@EXTENSION_LIBEVENT_LDFLAGS@
 EXTENSION_LIBEVENT_LIB=../../src/libgetdns_ext_event.la
 CC=@CC@
 CFLAGS=-I$(srcdir) -I$(srcdir)/../../src -I../../src @CFLAGS@
 LDFLAGS=@LDFLAGS@ -L../../src
 LDLIBS=../../src/libgetdns.la @LIBS@
 OBJS=example-all-functions.lo example-simple-answers.lo example-tree.lo example-synchronous.lo example-reverse.lo
 PROGRAMS=example-all-functions example-synchronous example-simple-answers example-tree example-reverse
 .SUFFIXES: .c .o .a .lo .h
 .c.o:
 	$(CC) $(CFLAGS) -c $< -o $@
 .c.lo:
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
 default: all
 example: all
 all: $(PROGRAMS)
 $(OBJS):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@
 example-all-functions: example-all-functions.lo
 	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ example-all-functions.lo
 example-synchronous: example-synchronous.lo
 	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ example-synchronous.lo
 $(EXTENSION_LIBEVENT_LIB):
 	@echo "***"
 	@echo "*** Three examples from the specification need libevent."
 	@echo "*** libevent was not found or usable at configure time."
 	@echo "*** To compile and run all examples from the spec, make sure"
 	@echo "*** libevent is available and usable during configuration."
 	@echo "***"
 	@false
 example-simple-answers:	example-simple-answers.lo $(EXTENSION_LIBEVENT_LIB)
 	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-simple-answers.lo
 example-tree: example-tree.lo $(EXTENSION_LIBEVENT_LIB)
 	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-tree.lo
 example-reverse: example-reverse.lo $(EXTENSION_LIBEVENT_LIB)
 	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-reverse.lo
 clean:
 	rm -f *.o *.lo $(PROGRAMS)
 	rm -rf .libs
 distclean : clean
 	rm -f Makefile config.status config.log
 	rm -Rf autom4te.cache
 $(distdir): FORCE
 	mkdir -p $(distdir)/src
 	cp configure.ac $(distdir)
 	cp configure $(distdir)
 	cp Makefile.in $(distdir)
 	cp src/Makefile.in $(distdir)/src
 distcheck: $(distdir).tar.gz
 	gzip -cd $(distdir).tar.gz | tar xvf -
 	cd $(distdir) && ./configure
 	cd $(distdir) && $(MAKE) all
 	cd $(distdir) && $(MAKE) check
 	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst install
 	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst uninstall
 	@remaining="`find $${PWD}/$(distdir)/_inst -type f | wc -l`"; \
 	if test "$${remaining}" -ne 0; then
 	  echo "@@@ $${remaining} file(s) remaining in stage directory!"; \
 	  exit 1; \
 	fi
 	cd $(distdir) && $(MAKE) clean
 	rm -rf $(distdir)
 	@echo "*** Package $(distdir).tar.gz is ready for distribution"
 Makefile: $(srcdir)/Makefile.in ../../config.status
 	cd ../.. && ./config.status spec/example/Makefile
 configure.status: configure
 	cd ../.. && ./config.status --recheck
 .PHONY: clean
 depend:
 	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
 	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I../../src -I"$$blddir"/../../src *.c | \
 		sed -e "s? $$blddir/? ?g" \
 		    -e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
 		    -e 's? \$$(srcdir)/\.\./\.\./src/config\.h? ../../src/config.h?g' \
 		    -e 's? $$(srcdir)/\.\./\.\./src/getdns/getdns_extra\.h? ../../src/getdns/getdns_extra.h?g' \
 		    -e 's? \.\./\.\./src/getdns/getdns_ext_libevent\.h? $$(srcdir)/../../src/getdns/getdns_ext_libevent.h?g' \
 		    -e 's? \.\./\.\./src/getdns/getdns_ext_libev\.h? $$(srcdir)/../../src/getdns/getdns_ext_libev.h?g' \
 		    -e 's? \.\./\.\./src/getdns/getdns_ext_libuv\.h? $$(srcdir)/../../src/getdns/getdns_ext_libuv.h?g' \
 		    -e 's? \.\./\.\./src/debug\.h? $$(srcdir)/../../src/debug.h?g' \
 		    -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' >> Makefile.in.new )
 	(cd $(srcdir) ; diff Makefile.in.new Makefile.in && rm Makefile.in.new \
 	                                                 || mv Makefile.in.new Makefile.in )
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
 ../../src/config.h ../../src/getdns/getdns.h \
 $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
 example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
 ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
 ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
 ../../src/config.h ../../src/getdns/getdns.h \
 $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
 ../../src/getdns/getdns.h
 example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
 ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
 ../../src/getdns/getdns_extra.h
--- a/spec/example/example-reverse.c
+++ b/spec/example/example-reverse.c
@ -31,7 +31,7 @@ void callback(getdns_context        *context,
 	assert( callback_type == GETDNS_CALLBACK_COMPLETE );
 	if ((r = getdns_dict_get_list(response, "/replies_tree/0/answer", &answer)))
-		fprintf(stderr, "Could not get \"answer\" section from first reply in the response");
+		fprintf(stderr, "Could not get \"answer\" section from first reply in the reponse");
 	else if ((r = getdns_list_get_length(answer, &n_answers)))
 		fprintf(stderr, "Could not get replies_tree\'s length");
--- a/spec/example/example-simple-answers.c
+++ b/spec/example/example-simple-answers.c
@ -35,7 +35,7 @@ void callback(getdns_context        *context,
 	assert( callback_type == GETDNS_CALLBACK_COMPLETE );
 	if ((r = getdns_dict_get_int(response, "status", &status)))
-		fprintf(stderr, "Could not get \"status\" from response");
+		fprintf(stderr, "Could not get \"status\" from reponse");
 	else if (status != GETDNS_RESPSTATUS_GOOD)
 		fprintf(stderr, "The search had no results, and a return value of %"PRIu32".\n", status);
--- a/spec/example/example-tree.c
+++ b/spec/example/example-tree.c
@ -31,7 +31,7 @@ void callback(getdns_context        *context,
 	assert( callback_type == GETDNS_CALLBACK_COMPLETE );
 	if ((r = getdns_dict_get_list(response, "replies_tree", &replies_tree)))
-		fprintf(stderr, "Could not get \"replies_tree\" from response");
+		fprintf(stderr, "Could not get \"replies_tree\" from reponse");
 	else if ((r = getdns_list_get_length(replies_tree, &n_replies)))
 		fprintf(stderr, "Could not get replies_tree\'s length");
--- a/spec/index.html
+++ b/spec/index.html
@ -173,7 +173,7 @@ extensions. See <a href="#Extensions">the section below</a> for information on h
 the extensions used for a request.</p>
 <p class=define><code><b>*userarg</b></code></p>
-<p class=descrip>A void* that is passed to the function, which the function
+<p class=descrip>A void* that is passed to the function, which the funciton
 returns to the callback function untouched. <code>userarg</code> can be used by the callback
 function for any user-specific data needed. This can be NULL.</p>
@ -875,7 +875,7 @@ names:</p>
 <li><code>query_name</code> (a bindata) is the name that was sent</li>
 <li><code>query_type</code> (an int) is the type that was queried for</li>
 <li><code>query_to</code> (a bindata) is the address to which the query was sent</li>
-<li><code>run_time/ms</code> (a bindata) is the difference between the time the successful
+<li><code>run_time</code> (a bindata) is the difference between the time the successful
 query started and ended in milliseconds, represented
 as a uint32_t (this does not include time taken for connection set up
 or transport fallback)</li>
@ -1507,7 +1507,7 @@ function.</p>
    <span class="n">assert</span><span class="p">(</span> <span class="n">callback_type</span> <span class="o">==</span> <span class="n">GETDNS_CALLBACK_COMPLETE</span> <span class="p">);</span>
    <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_dict_get_int</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="s">&quot;status&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">status</span><span class="p">)))</span>
-        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">status</span><span class="se">\&quot;</span><span class="s"> from response&quot;</span><span class="p">);</span>
+        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">status</span><span class="se">\&quot;</span><span class="s"> from reponse&quot;</span><span class="p">);</span>
    <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">GETDNS_RESPSTATUS_GOOD</span><span class="p">)</span>
        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;The search had no results, and a return value of %&quot;</span><span class="n">PRIu32</span><span class="s">&quot;.</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span> <span class="n">status</span><span class="p">);</span>
@ -1622,7 +1622,7 @@ their TTLs.</p>
    <span class="n">assert</span><span class="p">(</span> <span class="n">callback_type</span> <span class="o">==</span> <span class="n">GETDNS_CALLBACK_COMPLETE</span> <span class="p">);</span>
    <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_dict_get_list</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="s">&quot;replies_tree&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">replies_tree</span><span class="p">)))</span>
-        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">replies_tree</span><span class="se">\&quot;</span><span class="s"> from response&quot;</span><span class="p">);</span>
+        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">replies_tree</span><span class="se">\&quot;</span><span class="s"> from reponse&quot;</span><span class="p">);</span>
    <span class="k">else</span> <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_list_get_length</span><span class="p">(</span><span class="n">replies_tree</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">n_replies</span><span class="p">)))</span>
        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get replies_tree</span><span class="se">\&#39;</span><span class="s">s length&quot;</span><span class="p">);</span>
@ -1854,7 +1854,7 @@ as it is for the synchronous example, it is just done in <code>main()</code>.</p
    <span class="n">assert</span><span class="p">(</span> <span class="n">callback_type</span> <span class="o">==</span> <span class="n">GETDNS_CALLBACK_COMPLETE</span> <span class="p">);</span>
    <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_dict_get_list</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="s">&quot;/replies_tree/0/answer&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">answer</span><span class="p">)))</span>
-        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">answer</span><span class="se">\&quot;</span><span class="s"> section from first reply in the response&quot;</span><span class="p">);</span>
+        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">answer</span><span class="se">\&quot;</span><span class="s"> section from first reply in the reponse&quot;</span><span class="p">);</span>
    <span class="k">else</span> <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_list_get_length</span><span class="p">(</span><span class="n">answer</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">n_answers</span><span class="p">)))</span>
        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get replies_tree</span><span class="se">\&#39;</span><span class="s">s length&quot;</span><span class="p">);</span>
--- a/src/Doxyfile.in
+++ b/src/Doxyfile.in
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -0,0 +1,338 @@
 #
 # @configure_input@
 #
 # Copyright (c) 2013, Verisign, Inc., NLnet Labs
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
 # * Redistributions of source code must retain the above copyright
 # notice, this list of conditions and the following disclaimer.
 # * Redistributions in binary form must reproduce the above copyright
 #   notice, this list of conditions and the following disclaimer in the
 #   documentation and/or other materials provided with the distribution.
 # * Neither the names of the copyright holders nor the
 #   names of its contributors may be used to endorse or promote products
 #   derived from this software without specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 package = @PACKAGE_NAME@
 version = @PACKAGE_VERSION@
 tarname = @PACKAGE_TARNAME@
 distdir = $(tarname)-$(version)
 libversion = @GETDNS_LIBVERSION@
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 bindir = @bindir@
 libdir = @libdir@
 includedir = @includedir@
 have_libevent = @have_libevent@
 have_libuv = @have_libuv@
 have_libev = @have_libev@
 # datarootdir is here to please some checkers
 datarootdir=@datarootdir@
 INSTALL = @INSTALL@
 srcdir = @srcdir@
 LIBTOOL = ../libtool
 CC=@CC@
 CFLAGS=-I$(srcdir) -I. @CFLAGS@ @CPPFLAGS@
 LDFLAGS=@LDFLAGS@ @LIBS@
 EXTENSION_LIBEVENT_LIB=@EXTENSION_LIBEVENT_LIB@
 EXTENSION_LIBEVENT_EXT_LIBS=@EXTENSION_LIBEVENT_EXT_LIBS@
 EXTENSION_LIBEVENT_LDFLAGS=@EXTENSION_LIBEVENT_LDFLAGS@
 EXTENSION_LIBEV_LIB=@EXTENSION_LIBEV_LIB@
 EXTENSION_LIBEV_EXT_LIBS=@EXTENSION_LIBEV_EXT_LIBS@
 EXTENSION_LIBEV_LDFLAGS=@EXTENSION_LIBEV_LDFLAGS@
 EXTENSION_LIBUV_LIB=@EXTENSION_LIBUV_LIB@
 EXTENSION_LIBUV_EXT_LIBS=@EXTENSION_LIBUV_EXT_LIBS@
 EXTENSION_LIBUV_LDFLAGS=@EXTENSION_LIBUV_LDFLAGS@
 C99COMPATFLAGS=@C99COMPATFLAGS@
 GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
 	list.lo request-internal.lo pubkey-pinning.lo rr-dict.lo \
 	rr-iter.lo stub.lo sync.lo util-internal.lo
 GLDNS_OBJ=keyraw.lo gbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
 	str2wire.lo
 LIBOBJDIR=
 LIBOBJS=@LIBOBJS@
 COMPAT_OBJ=$(LIBOBJS:.o=.lo)
 UTIL_OBJ=mini_event.lo winsock_event.lo rbtree.lo val_secalgo.lo
 EXTENSION_OBJ=libmini_event.lo libevent.lo libev.lo
 NON_C99_OBJS=context.lo libuv.lo
 .SUFFIXES: .c .o .a .lo .h
 .c.o:
 	$(CC) $(CFLAGS) -c $< -o $@
 .c.lo:
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
 default: all
 all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB)
 $(GETDNS_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@
 $(GLDNS_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/gldns/$(@:.lo=.c) -o $@
 $(COMPAT_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/compat/$(@:.lo=.c) -o $@
 $(UTIL_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/util/$(@:.lo=.c) -o $@
 $(EXTENSION_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
 context.lo:
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(C99COMPATFLAGS) -c $(srcdir)/context.c -o context.lo
 libuv.lo:
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo
 install:	libgetdns.la
 	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/getdns
 	$(INSTALL) -m 644 getdns/getdns.h $(DESTDIR)$(includedir)/getdns/getdns.h
 	$(INSTALL) -m 644 getdns/getdns_extra.h $(DESTDIR)$(includedir)/getdns/getdns_extra.h
 	$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
 	$(LIBTOOL) --mode=install cp libgetdns.la $(DESTDIR)$(libdir)
 	if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
 	if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
 	if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
 	$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
 uninstall:
 	rm -rf $(DESTDIR)$(includedir)/getdns
 	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
 	if test $(have_libevent) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEVENT_LIB) ; fi
 	if test $(have_libuv) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBUV_LIB) ; fi
 	if test $(have_libev) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEV_LIB) ; fi
 libgetdns_ext_event.la: libgetdns.la libevent.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
 libgetdns_ext_uv.la: libgetdns.la libuv.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ libuv.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBUV_LDFLAGS) $(EXTENSION_LIBUV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libuv.symbols
 libgetdns_ext_ev.la: libgetdns.la libev.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
 libgetdns.la: $(GETDNS_OBJ) version.lo context.lo libmini_event.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ)
 	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ $(GETDNS_OBJ) version.lo context.lo libmini_event.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
 test:	all
 	cd test && $(MAKE) $@
 getdns_query:	all
 	cd test && $(MAKE) $@
 scratchpad:	all
 	cd test && $(MAKE) $@
 pad: scratchpad
 clean:
 	cd test && $(MAKE) $@
 	rm -f *.o *.lo extension/*.lo extension/*.o $(PROGRAMS) libgetdns.la libgetdns_ext_*.la
 	rm -rf .libs extension/.libs
 distclean : clean
 	cd test && $(MAKE) $@
 	rmdir test 2>/dev/null || true
 	rm -f Makefile config.status config.log Doxyfile config.h version.c getdns/Makefile getdns/getdns.h getdns/getdns_extra.h
 	rmdir getdns 2>/dev/null || true
 	rmdir extension 2>/dev/null || true
 	rm -Rf autom4te.cache
 $(distdir): FORCE
 	mkdir -p $(distdir)/src
 	cp configure.ac $(distdir)
 	cp configure $(distdir)
 	cp Makefile.in $(distdir)
 	cp src/Makefile.in $(distdir)/src
 distcheck: $(distdir).tar.gz
 	gzip -cd $(distdir).tar.gz | tar xvf -
 	cd $(distdir) && ./configure
 	cd $(distdir) && $(MAKE) all
 	cd $(distdir) && $(MAKE) check
 	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst install
 	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst uninstall
 	@remaining="`find $${PWD}/$(distdir)/_inst -type f | wc -l`"; \
 	if test "$${remaining}" -ne 0; then
 	  echo "@@@ $${remaining} file(s) remaining in stage directory!"; \
 	  exit 1; \
 	fi
 	cd $(distdir) && $(MAKE) clean
 	rm -rf $(distdir)
 	@echo "*** Package $(distdir).tar.gz is ready for distribution"
 Makefile: $(srcdir)/Makefile.in ../config.status
 	cd .. && ./config.status src/Makefile
 configure.status: configure
 	cd .. && ./config.status --recheck
 depend:
 	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
 	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" *.c gldns/*.c compat/*.c util/*.c extension/*.c| \
 		sed -e "s? $$blddir/? ?g" \
 		    -e 's?gldns/?$$(srcdir)/gldns/?g' \
 		    -e 's?compat/?$$(srcdir)/compat/?g' \
 		    -e 's?util/?$$(srcdir)/util/?g' \
 		    -e 's?extension/?$$(srcdir)/extension/?g' \
 		    -e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
 		    -e 's? \$$(srcdir)/config\.h? config.h?g' \
 		    -e 's? \$$(srcdir)/getdns/getdns_extra\.h? getdns/getdns_extra.h?g' \
 		    -e 's? \$$(srcdir)/version\.c? version.c?g' \
 		    -e 's? getdns/getdns_ext_libevent\.h? $$(srcdir)/getdns/getdns_ext_libevent.h?g' \
 		    -e 's? getdns/getdns_ext_libev\.h? $$(srcdir)/getdns/getdns_ext_libev.h?g' \
 		    -e 's? getdns/getdns_ext_libuv\.h? $$(srcdir)/getdns/getdns_ext_libuv.h?g' \
 		    -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' >> Makefile.in.new )
 	(cd $(srcdir) ; diff Makefile.in.new Makefile.in && rm Makefile.in.new \
 	                                                 || mv Makefile.in.new Makefile.in )
 	cd test && $(MAKE) $@
 .PHONY: clean test
 FORCE:
 # Dependencies for gldns, utils, the extensions and compat functions
 const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
 getdns/getdns.h $(srcdir)/const-info.h
 context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
 $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
 getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/libmini_event.h \
 config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h \
 $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
 $(srcdir)/dnssec.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
 convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
 getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
 $(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
 $(srcdir)/types-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
 $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/convert.h
 dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
 getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
 $(srcdir)/context.h $(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h \
 $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
 $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h
 dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
 getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
 $(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
 $(srcdir)/types-internal.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
 $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
 $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
 $(srcdir)/util/val_secalgo.h
 general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h \
 getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
 $(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
 $(srcdir)/types-internal.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
 $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/stub.h $(srcdir)/general.h
 list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
 getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h config.h $(srcdir)/context.h \
 $(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
 $(srcdir)/types-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
 $(srcdir)/list.h $(srcdir)/dict.h
 pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
 $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
 $(srcdir)/util/rbtree.h $(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h \
 $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h
 request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
 getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
 $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/libmini_event.h config.h \
 $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
 $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
 $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/debug.h
 rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
 $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
 $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/libmini_event.h config.h \
 $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h $(srcdir)/rr-iter.h \
 $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
 rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h getdns/getdns.h $(srcdir)/rr-dict.h config.h \
 $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
 stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
 getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h \
 $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
 $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/libmini_event.h \
 config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h \
 $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
 sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
 getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/libmini_event.h \
 config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h $(srcdir)/general.h \
 $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
 $(srcdir)/dnssec.h $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
 util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
 $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h getdns/getdns_extra.h getdns/getdns.h \
 $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/libmini_event.h config.h \
 $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
 $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h
 version.lo version.o: version.c
 gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c config.h $(srcdir)/gldns/gbuffer.h
 keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c config.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
 parse.lo parse.o: $(srcdir)/gldns/parse.c config.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h \
 $(srcdir)/gldns/gbuffer.h
 parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c config.h $(srcdir)/gldns/parseutil.h
 rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
 str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c config.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
 $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
 wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
 $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h \
 $(srcdir)/gldns/keyraw.h
 arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h
 arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
 arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
 explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
 getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
 getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
 getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
 inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
 inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
 sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
 strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
 mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
 $(srcdir)/util/fptr_wlist.h
 rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/debug.h config.h \
 $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h \
 $(srcdir)/debug.h config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/gbuffer.h
 winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h
 libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
 getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
 $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns_extra.h
 libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-internal.h \
 getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
 $(srcdir)/getdns/getdns_ext_libevent.h getdns/getdns_extra.h
 libmini_event.lo libmini_event.o: $(srcdir)/extension/libmini_event.c config.h $(srcdir)/debug.h config.h \
 $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h \
 $(srcdir)/util/rbtree.h $(srcdir)/extension/libmini_event.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
 libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
 getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
 $(srcdir)/getdns/getdns_ext_libuv.h getdns/getdns_extra.h
--- a/src/anchor.c
+++ b/src/anchor.c
--- a/src/anchor.h
+++ b/src/anchor.h
@ -1,83 +0,0 @@
 /**
 *
 * /brief functions for DNSSEC trust anchor management
 *
 */
 /*
 * Copyright (c) 2017, NLnet Labs
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * * Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 * * Neither the names of the copyright holders nor the
 *   names of its contributors may be used to endorse or promote products
 *   derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #ifndef ANCHOR_H_
 #define ANCHOR_H_
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
 #include <time.h>
 #include "rr-iter.h"
 #include "types-internal.h"
 /**
 ** Internal functions, implemented in anchor-internal.c.
 **/
 void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);
 uint8_t *_getdns_tas_validate(struct mem_funcs *mf,
    const getdns_bindata *xml_bd, const getdns_bindata *p7s_bd,
    const getdns_bindata *crt_bd, const char *p7signer,
                      uint64_t *now_ms, uint8_t *tas, size_t *tas_len);
 /**
 ** anchor.c functions used by anchor-internal.c.
 **/
 time_t _getdns_xml_convertdate(const char* str);
 uint16_t _getdns_parse_xml_trust_anchors_buf(gldns_buffer *gbuf, uint64_t *now_ms, char *xml_data, size_t xml_len);
 /**
 ** Public interface.
 **/
 void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);
 void _getdns_start_fetching_ta(
    getdns_context *context, getdns_eventloop *loop, uint64_t *now_ms);
 #define MAX_KSKS        16
 #define RRSIG_RDATA_LEN 16
 typedef struct _getdns_ksks {
 	size_t   n;
 	uint16_t ids[MAX_KSKS];
 	size_t   n_rrsigs;
 	uint8_t  rrsigs[MAX_KSKS][RRSIG_RDATA_LEN];
 } _getdns_ksks;
 void _getdns_context_update_root_ksk(
    getdns_context *context, _getdns_rrset *dnskey_set);
 #endif
 /* anchor.h */
--- a/src/compat/arc4_lock.c
+++ b/src/compat/arc4_lock.c
@ -34,79 +34,6 @@
 #include "config.h"
 #define LOCKRET(func) func
 #ifdef HAVE_PTHREAD
 #include "pthread.h"
 static pthread_mutex_t arc_lock = PTHREAD_MUTEX_INITIALIZER;
 void _ARC4_LOCK(void)
 {
    pthread_mutex_lock(&arc_lock);
 }
 void _ARC4_UNLOCK(void)
 {
    pthread_mutex_unlock(&arc_lock);
 }
 #elif defined(GETDNS_ON_WINDOWS)
 /*
 * There is no explicit arc4random_init call, and thus
 * the critical section must be allocated on the first call to
 * ARC4_LOCK(). The interlocked test is used to verify that
 * the critical section will be allocated only once.
 *
 * The work around is for the main program to call arc4random()
 * at the beginning of execution, before spinning new threads.
 *
 * There is also no explicit arc4random_close call, and thus
 * the critical section is never deleted. It will remain allocated
 * as long as the program runs.
 */
 static CRITICAL_SECTION arc_critical_section;
 static volatile long arc_critical_section_initialized = 0;
 void _ARC4_LOCK(void)
 {
 	long r = InterlockedCompareExchange(&arc_critical_section_initialized, 1, 0);
 	if (r != 2)
 	{
 		if (r == 0)
 		{
 			InitializeCriticalSection(&arc_critical_section);
 			arc_critical_section_initialized = 2;
 		}
 		else if (r == 1)
 		{
 			/*
 			* If the critical section is initialized, the first test
 			* will return the value 2.
 			*
 			* If several threads try to initialize the arc4random
 			* state "at the same time", the first one will find
 			* the "initialized" variable at 0, the other ones at 1.
 			*
 			* Since this is a fairly rare event, we resolve it with a
 			* simple active wait loop.
 			*/
 			while (arc_critical_section_initialized != 2)
 			{
 				Sleep(1);
 			}
 		}
 	}
 	EnterCriticalSection(&arc_critical_section);
 }
 void _ARC4_UNLOCK(void)
 {
 	LeaveCriticalSection(&arc_critical_section);
 }
 #else
 /* XXX - add non pthread specific lock routines here */
 void _ARC4_LOCK(void)
 {
 }
@ -114,4 +41,4 @@ void _ARC4_LOCK(void)
 void _ARC4_UNLOCK(void)
 {
 }
-#endif
+
--- a/src/compat/arc4random.c
+++ b/src/compat/arc4random.c
@ -26,20 +26,49 @@
 #include <fcntl.h>
 #include <limits.h>
 #include <signal.h>
 #ifdef HAVE_STDINT_H
 #include <stdint.h>
 #endif
 #include <stdlib.h>
 #include <string.h>
 #ifndef GETDNS_ON_WINDOWS
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/time.h>
 #ifndef GETDNS_ON_WINDOWS
 #include <sys/mman.h>
-#endif
+#else
-#if defined(GETDNS_ON_WINDOWS) && !defined(MAP_INHERIT_ZERO)
+#include <wincrypt.h>
-#define explicit_bzero(rnd, rnd_size) memset(rnd, 0, rnd_size)
+#include <process.h>
 int	getentropy(void *buf, size_t len);
 /*
 * On Windows, CryptGenRandom is supposed to be a well-seeded
 * cryptographically strong random number generator.
 */
 int
 getentropy(void *buf, size_t len)
 {
 	HCRYPTPROV provider;
 	if (len > 256) {
 		errno = EIO;
 		return -1;
 	}
 	if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
 		CRYPT_VERIFYCONTEXT) == 0)
 		goto fail;
 	if (CryptGenRandom(provider, len, buf) == 0) {
 		CryptReleaseContext(provider, 0);
 		goto fail;
 	}
 	CryptReleaseContext(provider, 0);
 	return (0);
 fail:
 	errno = EIO;
 	return (-1);
 }
 #endif
 #define KEYSTREAM_ONLY
@ -51,9 +80,6 @@
 #else				/* !__GNUC__ */
 #define inline
 #endif				/* !__GNUC__ */
 #ifndef MAP_ANON
 #define MAP_ANON MAP_ANONYMOUS
 #endif
 #define KEYSZ	32
 #define IVSZ	8
@ -74,72 +100,6 @@ static struct {
 static inline void _rs_rekey(u_char *dat, size_t datlen);
 /*
 * Basic sanity checking; wish we could do better.
 */
 static int
 fallback_gotdata(char *buf, size_t len)
 {
 	char	any_set = 0;
 	size_t	i;
 	for (i = 0; i < len; ++i)
 		any_set |= buf[i];
 	if (any_set == 0)
 		return -1;
 	return 0;
 }
 /* fallback for getentropy in case libc returns failure */
 static int
 fallback_getentropy_urandom(void *buf, size_t len)
 {
 	size_t i;
 	int fd, flags;
 	int save_errno = errno;
 start:
 	flags = O_RDONLY;
 #ifdef O_NOFOLLOW
 	flags |= O_NOFOLLOW;
 #endif
 #ifdef O_CLOEXEC
 	flags |= O_CLOEXEC;
 #endif
 	fd = open("/dev/urandom", flags, 0);
 	if (fd == -1) {
 		if (errno == EINTR)
 			goto start;
 		goto nodevrandom;
 	}
 #ifndef O_CLOEXEC
 #  ifdef HAVE_FCNTL
 	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
 #  endif
 #endif
 	for (i = 0; i < len; ) {
 		size_t wanted = len - i;
 		ssize_t ret = read(fd, (char*)buf + i, wanted);
 		if (ret == -1) {
 			if (errno == EAGAIN || errno == EINTR)
 				continue;
 			close(fd);
 			goto nodevrandom;
 		}
 		i += ret;
 	}
 	close(fd);
 	if (fallback_gotdata(buf, len) == 0) {
 		errno = save_errno;
 		return 0;		/* satisfied */
 	}
 nodevrandom:
 	errno = EIO;
 	return -1;
 }
 static inline void
 _rs_init(u_char *buf, size_t n)
 {
@ -171,9 +131,6 @@ _rs_init(u_char *buf, size_t n)
 		if(!rsx)
 			abort();
 #endif
 		/* Pleast older clang scan-build */
 		if (!buf)
 			buf = rsx->rs_buf;
 	}
 	chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
@ -186,15 +143,12 @@ _rs_stir(void)
 	u_char rnd[KEYSZ + IVSZ];
 	if (getentropy(rnd, sizeof rnd) == -1) {
 		if(errno != ENOSYS ||
 			fallback_getentropy_urandom(rnd, sizeof rnd) == -1) {
 #ifdef SIGKILL
 		raise(SIGKILL);
 #else
 		exit(9); /* windows */
 #endif
 	}
 	}
 	if (!rs)
 		_rs_init(rnd, sizeof(rnd));
@ -212,7 +166,7 @@ _rs_stir(void)
 static inline void
 _rs_stir_if_needed(size_t len)
 {
-#if !defined(GETDNS_ON_WINDOWS)	&& !defined(MAP_INHERIT_ZERO)
+#ifndef MAP_INHERIT_ZERO
 	static pid_t _rs_pid = 0;
 	pid_t pid = getpid();
--- a/src/compat/explicit_bzero.c
+++ b/src/compat/explicit_bzero.c
@ -6,12 +6,17 @@
 #include "config.h"
 #include <string.h>
 __attribute__((weak)) void
 __explicit_bzero_hook(void *ATTR_UNUSED(buf), size_t ATTR_UNUSED(len))
 {
 }
 void
 explicit_bzero(void *buf, size_t len)
 {
-#ifdef GETDNS_ON_WINDOWS
+#ifdef UB_ON_WINDOWS
 	SecureZeroMemory(buf, len);
 #else
 	memset(buf, 0, len);
 #endif
 	memset(buf, 0, len);
 	__explicit_bzero_hook(buf, len);
 }
--- a/src/compat/getentropy_linux.c
+++ b/src/compat/getentropy_linux.c
@ -16,7 +16,10 @@
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "config.h"
 #ifndef GETDNS_ON_WINDOWS
 /*
 #define	_POSIX_C_SOURCE 199309L
@ -46,12 +49,7 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
 #if defined(HAVE_SSL)
 #include <openssl/sha.h>
 #elif defined(HAVE_NETTLE)
 #include <nettle/sha.h>
 #endif
 #include <linux/types.h>
 #include <linux/random.h>
@ -60,9 +58,6 @@
 #include <sys/auxv.h>
 #endif
 #include <sys/vfs.h>
 #ifndef MAP_ANON
 #define MAP_ANON MAP_ANONYMOUS
 #endif
 #define REPEAT 5
 #define min(a, b) (((a) < (b)) ? (a) : (b))
@ -75,21 +70,9 @@
 			HD(b); \
 	} while (0)
 #if defined(HAVE_SSL)
 #define CRYPTO_SHA512_CTX		SHA512_CTX
 #define CRYPTO_SHA512_INIT(x)		SHA512_Init(x)
 #define CRYPTO_SHA512_FINAL(r, c)	SHA512_Final(r, c)
 #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
 #define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
 #define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
 #elif defined(HAVE_NETTLE)
 #define CRYPTO_SHA512_CTX		struct sha512_ctx
 #define CRYPTO_SHA512_INIT(x)		sha512_init(x)
 #define CRYPTO_SHA512_FINAL(r, c)	sha512_digest(c, SHA512_DIGEST_SIZE, r)
 #define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x)))
 #define HD(x)	 (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x)))
 #define HF(x)    (sha512_update(&ctx, sizeof (void*), (uint8_t *)&(x)))
 #endif
 int	getentropy(void *buf, size_t len);
@ -97,7 +80,7 @@ int	getentropy(void *buf, size_t len);
 extern int main(int, char *argv[]);
 #endif
 static int gotdata(char *buf, size_t len);
-#if defined(SYS_getrandom) && defined(__NR_getrandom)
+#ifdef SYS_getrandom
 static int getentropy_getrandom(void *buf, size_t len);
 #endif
 static int getentropy_urandom(void *buf, size_t len);
@ -116,7 +99,7 @@ getentropy(void *buf, size_t len)
 		return -1;
 	}
-#if defined(SYS_getrandom) && defined(__NR_getrandom)
+#ifdef SYS_getrandom
 	/*
 	 * Try descriptor-less getrandom()
 	 */
@ -142,7 +125,7 @@ getentropy(void *buf, size_t len)
 	 * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
 	 * sysctl is a failsafe API, so it guarantees a result.  This
 	 * should work inside a chroot, or when file descriptors are
-	 * exhausted.
+	 * exhuasted.
 	 *
 	 * However this can fail if the Linux kernel removes support
 	 * for sysctl.  Starting in 2007, there have been efforts to
@ -212,7 +195,7 @@ gotdata(char *buf, size_t len)
 	return 0;
 }
-#if defined(SYS_getrandom) && defined(__NR_getrandom)
+#ifdef SYS_getrandom
 static int
 getentropy_getrandom(void *buf, size_t len)
 {
@ -357,7 +340,7 @@ getentropy_fallback(void *buf, size_t len)
 	struct rusage ru;
 	sigset_t sigset;
 	struct stat st;
-	CRYPTO_SHA512_CTX ctx;
+	SHA512_CTX ctx;
 	static pid_t lastpid;
 	pid_t pid;
 	size_t i, ii, m;
@ -374,7 +357,7 @@ getentropy_fallback(void *buf, size_t len)
 	}
 	for (i = 0; i < len; ) {
 		int j;
-		CRYPTO_SHA512_INIT(&ctx);
+		SHA512_Init(&ctx);
 		for (j = 0; j < repeat; j++) {
 			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
 			if (e != -1) {
@ -546,7 +529,7 @@ getentropy_fallback(void *buf, size_t len)
 #  endif
 #endif /* HAVE_GETAUXVAL */
-		CRYPTO_SHA512_FINAL(results, &ctx);
+		SHA512_Final(results, &ctx);
 		memcpy((char*)buf + i, results, min(sizeof(results), len - i));
 		i += min(sizeof(results), len - i);
 	}
@ -558,3 +541,4 @@ getentropy_fallback(void *buf, size_t len)
 	errno = EIO;
 	return -1;
 }
 #endif 
--- a/src/compat/getentropy_solaris.c
+++ b/src/compat/getentropy_solaris.c
@ -30,9 +30,7 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <stdlib.h>
 #ifdef HAVE_STDINT_H
 #include <stdint.h>
 #endif
 #include <stdio.h>
 #include <termios.h>
 #include <fcntl.h>
@ -41,14 +39,10 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
 #ifdef HAVE_SYS_SHA2_H
 #include <sys/sha2.h>
 #define SHA512_Init SHA512Init
 #define SHA512_Update SHA512Update
 #define SHA512_Final SHA512Final
 #else
 #include "openssl/sha.h"
 #endif
 #include <sys/vfs.h>
 #include <sys/statfs.h>
--- a/src/compat/gettimeofday.c
+++ b/src/compat/gettimeofday.c
@ -1,74 +0,0 @@
 /*
 * Copyright (c) 2016 Christian Huitema <huitema@huitema.net>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 /*
  * Numerous places in the code make reference to the Unix/Linux
  * "gettimeofday()" function, which is not available in the standard
  * windows libraries. This code provides a compatible implementation.
  */
 #include "config.h"
 #ifndef HAVE_GETTIMEOFDAY
 int gettimeofday(struct timeval* tv, void* tz)
 {
 	FILETIME ft;
 	uint64_t now = 0;
 	/*
 	 * The GetSystemTimeAsFileTime API returns  the number
 	 * of 100-nanosecond intervals since January 1, 1601 (UTC),
 	 * in FILETIME format.
 	 */
 	GetSystemTimeAsFileTime(&ft);
 	/*
 	 * Convert to plain 64 bit format, without making
 	 * assumptions about the FILETIME structure alignment.
 	 */
 	now |= ft.dwHighDateTime;
 	now <<= 32;
 	now |= ft.dwLowDateTime;
 	/*
 	 * Convert units from 100ns to 1us
 	 */
 	now /= 10;
 	/*
 	 * Account for microseconds elapsed between 1601 and 1970.
 	 */
 	now -= 11644473600000000ULL;
 	if (tv != NULL)
 	{
 		uint64_t sec = now / 1000000;
 		uint64_t usec = now % 1000000;
 		tv->tv_sec = (long)sec;
 		tv->tv_usec = (long)usec;
 	}
 	if (tz != NULL)
 	{
 	    /*
 		 * TODO: implement a timezone retrieval function.
 		 * Not urgent, since the GetDNS code always set this parameter to NULL.
 		 */ 
 		return -1;
 	}
 	return 0;
 }
 #endif /* HAVE_GETTIMEOFDAY */
--- a/src/compat/inet_ntop.c
+++ b/src/compat/inet_ntop.c
@ -19,6 +19,8 @@
 #include <config.h>
 #ifndef HAVE_INET_NTOP
 #include <sys/param.h>
 #include <sys/types.h>
 #ifdef HAVE_SYS_SOCKET_H
@ -212,3 +214,5 @@ inet_ntop6(const u_char *src, char *dst, size_t size)
 	strlcpy(dst, tmp, size);
 	return (dst);
 }
 #endif /* !HAVE_INET_NTOP */
--- a/src/compat/inet_pton.c
+++ b/src/compat/inet_pton.c
@ -17,6 +17,7 @@
 */
 #include <config.h>
 #include <string.h>
 #include <stdio.h>
 #include <errno.h>
--- a/src/compat/mkstemp.c
+++ b/src/compat/mkstemp.c
@ -1,43 +0,0 @@
 /**
 * \file mkstemp.c
 * @brief Implementation of mkstemp for Windows.
 */
 /*
 * Copyright (c) 2019 Sinodun
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * * Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 * * Neither the names of the copyright holders nor the
 *   names of its contributors may be used to endorse or promote products
 *   derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <fcntl.h>
 #include <stdio.h>
 #include <string.h>
 #include <sys/stat.h>
 int mkstemp(char *template)
 {
 		if (_mktemp_s(template, strlen(template) + 1) != 0)
 				return -1;
 		return open(template, _O_CREAT | _O_EXCL | _O_RDWR, _S_IWRITE | _S_IREAD);
 }
--- a/src/compat/sha512.c
+++ b/src/compat/sha512.c
@ -70,7 +70,7 @@ unsigned char *SHA512(void *data, unsigned int data_len, unsigned char *digest);
 * Please make sure that your system defines BYTE_ORDER.  If your
 * architecture is little-endian, make sure it also defines
 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
- * equivalent.
+ * equivilent.
 *
 * If your system does not define the above, then you can do so by
 * hand like this:
--- a/src/compat/strlcpy.c
+++ b/src/compat/strlcpy.c
@ -18,6 +18,7 @@
 /* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
 #include <config.h>
 #ifndef HAVE_STRLCPY
 #include <sys/types.h>
 #include <string.h>
@ -52,3 +53,5 @@ strlcpy(char *dst, const char *src, size_t siz)
 	return(s - src - 1);	/* count does not include NUL */
 }
 #endif /* !HAVE_STRLCPY */
--- a/src/compat/strptime.c
+++ b/src/compat/strptime.c
@ -1,345 +0,0 @@
 /** strptime workaround (for oa macos leopard)
  * This strptime follows the man strptime (2001-11-12)
  *		conforming to SUSv2, POSIX.1-2001
  *
  * This very simple version of strptime has no:
  * - E alternatives
  * - O alternatives
  * - Glibc additions
  * - Does not process week numbers
  * - Does not properly processes year day
  *
  * LICENSE
  * Copyright (c) 2008, NLnet Labs, Matthijs Mekking
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  * * Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
  * * Redistributions in binary form must reproduce the above copyright
  *   notice, this list of conditions and the following disclaimer in the
  *   documentation and/or other materials provided with the distribution.
  * * Neither the name of NLnetLabs nor the names of its
  *   contributors may be used to endorse or promote products derived from this
  *   software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
 **/
 #include "config.h"
 #ifndef HAVE_CONFIG_H
 #include <time.h>
 #endif
 #ifndef STRPTIME_WORKS
 #define TM_YEAR_BASE 1900
 #include <ctype.h>
 #include <string.h>
 static const char *abb_weekdays[] = {
 	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
 };
 static const char *full_weekdays[] = {
 	"Sunday", "Monday", "Tuesday", "Wednesday",
 	"Thursday", "Friday", "Saturday", NULL
 };
 static const char *abb_months[] = {
 	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
 	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL
 };
 static const char *full_months[] = {
 	"January", "February", "March", "April", "May", "June",
 	"July", "August", "September", "October", "November", "December", NULL
 };
 static const char *ampm[] = {
    "am", "pm", NULL
 };
 static int
 match_string(const char **buf, const char **strs)
 {
 	int i = 0;
 	for (i = 0; strs[i] != NULL; i++) {
 		int len = strlen(strs[i]);
 		if (strncasecmp (*buf, strs[i], len) == 0) {
 			*buf += len;
 			return i;
 		}
 	}
 	return -1;
 }
 static int
 str2int(const char **buf, int max)
 {
 	int ret=0, count=0;
 	while (*buf[0] != '\0' && isdigit((unsigned char)*buf[0]) && count<max) {
 		ret = ret*10 + (*buf[0] - '0');
 		(*buf)++;
 		count++;
 	}
 	if (!count)
 		return -1;
 	return ret;
 }
 /** Converts the character string s to values which are stored in tm
  * using the format specified by format
 **/
 char *
 unbound_strptime(const char *s, const char *format, struct tm *tm)
 {
 	int c, ret;
 	int split_year = 0;
 	while ((c = *format) != '\0') {
 		/* whitespace, literal or format */
 		if (isspace((unsigned char)c)) { /* whitespace */
 			/** whitespace matches zero or more whitespace characters in the
 			  * input string.
 			 **/
 			while (isspace((unsigned char)*s))
 				s++;
 		}
 		else if (c == '%') { /* format */
 			format++;
 			c = *format;
 			switch (c) {
 				case '%': /* %% is converted to % */
 					if (*s != c) {
 						return NULL;
 					}
 					s++;
 					break;
 				case 'a': /* weekday name, abbreviated or full */
 				case 'A':
 					ret = match_string(&s, full_weekdays);
 					if (ret < 0)
 						ret = match_string(&s, abb_weekdays);
 					if (ret < 0) {
 						return NULL;
 					}
 					tm->tm_wday = ret;
 					break;
 				case 'b': /* month name, abbreviated or full */
 				case 'B':
 				case 'h':
 					ret = match_string(&s, full_months);
 					if (ret < 0)
 						ret = match_string(&s, abb_months);
 					if (ret < 0) {
 						return NULL;
 					}
 					tm->tm_mon = ret;
 					break;
 				case 'c': /* date and time representation */
 					if (!(s = unbound_strptime(s, "%x %X", tm))) {
 						return NULL;
 					}
 					break;
 				case 'C': /* century number */
 					ret = str2int(&s, 2);
 					if (ret < 0 || ret > 99) { /* must be in [00,99] */
 						return NULL;
 					}
 					if (split_year)	{
 						tm->tm_year = ret*100 + (tm->tm_year%100);
 					}
 					else {
 						tm->tm_year = ret*100 - TM_YEAR_BASE;
 						split_year = 1;
 					}
 					break;
 				case 'd': /* day of month */
 				case 'e':
 					ret = str2int(&s, 2);
 					if (ret < 1 || ret > 31) { /* must be in [01,31] */
 						return NULL;
 					}
 					tm->tm_mday = ret;
 					break;
 				case 'D': /* equivalent to %m/%d/%y */
 					if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) {
 						return NULL;
 					}
 					break;
 				case 'H': /* hour */
 					ret = str2int(&s, 2);
 					if (ret < 0 || ret > 23) { /* must be in [00,23] */
 						return NULL;
 					}
 					tm->tm_hour = ret;
 					break;
 				case 'I': /* 12hr clock hour */
 					ret = str2int(&s, 2);
 					if (ret < 1 || ret > 12) { /* must be in [01,12] */
 						return NULL;
 					}
 					if (ret == 12) /* actually [0,11] */
 						ret = 0;
 					tm->tm_hour = ret;
 					break;
 				case 'j': /* day of year */
 					ret = str2int(&s, 2);
 					if (ret < 1 || ret > 366) { /* must be in [001,366] */
 						return NULL;
 					}
 					tm->tm_yday = ret;
 					break;
 				case 'm': /* month */
 					ret = str2int(&s, 2);
 					if (ret < 1 || ret > 12) { /* must be in [01,12] */
 						return NULL;
 					}
 					/* months go from 0-11 */
 					tm->tm_mon = (ret-1);
 					break;
 				case 'M': /* minute */
 					ret = str2int(&s, 2);
 					if (ret < 0 || ret > 59) { /* must be in [00,59] */
 						return NULL;
 					}
 					tm->tm_min = ret;
 					break;
 				case 'n': /* arbitrary whitespace */
 				case 't':
 					while (isspace((unsigned char)*s))
 						s++;
 					break;
 				case 'p': /* am pm */
 					ret = match_string(&s, ampm);
 					if (ret < 0) {
 						return NULL;
 					}
 					if (tm->tm_hour < 0 || tm->tm_hour > 11) { /* %I */
 						return NULL;
 					}
 					if (ret == 1) /* pm */
 						tm->tm_hour += 12;
 					break;
 				case 'r': /* equivalent of %I:%M:%S %p */
 					if (!(s = unbound_strptime(s, "%I:%M:%S %p", tm))) {
 						return NULL;
 					}
 					break;
 				case 'R': /* equivalent of %H:%M */
 					if (!(s = unbound_strptime(s, "%H:%M", tm))) {
 						return NULL;
 					}
 					break;
 				case 'S': /* seconds */
 					ret = str2int(&s, 2);
 					/* 60 may occur for leap seconds */
 					/* earlier 61 was also allowed */
 					if (ret < 0 || ret > 60) { /* must be in [00,60] */
 						return NULL;
 					}
 					tm->tm_sec = ret;
 					break;
 				case 'T': /* equivalent of %H:%M:%S */
 					if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) {
 						return NULL;
 					}
 					break;
 				case 'U': /* week number, with the first Sun of Jan being w1 */
 					ret = str2int(&s, 2);
 					if (ret < 0 || ret > 53) { /* must be in [00,53] */
 						return NULL;
 					}
 					/** it is hard (and not necessary for nsd) to determine time
 					  * data from week number.
 					 **/
 					break;
 				case 'w': /* day of week */
 					ret = str2int(&s, 1);
 					if (ret < 0 || ret > 6) { /* must be in [0,6] */
 						return NULL;
 					}
 					tm->tm_wday = ret;
 					break;
 				case 'W': /* week number, with the first Mon of Jan being w1 */
 					ret = str2int(&s, 2);
 					if (ret < 0 || ret > 53) { /* must be in [00,53] */
 						return NULL;
 					}
 					/** it is hard (and not necessary for nsd) to determine time
 					  * data from week number.
 					 **/
 					break;
 				case 'x': /* date format */
 					if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) {
 						return NULL;
 					}
 					break;
 				case 'X': /* time format */
 					if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) {
 						return NULL;
 					}
 					break;
 				case 'y': /* last two digits of a year */
 					ret = str2int(&s, 2);
 					if (ret < 0 || ret > 99) { /* must be in [00,99] */
 						return NULL;
 					}
 					if (split_year) {
 						tm->tm_year = ((tm->tm_year/100) * 100) + ret;
 					}
 					else {
 						split_year = 1;
 						/** currently:
 						  * if in [0,68] we are in 21th century,
 						  * if in [69,99] we are in 20th century.
 						 **/
 						if (ret < 69) /* 2000 */
 							ret += 100;
 						tm->tm_year = ret;
 					}
 					break;
 				case 'Y': /* year */
 					ret = str2int(&s, 4);
 					if (ret < 0 || ret > 9999) {
 						return NULL;
 					}
 					tm->tm_year = ret - TM_YEAR_BASE;
 					break;
 				case '\0':
 				default: /* unsupported, cannot match format */
 					return NULL;
 					break;
 			}
 		}
 		else { /* literal */
 			/* if input cannot match format, return NULL */
 			if (*s != c)
 				return NULL;
 			s++;
 		}
 		format++;
 	}
 	/* return pointer to remainder of s */
 	return (char*) s;
 }
 #endif /* STRPTIME_WORKS */
--- a/src/const-info.c
+++ b/src/const-info.c
@ -5,18 +5,11 @@
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
 #include "const-info.h"
 #include <string.h>
 static struct const_info consts_info[] = {
 	{   -1, NULL, "/* <unknown getdns value> */" },
 	{    0, "GETDNS_RETURN_GOOD", GETDNS_RETURN_GOOD_TEXT },
 	{    1, "GETDNS_RETURN_GENERIC_ERROR", GETDNS_RETURN_GENERIC_ERROR_TEXT },
 	{       2, "GETDNS_LOG_CRIT", GETDNS_LOG_CRIT_TEXT },
 	{       3, "GETDNS_LOG_ERR", GETDNS_LOG_ERR_TEXT },
 	{       4, "GETDNS_LOG_WARNING", GETDNS_LOG_WARNING_TEXT },
 	{       5, "GETDNS_LOG_NOTICE", GETDNS_LOG_NOTICE_TEXT },
 	{       6, "GETDNS_LOG_INFO", GETDNS_LOG_INFO_TEXT },
 	{       7, "GETDNS_LOG_DEBUG", GETDNS_LOG_DEBUG_TEXT },
 	{  300, "GETDNS_RETURN_BAD_DOMAIN_NAME", GETDNS_RETURN_BAD_DOMAIN_NAME_TEXT },
 	{  301, "GETDNS_RETURN_BAD_CONTEXT", GETDNS_RETURN_BAD_CONTEXT_TEXT },
 	{  302, "GETDNS_RETURN_CONTEXT_UPDATE_FAIL", GETDNS_RETURN_CONTEXT_UPDATE_FAIL_TEXT },
@ -30,8 +23,6 @@ static struct const_info consts_info[] = {
 	{  310, "GETDNS_RETURN_MEMORY_ERROR", GETDNS_RETURN_MEMORY_ERROR_TEXT },
 	{  311, "GETDNS_RETURN_INVALID_PARAMETER", GETDNS_RETURN_INVALID_PARAMETER_TEXT },
 	{  312, "GETDNS_RETURN_NOT_IMPLEMENTED", GETDNS_RETURN_NOT_IMPLEMENTED_TEXT },
 	{     397, "GETDNS_RETURN_IO_ERROR", GETDNS_RETURN_IO_ERROR_TEXT },
 	{     398, "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", GETDNS_RETURN_NO_UPSTREAM_AVAILABLE_TEXT },
 	{  399, "GETDNS_RETURN_NEED_MORE_SPACE", GETDNS_RETURN_NEED_MORE_SPACE_TEXT },
 	{  400, "GETDNS_DNSSEC_SECURE", GETDNS_DNSSEC_SECURE_TEXT },
 	{  401, "GETDNS_DNSSEC_BOGUS", GETDNS_DNSSEC_BOGUS_TEXT },
@ -57,7 +48,6 @@ static struct const_info consts_info[] = {
 	{  551, "GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE_TEXT },
 	{  552, "GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE_TEXT },
 	{  553, "GETDNS_APPEND_NAME_NEVER", GETDNS_APPEND_NAME_NEVER_TEXT },
 	{     554, "GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST", GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST_TEXT },
 	{  600, "GETDNS_CONTEXT_CODE_NAMESPACES", GETDNS_CONTEXT_CODE_NAMESPACES_TEXT },
 	{  601, "GETDNS_CONTEXT_CODE_RESOLUTION_TYPE", GETDNS_CONTEXT_CODE_RESOLUTION_TYPE_TEXT },
 	{  602, "GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS", GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS_TEXT },
@ -80,24 +70,6 @@ static struct const_info consts_info[] = {
 	{  619, "GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE", GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE_TEXT },
 	{  620, "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE_TEXT },
 	{  621, "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT },
 	{     622, "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT },
 	{     623, "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT },
 	{     624, "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT },
 	{     625, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL_TEXT },
 	{     626, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA_TEXT },
 	{     627, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL_TEXT },
 	{     628, "GETDNS_CONTEXT_CODE_APPDATA_DIR", GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT },
 	{     629, "GETDNS_CONTEXT_CODE_RESOLVCONF", GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT },
 	{     630, "GETDNS_CONTEXT_CODE_HOSTS", GETDNS_CONTEXT_CODE_HOSTS_TEXT },
 	{     631, "GETDNS_CONTEXT_CODE_TLS_CA_PATH", GETDNS_CONTEXT_CODE_TLS_CA_PATH_TEXT },
 	{     632, "GETDNS_CONTEXT_CODE_TLS_CA_FILE", GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT },
 	{     633, "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT },
 	{     634, "GETDNS_CONTEXT_CODE_TLS_CURVES_LIST", GETDNS_CONTEXT_CODE_TLS_CURVES_LIST_TEXT },
 	{     635, "GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES", GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES_TEXT },
 	{     636, "GETDNS_CONTEXT_CODE_TLS_MIN_VERSION", GETDNS_CONTEXT_CODE_TLS_MIN_VERSION_TEXT },
 	{     637, "GETDNS_CONTEXT_CODE_TLS_MAX_VERSION", GETDNS_CONTEXT_CODE_TLS_MAX_VERSION_TEXT },
 	{     638, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME_TEXT },
 	{     699, "GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE", GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE_TEXT },
 	{  700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{  701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
 	{  702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
@ -119,16 +91,6 @@ static struct const_info consts_info[] = {
 	{ 1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT },
 	{ 1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT },
 	{ 1301, "GETDNS_AUTHENTICATION_REQUIRED", GETDNS_AUTHENTICATION_REQUIRED_TEXT },
 	{    1400, "GETDNS_SSL3", GETDNS_SSL3_TEXT },
 	{    1401, "GETDNS_TLS1", GETDNS_TLS1_TEXT },
 	{    1402, "GETDNS_TLS1_1", GETDNS_TLS1_1_TEXT },
 	{    1403, "GETDNS_TLS1_2", GETDNS_TLS1_2_TEXT },
 	{    1404, "GETDNS_TLS1_3", GETDNS_TLS1_3_TEXT },
 	{    8192, "GETDNS_LOG_SYS_STUB", GETDNS_LOG_SYS_STUB_TEXT },
 	{   12288, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
 	{   16384, "GETDNS_LOG_SYS_RECURSING", GETDNS_LOG_SYS_RECURSING_TEXT },
 	{   24576, "GETDNS_LOG_SYS_RESOLVING", GETDNS_LOG_SYS_RESOLVING_TEXT },
 	{   32768, "GETDNS_LOG_SYS_ANCHOR", GETDNS_LOG_SYS_ANCHOR_TEXT },
 };
 static int const_info_cmp(const void *a, const void *b)
@ -159,267 +121,3 @@ getdns_get_errorstr_by_id(uint16_t err)
 	else
 		return NULL;
 }
 static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_APPEND_NAME_ALWAYS", 550 },
 	{ "GETDNS_APPEND_NAME_NEVER", 553 },
 	{ "GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE", 552 },
 	{ "GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE", 551 },
 	{ "GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST", 554 },
 	{ "GETDNS_AUTHENTICATION_NONE", 1300 },
 	{ "GETDNS_AUTHENTICATION_REQUIRED", 1301 },
 	{ "GETDNS_BAD_DNS_ALL_NUMERIC_LABEL", 1101 },
 	{ "GETDNS_BAD_DNS_CNAME_IN_TARGET", 1100 },
 	{ "GETDNS_BAD_DNS_CNAME_RETURNED_FOR_OTHER_TYPE", 1102 },
 	{ "GETDNS_CALLBACK_CANCEL", 701 },
 	{ "GETDNS_CALLBACK_COMPLETE", 700 },
 	{ "GETDNS_CALLBACK_ERROR", 703 },
 	{ "GETDNS_CALLBACK_TIMEOUT", 702 },
 	{ "GETDNS_CONTEXT_CODE_APPDATA_DIR", 628 },
 	{ "GETDNS_CONTEXT_CODE_APPEND_NAME", 607 },
 	{ "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", 614 },
 	{ "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", 609 },
 	{ "GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS", 604 },
 	{ "GETDNS_CONTEXT_CODE_DNS_TRANSPORT", 605 },
 	{ "GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE", 619 },
 	{ "GETDNS_CONTEXT_CODE_EDNS_DO_BIT", 613 },
 	{ "GETDNS_CONTEXT_CODE_EDNS_EXTENDED_RCODE", 611 },
 	{ "GETDNS_CONTEXT_CODE_EDNS_MAXIMUM_UDP_PAYLOAD_SIZE", 610 },
 	{ "GETDNS_CONTEXT_CODE_EDNS_VERSION", 612 },
 	{ "GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS", 602 },
 	{ "GETDNS_CONTEXT_CODE_HOSTS", 630 },
 	{ "GETDNS_CONTEXT_CODE_IDLE_TIMEOUT", 617 },
 	{ "GETDNS_CONTEXT_CODE_LIMIT_OUTSTANDING_QUERIES", 606 },
 	{ "GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE", 699 },
 	{ "GETDNS_CONTEXT_CODE_MEMORY_FUNCTIONS", 615 },
 	{ "GETDNS_CONTEXT_CODE_NAMESPACES", 600 },
 	{ "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", 621 },
 	{ "GETDNS_CONTEXT_CODE_RESOLUTION_TYPE", 601 },
 	{ "GETDNS_CONTEXT_CODE_RESOLVCONF", 629 },
 	{ "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", 622 },
 	{ "GETDNS_CONTEXT_CODE_SUFFIX", 608 },
 	{ "GETDNS_CONTEXT_CODE_TIMEOUT", 616 },
 	{ "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 },
 	{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CA_FILE", 632 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CA_PATH", 631 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES", 635 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", 633 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CURVES_LIST", 634 },
 	{ "GETDNS_CONTEXT_CODE_TLS_MAX_VERSION", 637 },
 	{ "GETDNS_CONTEXT_CODE_TLS_MIN_VERSION", 636 },
 	{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
 	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME", 638 },
 	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", 625 },
 	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA", 626 },
 	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL", 627 },
 	{ "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", 603 },
 	{ "GETDNS_DNSSEC_BOGUS", 401 },
 	{ "GETDNS_DNSSEC_INDETERMINATE", 402 },
 	{ "GETDNS_DNSSEC_INSECURE", 403 },
 	{ "GETDNS_DNSSEC_NOT_PERFORMED", 404 },
 	{ "GETDNS_DNSSEC_SECURE", 400 },
 	{ "GETDNS_EXTENSION_FALSE", 1001 },
 	{ "GETDNS_EXTENSION_TRUE", 1000 },
 	{ "GETDNS_LOG_ALERT", 1 },
 	{ "GETDNS_LOG_CRIT", 2 },
 	{ "GETDNS_LOG_DEBUG", 7 },
 	{ "GETDNS_LOG_EMERG", 0 },
 	{ "GETDNS_LOG_ERR", 3 },
 	{ "GETDNS_LOG_INFO", 6 },
 	{ "GETDNS_LOG_NOTICE", 5 },
 	{ "GETDNS_LOG_SYS_ANCHOR", 32768 },
 	{ "GETDNS_LOG_SYS_RECURSING", 16384 },
 	{ "GETDNS_LOG_SYS_RESOLVING", 24576 },
 	{ "GETDNS_LOG_SYS_STUB", 8192 },
 	{ "GETDNS_LOG_UPSTREAM_STATS", 12288 },
 	{ "GETDNS_LOG_WARNING", 4 },
 	{ "GETDNS_NAMESPACE_DNS", 500 },
 	{ "GETDNS_NAMESPACE_LOCALNAMES", 501 },
 	{ "GETDNS_NAMESPACE_MDNS", 503 },
 	{ "GETDNS_NAMESPACE_NETBIOS", 502 },
 	{ "GETDNS_NAMESPACE_NIS", 504 },
 	{ "GETDNS_NAMETYPE_DNS", 800 },
 	{ "GETDNS_NAMETYPE_WINS", 801 },
 	{ "GETDNS_OPCODE_IQUERY", 1 },
 	{ "GETDNS_OPCODE_NOTIFY", 4 },
 	{ "GETDNS_OPCODE_QUERY", 0 },
 	{ "GETDNS_OPCODE_STATUS", 2 },
 	{ "GETDNS_OPCODE_UPDATE", 5 },
 	{ "GETDNS_RCODE_BADALG", 21 },
 	{ "GETDNS_RCODE_BADCOOKIE", 23 },
 	{ "GETDNS_RCODE_BADKEY", 17 },
 	{ "GETDNS_RCODE_BADMODE", 19 },
 	{ "GETDNS_RCODE_BADNAME", 20 },
 	{ "GETDNS_RCODE_BADSIG", 16 },
 	{ "GETDNS_RCODE_BADTIME", 18 },
 	{ "GETDNS_RCODE_BADTRUNC", 22 },
 	{ "GETDNS_RCODE_BADVERS", 16 },
 	{ "GETDNS_RCODE_FORMERR", 1 },
 	{ "GETDNS_RCODE_NOERROR", 0 },
 	{ "GETDNS_RCODE_NOTAUTH", 9 },
 	{ "GETDNS_RCODE_NOTIMP", 4 },
 	{ "GETDNS_RCODE_NOTZONE", 10 },
 	{ "GETDNS_RCODE_NXDOMAIN", 3 },
 	{ "GETDNS_RCODE_NXRRSET", 8 },
 	{ "GETDNS_RCODE_REFUSED", 5 },
 	{ "GETDNS_RCODE_SERVFAIL", 2 },
 	{ "GETDNS_RCODE_YXDOMAIN", 6 },
 	{ "GETDNS_RCODE_YXRRSET", 7 },
 	{ "GETDNS_REDIRECTS_DO_NOT_FOLLOW", 531 },
 	{ "GETDNS_REDIRECTS_FOLLOW", 530 },
 	{ "GETDNS_RESOLUTION_RECURSING", 521 },
 	{ "GETDNS_RESOLUTION_STUB", 520 },
 	{ "GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS", 904 },
 	{ "GETDNS_RESPSTATUS_ALL_TIMEOUT", 902 },
 	{ "GETDNS_RESPSTATUS_GOOD", 900 },
 	{ "GETDNS_RESPSTATUS_NO_NAME", 901 },
 	{ "GETDNS_RESPSTATUS_NO_SECURE_ANSWERS", 903 },
 	{ "GETDNS_RETURN_BAD_CONTEXT", 301 },
 	{ "GETDNS_RETURN_BAD_DOMAIN_NAME", 300 },
 	{ "GETDNS_RETURN_CONTEXT_UPDATE_FAIL", 302 },
 	{ "GETDNS_RETURN_DNSSEC_WITH_STUB_DISALLOWED", 309 },
 	{ "GETDNS_RETURN_EXTENSION_MISFORMAT", 308 },
 	{ "GETDNS_RETURN_GENERIC_ERROR", 1 },
 	{ "GETDNS_RETURN_GOOD", 0 },
 	{ "GETDNS_RETURN_INVALID_PARAMETER", 311 },
 	{ "GETDNS_RETURN_IO_ERROR", 397 },
 	{ "GETDNS_RETURN_MEMORY_ERROR", 310 },
 	{ "GETDNS_RETURN_NEED_MORE_SPACE", 399 },
 	{ "GETDNS_RETURN_NOT_IMPLEMENTED", 312 },
 	{ "GETDNS_RETURN_NO_SUCH_DICT_NAME", 305 },
 	{ "GETDNS_RETURN_NO_SUCH_EXTENSION", 307 },
 	{ "GETDNS_RETURN_NO_SUCH_LIST_ITEM", 304 },
 	{ "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", 398 },
 	{ "GETDNS_RETURN_UNKNOWN_TRANSACTION", 303 },
 	{ "GETDNS_RETURN_WRONG_TYPE_REQUESTED", 306 },
 	{ "GETDNS_RRCLASS_ANY", 255 },
 	{ "GETDNS_RRCLASS_CH", 3 },
 	{ "GETDNS_RRCLASS_HS", 4 },
 	{ "GETDNS_RRCLASS_IN", 1 },
 	{ "GETDNS_RRCLASS_NONE", 254 },
 	{ "GETDNS_RRTYPE_A", 1 },
 	{ "GETDNS_RRTYPE_A6", 38 },
 	{ "GETDNS_RRTYPE_AAAA", 28 },
 	{ "GETDNS_RRTYPE_AFSDB", 18 },
 	{ "GETDNS_RRTYPE_AMTRELAY", 260 },
 	{ "GETDNS_RRTYPE_ANY", 255 },
 	{ "GETDNS_RRTYPE_APL", 42 },
 	{ "GETDNS_RRTYPE_ATMA", 34 },
 	{ "GETDNS_RRTYPE_AVC", 258 },
 	{ "GETDNS_RRTYPE_AXFR", 252 },
 	{ "GETDNS_RRTYPE_CAA", 257 },
 	{ "GETDNS_RRTYPE_CDNSKEY", 60 },
 	{ "GETDNS_RRTYPE_CDS", 59 },
 	{ "GETDNS_RRTYPE_CERT", 37 },
 	{ "GETDNS_RRTYPE_CNAME", 5 },
 	{ "GETDNS_RRTYPE_CSYNC", 62 },
 	{ "GETDNS_RRTYPE_DHCID", 49 },
 	{ "GETDNS_RRTYPE_DLV", 32769 },
 	{ "GETDNS_RRTYPE_DNAME", 39 },
 	{ "GETDNS_RRTYPE_DNSKEY", 48 },
 	{ "GETDNS_RRTYPE_DOA", 259 },
 	{ "GETDNS_RRTYPE_DS", 43 },
 	{ "GETDNS_RRTYPE_EID", 31 },
 	{ "GETDNS_RRTYPE_EUI48", 108 },
 	{ "GETDNS_RRTYPE_EUI64", 109 },
 	{ "GETDNS_RRTYPE_GID", 102 },
 	{ "GETDNS_RRTYPE_GPOS", 27 },
 	{ "GETDNS_RRTYPE_HINFO", 13 },
 	{ "GETDNS_RRTYPE_HIP", 55 },
 	{ "GETDNS_RRTYPE_HTTPS", 65 },
 	{ "GETDNS_RRTYPE_IPSECKEY", 45 },
 	{ "GETDNS_RRTYPE_ISDN", 20 },
 	{ "GETDNS_RRTYPE_IXFR", 251 },
 	{ "GETDNS_RRTYPE_KEY", 25 },
 	{ "GETDNS_RRTYPE_KX", 36 },
 	{ "GETDNS_RRTYPE_L32", 105 },
 	{ "GETDNS_RRTYPE_L64", 106 },
 	{ "GETDNS_RRTYPE_LOC", 29 },
 	{ "GETDNS_RRTYPE_LP", 107 },
 	{ "GETDNS_RRTYPE_MAILA", 254 },
 	{ "GETDNS_RRTYPE_MAILB", 253 },
 	{ "GETDNS_RRTYPE_MB", 7 },
 	{ "GETDNS_RRTYPE_MD", 3 },
 	{ "GETDNS_RRTYPE_MF", 4 },
 	{ "GETDNS_RRTYPE_MG", 8 },
 	{ "GETDNS_RRTYPE_MINFO", 14 },
 	{ "GETDNS_RRTYPE_MR", 9 },
 	{ "GETDNS_RRTYPE_MX", 15 },
 	{ "GETDNS_RRTYPE_NAPTR", 35 },
 	{ "GETDNS_RRTYPE_NID", 104 },
 	{ "GETDNS_RRTYPE_NIMLOC", 32 },
 	{ "GETDNS_RRTYPE_NINFO", 56 },
 	{ "GETDNS_RRTYPE_NS", 2 },
 	{ "GETDNS_RRTYPE_NSAP", 22 },
 	{ "GETDNS_RRTYPE_NSAP_PTR", 23 },
 	{ "GETDNS_RRTYPE_NSEC", 47 },
 	{ "GETDNS_RRTYPE_NSEC3", 50 },
 	{ "GETDNS_RRTYPE_NSEC3PARAM", 51 },
 	{ "GETDNS_RRTYPE_NULL", 10 },
 	{ "GETDNS_RRTYPE_NXT", 30 },
 	{ "GETDNS_RRTYPE_OPENPGPKEY", 61 },
 	{ "GETDNS_RRTYPE_OPT", 41 },
 	{ "GETDNS_RRTYPE_PTR", 12 },
 	{ "GETDNS_RRTYPE_PX", 26 },
 	{ "GETDNS_RRTYPE_RKEY", 57 },
 	{ "GETDNS_RRTYPE_RP", 17 },
 	{ "GETDNS_RRTYPE_RRSIG", 46 },
 	{ "GETDNS_RRTYPE_RT", 21 },
 	{ "GETDNS_RRTYPE_SIG", 24 },
 	{ "GETDNS_RRTYPE_SINK", 40 },
 	{ "GETDNS_RRTYPE_SMIMEA", 53 },
 	{ "GETDNS_RRTYPE_SOA", 6 },
 	{ "GETDNS_RRTYPE_SPF", 99 },
 	{ "GETDNS_RRTYPE_SRV", 33 },
 	{ "GETDNS_RRTYPE_SSHFP", 44 },
 	{ "GETDNS_RRTYPE_SVCB", 64 },
 	{ "GETDNS_RRTYPE_TA", 32768 },
 	{ "GETDNS_RRTYPE_TALINK", 58 },
 	{ "GETDNS_RRTYPE_TKEY", 249 },
 	{ "GETDNS_RRTYPE_TLSA", 52 },
 	{ "GETDNS_RRTYPE_TSIG", 250 },
 	{ "GETDNS_RRTYPE_TXT", 16 },
 	{ "GETDNS_RRTYPE_UID", 101 },
 	{ "GETDNS_RRTYPE_UINFO", 100 },
 	{ "GETDNS_RRTYPE_UNSPEC", 103 },
 	{ "GETDNS_RRTYPE_URI", 256 },
 	{ "GETDNS_RRTYPE_WKS", 11 },
 	{ "GETDNS_RRTYPE_X25", 19 },
 	{ "GETDNS_RRTYPE_ZONEMD", 63 },
 	{ "GETDNS_SSL3", 1400 },
 	{ "GETDNS_TLS1", 1401 },
 	{ "GETDNS_TLS1_1", 1402 },
 	{ "GETDNS_TLS1_2", 1403 },
 	{ "GETDNS_TLS1_3", 1404 },
 	{ "GETDNS_TRANSPORT_TCP", 1201 },
 	{ "GETDNS_TRANSPORT_TCP_ONLY", 542 },
 	{ "GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN", 543 },
 	{ "GETDNS_TRANSPORT_TLS", 1202 },
 	{ "GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", 545 },
 	{ "GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN", 544 },
 	{ "GETDNS_TRANSPORT_UDP", 1200 },
 	{ "GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP", 540 },
 	{ "GETDNS_TRANSPORT_UDP_ONLY", 541 },
 };
 static int const_name_info_cmp(const void *a, const void *b)
 {
 	return strcmp( ((struct const_name_info *) a)->name
 	             , ((struct const_name_info *) b)->name );
 }
 int
 _getdns_get_const_name_info(const char *name, uint32_t *code)
 {
 	struct const_name_info key = { name, 0 };
 	struct const_name_info *i = bsearch(&key, consts_name_info,
 	    sizeof(consts_name_info) / sizeof(struct const_name_info),
 	    sizeof(struct const_name_info), const_name_info_cmp);
 	if (!i)
 		return 0;
 	if (code)
 		*code = i->code;
 	return 1;
 }
--- a/src/const-info.h
+++ b/src/const-info.h
@ -39,14 +39,6 @@
 #ifndef CONST_INFO_H_
 #define CONST_INFO_H_
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
 #ifndef GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE
 #define GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE 699
 #define GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE_TEXT "Change related to getdns_context_set_max_backoff_value"
 #endif
 struct const_info {
 	int code;
 	const char *name;
@ -55,13 +47,6 @@ struct const_info {
 struct const_info *_getdns_get_const_info(int value);
 struct const_name_info {
 	const char *name;
 	uint32_t code;
 };
 int _getdns_get_const_name_info(const char *name, uint32_t *code);
 #endif
 /* const-info.h */
--- a/src/context.c
+++ b/src/context.c
--- a/src/context.h
+++ b/src/context.h
@ -41,20 +41,15 @@
 #include "getdns/getdns_extra.h"
 #include "config.h"
 #include "types-internal.h"
-#include "extension/default_eventloop.h"
+#include "extension/libmini_event.h"
 #include "util/rbtree.h"
 #include "ub_loop.h"
 #include "server.h"
 #ifdef HAVE_MDNS_SUPPORT
 #include "util/lruhash.h"
 #endif
 #include "rr-iter.h"
 #include "anchor.h"
 #include "tls.h"
 struct getdns_dns_req;
 struct ub_ctx;
 #define GETDNS_FN_RESOLVCONF "/etc/resolv.conf"
 #define GETDNS_FN_HOSTS      "/etc/hosts"
 enum filechgs { GETDNS_FCHG_ERRORS = -1
 , GETDNS_FCHG_NOERROR   = 0
 , GETDNS_FCHG_NOCHANGES = 0
@ -70,10 +65,10 @@ typedef void (*getdns_update_callback2) (struct getdns_context *,
 /* internal use only for detecting changes to system files */
 struct filechg {
-	char fn[_GETDNS_PATH_MAX];
+	char *fn;
 	int  changes;
 	int  errors;
-	struct stat prevstat;
+	struct stat *prevstat;
 };
 typedef enum getdns_tls_hs_state {
@ -84,24 +79,6 @@ typedef enum getdns_tls_hs_state {
 	GETDNS_HS_FAILED
 } getdns_tls_hs_state_t;
 typedef enum getdns_conn_state {
 	GETDNS_CONN_CLOSED,
 	GETDNS_CONN_SETUP,
 	GETDNS_CONN_OPEN,
 	GETDNS_CONN_TEARDOWN,
 	GETDNS_CONN_BACKOFF
 } getdns_conn_state_t;
 typedef enum getdns_tasrc {
 	GETDNS_TASRC_NONE,
 	GETDNS_TASRC_ZONE,
 	GETDNS_TASRC_APP,
 	GETDNS_TASRC_FETCHING,
 	GETDNS_TASRC_XML,
 	GETDNS_TASRC_XML_UPDATE,
 	GETDNS_TASRC_FAILED
 } getdns_tasrc;
 typedef enum getdns_tsig_algo {
 	GETDNS_NO_TSIG     = 0, /* Do not use tsig */
 	GETDNS_HMAC_MD5    = 1, /* 128 bits */
@ -113,7 +90,6 @@ typedef enum getdns_tsig_algo {
 	GETDNS_HMAC_SHA512 = 7
 } getdns_tsig_algo;
 typedef struct getdns_tsig_info {
 	getdns_tsig_algo  alg;
 	const char       *name;
@ -128,7 +104,7 @@ const getdns_tsig_info *_getdns_get_tsig_info(getdns_tsig_algo tsig_alg);
 /* for doing public key pinning of TLS-capable upstreams: */
 typedef struct sha256_pin {
-	uint8_t pin[SHA256_DIGEST_LENGTH];
+	char pin[SHA256_DIGEST_LENGTH];
 	struct sha256_pin *next;
 } sha256_pin_t;
@ -138,118 +114,42 @@ typedef struct getdns_upstream {
 	socklen_t                addr_len;
 	struct sockaddr_storage  addr;
 	char                     addr_str[INET6_ADDRSTRLEN];
-	/**
+	/* How is this upstream doing? */
-	 * How is this upstream doing over UDP?
+	size_t                   writes_done;
-	 *
+	size_t                   responses_received;
-	 * to_retry = 1, back_off = 1, in context.c:upstream_init()
+	uint64_t                 keepalive_timeout;
-	 * 
+	int                      to_retry;
-	 * When querying over UDP, first a upstream is selected which to_retry
+	int                      back_off;
 	 * value > 0 in stub.c:upstream_select().
 	 * 
 	 * Every time a udp request times out, to_retry is decreased, and if
 	 * it reaches 0, it is set to minus back_off in
 	 * stub.c:stub_next_upstream().
 	 *
 	 * to_retry will become > 0 again. because each time an upstream is
 	 * selected for a UDP query in stub.c:upstream_select(), all to_retry
 	 * counters <= 0 are incremented.
 	 *
 	 * On continuous failure, the stubs are less likely to be reselected,
 	 * because each time to_retry is set to minus back_off, in 
 	 * stub.c:stub_next_upstream(), the back_off value is doubled.
 	 *
 	 * Finally, if all upstreams are failing, the upstreams with the
 	 * smallest back_off value will be selected, and the back_off value
 	 * decremented by one.
 	 */
 	int                      to_retry;  /* (initialized to 1) */
 	int                      back_off;  /* (initialized to 1) */
 	size_t                   udp_responses;
 	size_t                   udp_timeouts;
-	/* For stateful upstreams, need to share the connection and track the
+	/* For sharing a TCP socket to this upstream */
 	   activity on the connection */
 	int                      fd;
 	getdns_transport_list_t  transport;
 	SSL*                     tls_obj;
 	getdns_tls_hs_state_t    tls_hs_state;
 	getdns_eventloop_event   event;
 	getdns_eventloop        *loop;
 	getdns_tcp_state         tcp;
-	/* These are running totals or historical info */
+	char                     tls_auth_name[256];
-	size_t                   conn_completed;
+	size_t                   tls_auth_failed;
-	size_t                   conn_shutdowns;
+	sha256_pin_t            *tls_pubkey_pinset;
 	size_t                   conn_setup_failed;
 	time_t                   conn_retry_time;
 	uint16_t                 conn_backoff_interval;
 	size_t                   conn_backoffs;
 	size_t                   total_responses;
 	size_t                   total_timeouts;
 	getdns_auth_state_t      best_tls_auth_state;
 	getdns_auth_state_t      last_tls_auth_state;
 	/* These are per connection. */
 	getdns_conn_state_t      conn_state;
 	size_t                   queries_sent;
 	size_t                   responses_received;
 	size_t                   responses_timeouts;
 	size_t                   keepalive_shutdown;
 	uint64_t                 keepalive_timeout;
 	int                      server_keepalive_received;
-	/* Management of outstanding requests on stateful transports */
+	/* Pipelining of TCP network requests */
 	getdns_network_req      *write_queue;
 	getdns_network_req      *write_queue_last;
 	_getdns_rbtree_t          netreq_by_query_id;
 	/* TCP specific connection handling*/
 	unsigned                 tfo_use_sendto  : 1;
 	/* TLS specific connection handling*/
 	unsigned                 tls_fallback_ok : 1;
 	_getdns_tls_connection*  tls_obj;
 	_getdns_tls_session*     tls_session;
 	getdns_tls_hs_state_t    tls_hs_state;
 	getdns_auth_state_t      tls_auth_state;
 	uint64_t                 expires; /* Expire time of waiting netreqs.
 	                                   * This is how long a handshake may
 	                                   * take.
 	                                   */
 	/* TLS settings */
 	char                    *tls_cipher_list;
 	char                    *tls_ciphersuites;
 	char                    *tls_curves_list;
 	getdns_tls_version_t     tls_min_version;
 	getdns_tls_version_t     tls_max_version;
 	/* Auth credentials */
 	char                     tls_auth_name[256];
 	sha256_pin_t            *tls_pubkey_pinset;
 	/* When requests have been scheduled asynchronously on an upstream
 	 * that is kept open, and a synchronous call is then done with the
 	 * upstream before all scheduled requests have been answered, answers
 	 * for the asynchronous requests may be received on the open upstream.
 	 * Those cannot be processed immediately, because then asynchronous
 	 * callbacks will be fired as a side-effect.
 	 *
 	 * finished_dnsreqs is a list of dnsreqs for which answers have been
 	 * received during a synchronous request.  They will be processed
 	 * when the asynchronous eventloop is run.  For this the finished_event
 	 * will be scheduled to the registered asynchronous event loop with a
 	 * timeout of 1, so it will fire immediately (but not while scheduling)
 	 * when the asynchronous eventloop is run.
 	 */
 	getdns_dns_req          *finished_dnsreqs;
 	getdns_eventloop_event   finished_event;
 	unsigned is_sync_loop : 1;
 	/* EDNS cookies */
-	uint8_t  server_cookie[40];
+	uint32_t secret;
-	size_t   server_cookie_len;
+	uint8_t  client_cookie[8];
 	uint8_t  prev_client_cookie[8];
 	uint8_t  server_cookie[32];
-	uint64_t                src_addr_checked;
+	unsigned has_client_cookie : 1;
-	struct sockaddr_storage src_addr;
+	unsigned has_prev_client_cookie : 1;
-	socklen_t               src_addr_len;
+	unsigned has_server_cookie : 1;
-	char                    src_addr_str[INET6_ADDRSTRLEN];
+	unsigned server_cookie_len : 5;
 	unsigned tls_fallback_ok : 1;
 	/* TSIG */
 	uint8_t          tsig_dname[256];
@ -260,78 +160,24 @@ typedef struct getdns_upstream {
 } getdns_upstream;
 typedef struct getdns_log_config {
 	getdns_logfunc_type  func;
 	void                *userarg;
 	uint64_t             system;
 	getdns_loglevel_type level;
 } getdns_log_config;
 typedef struct getdns_upstreams {
 	struct mem_funcs mf;
 	size_t referenced;
 	size_t count;
-	size_t current_udp;
+	size_t current;
 	size_t current_stateful;
 	uint16_t max_backoff_value;
 	uint16_t tls_backoff_time;
 	uint16_t tls_connection_retries;
 	getdns_log_config log;
 	getdns_upstream upstreams[];
 } getdns_upstreams;
 typedef enum tas_state {
 	TAS_LOOKUP_ADDRESSES = 0,
 	TAS_WRITE_GET_XML,
 	TAS_READ_XML_HDR,
 	TAS_READ_XML_DOC,
 	TAS_WRITE_GET_PS7,
 	TAS_READ_PS7_HDR,
 	TAS_READ_PS7_DOC,
 	TAS_DONE,
 	TAS_RETRY,
 	TAS_RETRY_GET_PS7,
 	TAS_RETRY_PS7_HDR,
 	TAS_RETRY_PS7_DOC,
 	TAS_RETRY_DONE
 } tas_state;
 typedef enum _getdns_property {
 	PROP_INHERIT =  0,
 	PROP_UNKNOWN =  1,
 	PROP_UNABLE  =  2,
 	PROP_ABLE    =  3 
 } _getdns_property;
 typedef struct tas_connection {
 	getdns_eventloop       *loop;
 	getdns_network_req     *req;
 	_getdns_rrset_spc       rrset_spc;
 	_getdns_rrset          *rrset;
 	_getdns_rrtype_iter     rr_spc;
 	_getdns_rrtype_iter    *rr;
 	int                    fd;
 	getdns_eventloop_event event;
 	tas_state              state;
 	getdns_tcp_state       tcp;
 	char                  *http;
 	getdns_bindata         xml;
 } tas_connection;
 struct getdns_context {
 	/* Context values */
 	getdns_resolution_t  resolution_type;
 	getdns_namespace_t   *namespaces;
-	size_t               namespace_count;
+	int                  namespace_count;
 	uint64_t             timeout;
 	uint64_t             idle_timeout;
 	int                  tcp_send_timeout; /* -1 is unset */
 	getdns_redirects_t   follow_redirects;
 	getdns_list          *dns_root_servers;
 #if defined(HAVE_LIBUNBOUND) && !defined(HAVE_UB_CTX_SET_STUB)
 	char                 root_servers_fn[FILENAME_MAX];
 #endif
 	getdns_append_name_t append_name;
 	/* Suffix buffer containing a list of (length byte | dname) where 
 	 * length bytes contains the length of the following dname.
@ -340,46 +186,17 @@ struct getdns_context {
 	const uint8_t        *suffixes;
 	/* Length of all suffixes in the suffix buffer */
 	size_t               suffixes_len; 
 	uint8_t              *trust_anchors;
 	size_t                trust_anchors_len;
 	getdns_tasrc          trust_anchors_source;
 	tas_connection        a;
 	tas_connection        aaaa;
 	uint8_t               tas_hdr_spc[512];
 	char                 *trust_anchors_url;
 	char                 *trust_anchors_verify_CA;
 	char                 *trust_anchors_verify_email;
 	uint64_t              trust_anchors_backoff_time;
 	uint64_t              trust_anchors_backoff_expiry;
 	_getdns_ksks          root_ksk;
 	char                 *appdata_dir;
 	_getdns_property      can_write_appdata;
 	char                 *tls_ca_path;
 	char                 *tls_ca_file;
 	char                 *tls_cipher_list;
 	char                 *tls_ciphersuites;
 	char                 *tls_curves_list;
 	getdns_tls_version_t  tls_min_version;
 	getdns_tls_version_t  tls_max_version;
 	getdns_upstreams     *upstreams;
 	uint16_t             limit_outstanding_queries;
 	uint32_t             dnssec_allowed_skew;
 	getdns_tls_authentication_t  tls_auth;  /* What user requested for TLS*/
 	getdns_tls_authentication_t  tls_auth_min; /* Derived minimum auth allowed*/
 	uint8_t              round_robin_upstreams;
 	uint16_t             max_backoff_value;
 	uint16_t             tls_backoff_time;
 	uint16_t             tls_connection_retries;
 	getdns_transport_list_t   *dns_transports;
 	size_t                     dns_transport_count;
 	size_t                     dns_transport_current;
 	uint8_t edns_extended_rcode;
 	uint8_t edns_version;
@ -387,17 +204,14 @@ struct getdns_context {
 	int edns_maximum_udp_payload_size; /* -1 is unset */
 	uint8_t edns_client_subnet_private;
 	uint16_t tls_query_padding_blocksize;
-	_getdns_tls_context* tls_ctx;
+	SSL_CTX* tls_ctx;
 	getdns_update_callback  update_callback;
 	getdns_update_callback2 update_callback2;
 	void                   *update_userarg;
 	getdns_log_config log;
 	int processing;
 	int destroying;
 	int to_destroy;
 	struct mem_funcs mf;
 	struct mem_funcs my_mf;
@ -406,13 +220,13 @@ struct getdns_context {
 	/* The underlying contexts that do the real work */
 	struct ub_ctx *unbound_ctx;
 	int            unbound_ta_set;
 #ifdef HAVE_UNBOUND_EVENT_API
 	_getdns_ub_loop ub_loop;
 #endif
 #endif
 	/* A tree to hold local host information*/
 	_getdns_rbtree_t local_hosts;
 	int return_dnssec_status;
 	/* which resolution type the contexts are configured for
 	 * 0 means nothing set
 	 */
@ -423,161 +237,52 @@ struct getdns_context {
 	 */
 	_getdns_rbtree_t outbound_requests;
 	/* network requests
 	 */
 	size_t netreqs_in_flight;
 	_getdns_rbtree_t       pending_netreqs;
 	getdns_network_req    *first_pending_netreq;
 	getdns_eventloop_event pending_timeout_event;
 	struct listen_set *server;
 	/* Event loop extension.  */
 	getdns_eventloop       *extension;
 #ifdef HAVE_LIBUNBOUND
 	getdns_eventloop_event  ub_event;
 	/* lock to prevent nested ub_event scheduling */
 	int                     ub_event_scheduling;
 #endif
 	/* The default extension */
-	_getdns_default_eventloop default_eventloop;
+	_getdns_mini_event mini_event;
 	_getdns_default_eventloop sync_eventloop;
 	/* request extension defaults */
 	getdns_dict *header;
 	getdns_dict *add_opt_parameters;
 	unsigned add_warning_for_bad_dns             : 1;
 	unsigned dnssec                              : 1;
 	unsigned dnssec_return_all_statuses          : 1;
 	unsigned dnssec_return_full_validation_chain : 1;
 	unsigned dnssec_return_only_secure           : 1;
 	unsigned dnssec_return_status                : 1;
 	unsigned dnssec_return_validation_chain      : 1;
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	unsigned dnssec_roadblock_avoidance          : 1;
 #endif
 	unsigned edns_cookies                        : 1;
 	unsigned return_api_information              : 1; /* Not used */
 	unsigned return_both_v4_and_v6               : 1;
 	unsigned return_call_reporting               : 1;
 	uint16_t specify_class;
 	/*
 	 * Context for doing system queries.
 	 * For example to resolve data.iana.org or to resolver the addresses
 	 * of upstreams without specified addresses.
 	 */
 	getdns_context *sys_ctxt;
 	/* List of dnsreqs that want to be notified when we have fetched a
 	 * trust anchor from data.iana.org.
 	 */
 	getdns_dns_req *ta_notify;
 	/*
 	 * state data used to detect changes to the system config files
 	 */
-	struct filechg fchg_resolvconf;
+	struct filechg *fchg_resolvconf;
-	struct filechg fchg_hosts;
+	struct filechg *fchg_hosts;
 	uint8_t trust_anchors_spc[1024];
 #ifdef USE_WINSOCK
 	/* We need to run WSAStartup() to be able to use getaddrinfo() */
 	WSADATA wsaData;
 #endif
 	/* MDNS */
 #ifdef HAVE_MDNS_SUPPORT
 	/* 
 	 * If supporting MDNS, context may be instantiated either in basic mode
 	 * or in full mode. If working in extended mode, two multicast sockets are
 	 * left open, for IPv4 and IPv6. Data can be received on either socket.
 	 * The context also keeps a list of open queries, characterized by a 
 	 * name and an RR type, and a list of received answers, characterized
 	 * by name, RR type and data value.
 	 */
 	int mdns_extended_support; /* 0 = no support, 1 = supported, 2 = initialization needed */
 	int mdns_connection_nb; /* typically 0 or 2 for IPv4 and IPv6 */
 	struct mdns_network_connection * mdns_connection;
 	struct lruhash * mdns_cache;
 #endif /* HAVE_MDNS_SUPPORT */
 }; /* getdns_context */
 static inline int _getdns_check_log(const getdns_log_config *log,
    uint64_t system, getdns_loglevel_type level)
 { assert(log)
 ; return log->func && (log->system & system) && level <= log->level; }
 static inline void _getdns_log(const getdns_log_config *log,
    uint64_t system, getdns_loglevel_type level, const char *fmt, ...)
 {
 	va_list args;
 	if (!_getdns_check_log(log, system, level))
 		return;
 	va_start(args, fmt);
 	log->func(log->userarg, system, level, fmt, args);
 	va_end(args);
 }
 static inline void _getdns_upstream_log(const getdns_upstream *up,
    uint64_t system, getdns_loglevel_type level, const char *fmt, ...)
 {
 	va_list args;
 	if (!up || !up->upstreams
 	||  !_getdns_check_log(&up->upstreams->log, system, level))
 		return;
 	va_start(args, fmt);
 	up->upstreams->log.func(
 	    up->upstreams->log.userarg, system, level, fmt, args);
 	va_end(args);
 }
 /** internal functions **/
 /**
 * Sets up the unbound contexts with stub or recursive behavior
 * if needed.
 * @param context previously initialized getdns_context
 * @param usenamespaces if 0 then only use the DNS, else use context namespace list
 * @return GETDNS_RETURN_GOOD on success
 */
-getdns_return_t _getdns_context_prepare_for_resolution(getdns_context *context);
+getdns_return_t _getdns_context_prepare_for_resolution(struct getdns_context *context,
 int usenamespaces);
-/* Register a getdns_dns_req with context.
+/* track an outbound request */
- * - Without pluggable unbound event API,
+getdns_return_t _getdns_context_track_outbound_request(struct getdns_dns_req
- *   ub_fd() is scheduled when this was the first request.
+    *req);
- */
+/* clear the outbound request from being tracked - does not cancel it */
-void _getdns_context_track_outbound_request(getdns_dns_req *dnsreq);
+getdns_return_t _getdns_context_clear_outbound_request(struct getdns_dns_req
    *req);
-/* Deregister getdns_dns_req from the context.
+getdns_return_t _getdns_context_request_timed_out(struct getdns_dns_req
- * - Without pluggable unbound event API,
+    *req);
 *   ub_fd() is scheduled when this was the first request.
 * - Potential timeout events will be cleared.
 * - All associated getdns_dns_reqs (to get the validation chain)
 *   will be canceled.
 */
 void _getdns_context_clear_outbound_request(getdns_dns_req *dnsreq);
-/* Cancels and frees a getdns_dns_req (without calling user callbacks)
+/* cancel callback internal - flag to indicate if req should be freed and callback fired */
- * - Deregisters getdns_dns_req with _getdns_context_clear_outbound_request()
+getdns_return_t _getdns_context_cancel_request(struct getdns_context *context,
- * - Cancels associated getdns_network_reqs
+    getdns_transaction_t transaction_id, int fire_callback);
 *   (by calling ub_cancel() or _getdns_cancel_stub_request())
 * - Frees the getdns_dns_req
 */
 void _getdns_context_cancel_request(getdns_dns_req *dnsreq);
-/* Calls user callback (with GETDNS_CALLBACK_TIMEOUT + response dict), then
+char *_getdns_strdup(const struct mem_funcs *mfs, const char *str);
 * cancels and frees the getdns_dns_req with _getdns_context_cancel_request()
 */
 void _getdns_context_request_timed_out(getdns_dns_req *dnsreq);
 struct getdns_bindata *_getdns_bindata_copy(
    struct mem_funcs *mfs, size_t size, const uint8_t *data);
@ -590,23 +295,12 @@ void _getdns_bindata_destroy(
 getdns_return_t _getdns_context_local_namespace_resolve(
    getdns_dns_req* req, struct getdns_dict **response);
 int _getdns_filechg_check(struct getdns_context *context, struct filechg *fchg);
 void _getdns_context_ub_read_cb(void *userarg);
 void _getdns_upstreams_dereference(getdns_upstreams *upstreams);
 void _getdns_upstream_shutdown(getdns_upstream *upstream);
 FILE *_getdns_context_get_priv_fp(
    const getdns_context *context, const char *fn);
 uint8_t *_getdns_context_get_priv_file(const getdns_context *context,
    const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
 int _getdns_context_write_priv_file(getdns_context *context,
    const char *fn, getdns_bindata *content);
 int _getdns_context_can_write_appdata(getdns_context *context);
 getdns_context *_getdns_context_get_sys_ctxt(
    getdns_context *context, getdns_eventloop *loop);
 #endif /* _GETDNS_CONTEXT_H_ */
--- a/src/convert.c
+++ b/src/convert.c
--- a/src/convert.h
+++ b/src/convert.h
@ -38,10 +38,6 @@
 #include "types-internal.h"
 #include <stdio.h>
 getdns_return_t
 _getdns_wire2msg_dict_scan(struct mem_funcs *mf,
    const uint8_t **wire, size_t *wire_len, getdns_dict **msg_dict);
 getdns_return_t _getdns_wire2rr_dict(struct mem_funcs *mf,
    const uint8_t *wire, size_t wire_len, getdns_dict **rr_dict);
@ -57,8 +53,5 @@ getdns_return_t _getdns_str2rr_dict(struct mem_funcs *mf, const char *str,
 getdns_return_t _getdns_fp2rr_list(struct mem_funcs *mf, FILE *in,
    getdns_list **rr_list, const char *origin, uint32_t default_ttl);
 getdns_return_t _getdns_reply_dict2wire(
    const getdns_dict *reply, gldns_buffer *buf, int reuse_header);
 #endif
 /* convert.h */
--- a/src/debug.h
+++ b/src/debug.h
@ -36,97 +36,35 @@
 #define DEBUG_H
 #include "config.h"
 #define STUB_DEBUG_ENTRY     "=> ENTRY:       "
 #define STUB_DEBUG_SETUP     "--- SETUP:      "
 #define STUB_DEBUG_SETUP_TLS "--- SETUP(TLS): "
 #define STUB_DEBUG_TSIG      "--- TSIG:       "
 #define STUB_DEBUG_SCHEDULE  "----- SCHEDULE: "
 #define STUB_DEBUG_READ      "------- READ:   "
 #define STUB_DEBUG_WRITE     "------- WRITE:  "
 #define STUB_DEBUG_CLEANUP   "--- CLEANUP:    "
 #ifdef GETDNS_ON_WINDOWS
 #define DEBUG_ON(...) do { \
-		struct timeval tv_dEbUgSyM; \
+		struct timeval tv; \
-		struct tm tm_dEbUgSyM; \
+		struct tm tm; \
-		char buf_dEbUgSyM[10]; \
+		char buf[10]; \
 		time_t tsec_dEbUgSyM; \
 		\
-		gettimeofday(&tv_dEbUgSyM, NULL); \
+		gettimeofday(&tv, NULL); \
-		tsec_dEbUgSyM = (time_t) tv_dEbUgSyM.tv_sec; \
+		gmtime_r(&tv.tv_sec, &tm); \
-		gmtime_s(&tm_dEbUgSyM, (const time_t *) &tsec_dEbUgSyM); \
+		strftime(buf, 10, "%T", &tm); \
-		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
 		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
 #define DEBUG_NL(...) do { \
-		struct timeval tv_dEbUgSyM; \
+		struct timeval tv; \
-		struct tm tm_dEbUgSyM; \
+		struct tm tm; \
-		char buf_dEbUgSyM[10]; \
+		char buf[10]; \
 		time_t tsec_dEbUgSyM; \
 		\
-		gettimeofday(&tv_dEbUgSyM, NULL); \
+		gettimeofday(&tv, NULL); \
-		tsec_dEbUgSyM = (time_t) tv_dEbUgSyM.tv_sec; \
+		gmtime_r(&tv.tv_sec, &tm); \
-		gmtime_s(&tm_dEbUgSyM, (const time_t *) &tsec_dEbUgSyM); \
+		strftime(buf, 10, "%T", &tm); \
-		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
 		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
 #else
 #define DEBUG_ON(...) do { \
 		struct timeval tv_dEbUgSyM; \
 		struct tm tm_dEbUgSyM; \
 		char buf_dEbUgSyM[10]; \
 		\
 		gettimeofday(&tv_dEbUgSyM, NULL); \
 		gmtime_r(&tv_dEbUgSyM.tv_sec, &tm_dEbUgSyM); \
 		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
 		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
 #define DEBUG_NL(...) do {		    \
 		struct timeval tv_dEbUgSyM; \
 		struct tm tm_dEbUgSyM; \
 		char buf_dEbUgSyM[10]; \
 		\
 		gettimeofday(&tv_dEbUgSyM, NULL); \
 		gmtime_r(&tv_dEbUgSyM.tv_sec, &tm_dEbUgSyM); \
 		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
 		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 		fprintf(stderr, "\n"); \
 	} while (0)
-#endif
+
 #define DEBUG_OFF(...) do {} while (0)
 #if defined(REQ_DEBUG) && REQ_DEBUG
 #include <time.h>
 #define DEBUG_REQ(...) DEBUG_ON(__VA_ARGS__)
 #include "gldns/wire2str.h"
 #include "rr-dict.h"
 #include "types-internal.h"
 static inline void debug_req(const char *msg, getdns_network_req *netreq)
 {
 	char str[1024];
 	struct timeval tv;
 	uint64_t t;
 	(void) gettimeofday(&tv, NULL);
 	t = tv.tv_sec * 1000 + tv.tv_usec / 1000;
 	t = t >= netreq->owner->expires ? 0 : netreq->owner->expires - t;
 	(void) gldns_wire2str_dname_buf(netreq->owner->name,
 	    netreq->owner->name_len, str, sizeof(str));
 	DEBUG_REQ("NETREQ %s %4"PRIu64" %s %s\n", msg, t,
 	    str, _getdns_rr_type_name(netreq->request_type));
 }
 #else
 #define DEBUG_REQ(...) DEBUG_OFF(__VA_ARGS__)
 #define debug_req(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 #include <time.h>
 #define DEBUG_SCHED(...) DEBUG_ON(__VA_ARGS__)
@ -141,13 +79,6 @@ static inline void debug_req(const char *msg, getdns_network_req *netreq)
 #define DEBUG_STUB(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 #include <time.h>
 #define DEBUG_DAEMON(...) DEBUG_ON(__VA_ARGS__)
 #else
 #define DEBUG_DAEMON(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 #if defined(SEC_DEBUG) && SEC_DEBUG
 #include <time.h>
 #define DEBUG_SEC(...) DEBUG_ON(__VA_ARGS__)
@ -155,46 +86,5 @@ static inline void debug_req(const char *msg, getdns_network_req *netreq)
 #define DEBUG_SEC(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 #if defined(SERVER_DEBUG) && SERVER_DEBUG
 #include <time.h>
 #define DEBUG_SERVER(...) DEBUG_ON(__VA_ARGS__)
 #else
 #define DEBUG_SERVER(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 #define MDNS_DEBUG_ENTRY     "-> MDNS ENTRY:  "
 #define MDNS_DEBUG_READ      "-- MDNS READ:   "
 #define MDNS_DEBUG_MREAD      "-- MDNS MREAD:  "
 #define MDNS_DEBUG_WRITE     "-- MDNS WRITE:  "
 #define MDNS_DEBUG_CLEANUP   "-- MDNS CLEANUP:"
 #if defined(MDNS_DEBUG) && MDNS_DEBUG
 #include <time.h>
 #define DEBUG_MDNS(...) DEBUG_ON(__VA_ARGS__)
 #else
 #define DEBUG_MDNS(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 #if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
 #include <time.h>
 #define DEBUG_ANCHOR(...) DEBUG_ON(__VA_ARGS__)
 #else
 #define DEBUG_ANCHOR(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 #if (defined(REQ_DEBUG)    && REQ_DEBUG)    || \
    (defined(SCHED_DEBUG)  && SCHED_DEBUG)  || \
    (defined(STUB_DEBUG)   && STUB_DEBUG)   || \
    (defined(DAEMON_DEBUG) && DAEMON_DEBUG) || \
    (defined(SEC_DEBUG)    && SEC_DEBUG)    || \
    (defined(SERVER_DEBUG) && SERVER_DEBUG) || \
    (defined(MDNS_DEBUG)   && MDNS_DEBUG)   || \
    (defined(ANCHOR_DEBUG) && ANCHOR_DEBUG)
 #define DEBUGGING 1
 static inline int
 _getdns_ERR_print_errors_cb_f(const char *str, size_t len, void *u)
 { DEBUG_ON("%.*s (u: %p)\n", (int)len, str, u); return 1; }
 #endif
 #endif
 /* debug.h */
--- a/src/dict.c
+++ b/src/dict.c
@ -34,8 +34,8 @@
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "config.h"
 #include <ctype.h>
 #include "config.h"
 #ifndef USE_WINSOCK
 #include <sys/types.h>
 #include <sys/socket.h>
@ -51,11 +51,10 @@
 #include "const-info.h"
 #include "gldns/gbuffer.h"
 #include "gldns/wire2str.h"
 #include "gldns/parseutil.h"
 static char *_json_ptr_first(const struct mem_funcs *mf,
-    const char *jptr, char *first, ssize_t first_sz)
+    const char *jptr, char *first, size_t first_sz)
 {
 	const char *next_ref, *k;
 	char *j;
@ -66,7 +65,7 @@ static char *_json_ptr_first(const struct mem_funcs *mf,
 	if (!(next_ref = strchr(jptr, '/')))
 		next_ref = strchr(jptr, '\0');
-	if ((ssize_t)(next_ref - jptr + 1) > first_sz || !first)
+	if (next_ref - jptr > first_sz)
 		first = GETDNS_XMALLOC(*mf, char, next_ref - jptr + 1);
 	for (j = first, k = jptr; k < next_ref; j++, k++)
@ -83,7 +82,7 @@ static char *_json_ptr_first(const struct mem_funcs *mf,
 static struct getdns_dict_item *
 _find_dict_item(const getdns_dict *dict, const char *jptr)
 {
-	char first_spc[1024] = "", *first;
+	char first_spc[1024], *first;
 	struct getdns_dict_item *d;
 	first = _json_ptr_first(&dict->mf, jptr,
@ -281,7 +280,8 @@ getdns_dict_get_names(const getdns_dict *dict, getdns_list **answer)
 	RBTREE_FOR(item, struct getdns_dict_item *,
 		(_getdns_rbtree_t *)&(dict->root)) {
-		_getdns_list_append_string(*answer, item->node.key);
+		_getdns_list_append_const_bindata(*answer,
 		    strlen(item->node.key) + 1, item->node.key);
 	}
 	return GETDNS_RETURN_GOOD;
 }				/* getdns_dict_get_names */
@ -434,7 +434,7 @@ getdns_dict_create_with_memory_functions(void *(*malloc)(size_t),
 /*-------------------------- getdns_dict_create_with_context */
 struct getdns_dict *
-getdns_dict_create_with_context(const getdns_context *context)
+getdns_dict_create_with_context(struct getdns_context *context)
 {
 	if (context)
 		return getdns_dict_create_with_extended_memory_functions(
@ -484,6 +484,7 @@ _getdns_dict_copy(const struct getdns_dict * srcdict,
 	if (!*dstdict)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	retval = GETDNS_RETURN_GOOD;
 	RBTREE_FOR(item, struct getdns_dict_item *,
 		(struct _getdns_rbtree_t *)&(srcdict->root)) {
 		key = (char *) item->node.key;
@ -507,9 +508,6 @@ _getdns_dict_copy(const struct getdns_dict * srcdict,
 			retval = getdns_dict_set_list(*dstdict, key,
 				item->i.data.list);
 			break;
 		default:
 			retval = GETDNS_RETURN_WRONG_TYPE_REQUESTED;
 			break;
 		}
 		if (retval != GETDNS_RETURN_GOOD) {
 			getdns_dict_destroy(*dstdict);;
@ -532,95 +530,53 @@ getdns_dict_destroy(struct getdns_dict *dict)
 /*---------------------------------------- getdns_dict_set_dict */
 getdns_return_t
-_getdns_dict_set_this_dict(
+getdns_dict_set_dict(
-    getdns_dict *dict, const char *name, getdns_dict *child_dict)
+    getdns_dict *dict, const char *name, const getdns_dict *child_dict)
 {
 	getdns_item    *item;
 	getdns_dict    *newdict;
 	getdns_return_t r;
 	if (!dict || !name || !child_dict)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 	if ((r = _getdns_dict_find_and_add(dict, name, &item)))
 		return r;
 	item->dtype = t_dict;
 	item->data.dict = child_dict;
 	return GETDNS_RETURN_GOOD;
 }				/* getdns_dict_set_dict */
 getdns_return_t
 getdns_dict_set_dict(
    getdns_dict *dict, const char *name, const getdns_dict *child_dict)
 {
 	getdns_dict    *newdict;
 	getdns_return_t r;
 	if ((r = _getdns_dict_copy(child_dict, &newdict)))
 		return r;
-	if ((r = _getdns_dict_set_this_dict(dict, name, newdict)))
+	if ((r = _getdns_dict_find_and_add(dict, name, &item))) {
 		getdns_dict_destroy(newdict);
 		return r;
-}
+	}
-
+	item->dtype = t_dict;
 	item->data.dict = newdict;
 	return GETDNS_RETURN_GOOD;
 }				/* getdns_dict_set_dict */
 /*---------------------------------------- getdns_dict_set_list */
 getdns_return_t
-_getdns_dict_set_this_list(
+getdns_dict_set_list(
-    getdns_dict *dict, const char *name, getdns_list *child_list)
+    getdns_dict *dict, const char *name, const getdns_list *child_list)
 {
 	getdns_item    *item;
 	getdns_list    *newlist;
 	getdns_return_t r;
 	if (!dict || !name || !child_list)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 	if ((r = _getdns_dict_find_and_add(dict, name, &item)))
 		return r;
 	item->dtype = t_list;
 	item->data.list = child_list;
 	return GETDNS_RETURN_GOOD;
 }				/* getdns_dict_set_list */
 getdns_return_t
 getdns_dict_set_list(
    getdns_dict *dict, const char *name, const getdns_list *child_list)
 {
 	getdns_list    *newlist;
 	getdns_return_t r;
 	if ((r = _getdns_list_copy(child_list, &newlist)))
 		return r;
-	if ((r = _getdns_dict_set_this_list(dict, name, newlist)))
+	if ((r = _getdns_dict_find_and_add(dict, name, &item))) {
 		getdns_list_destroy(newlist);
 		return r;
-}
+	}
-
+	item->dtype = t_list;
 	item->data.list = newlist;
 	return GETDNS_RETURN_GOOD;
 }				/* getdns_dict_set_list */
 /*---------------------------------------- getdns_dict_set_bindata */
 getdns_return_t
 _getdns_dict_set_this_bindata(
    getdns_dict *dict, const char *name, getdns_bindata *bindata)
 {
 	getdns_item    *item;
 	getdns_return_t r;
 	if (!dict || !name || !bindata)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 	if ((r = _getdns_dict_find_and_add(dict, name, &item)))
 		return r;
 	item->dtype = t_bindata;
 	item->data.bindata = bindata;
 	return GETDNS_RETURN_GOOD;
 }
 getdns_return_t
 _getdns_dict_set_const_bindata(
    getdns_dict *dict, const char *name, size_t size, const void *data)
@ -642,7 +598,7 @@ _getdns_dict_set_const_bindata(
 	item->dtype = t_bindata;
 	item->data.bindata = newbindata;
 	return GETDNS_RETURN_GOOD;
-}
+}				/* getdns_dict_set_bindata */
 getdns_return_t
 getdns_dict_set_bindata(
@ -655,29 +611,11 @@ getdns_dict_set_bindata(
 /*---------------------------------------- getdns_dict_set_bindata */
 getdns_return_t
-getdns_dict_util_set_string(getdns_dict *dict,
+getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value)
    const char *name, const char *value)
 {
-	getdns_item    *item;
+	return value
-	getdns_bindata *newbindata;
+	    ? _getdns_dict_set_const_bindata(dict, name, strlen(value), value)
-	getdns_return_t r;
+	    : GETDNS_RETURN_INVALID_PARAMETER;
 	if (!dict || !name || !value)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 	if (!(newbindata = _getdns_bindata_copy(
 	    &dict->mf, strlen(value) + 1, (uint8_t *)value)))
 		return GETDNS_RETURN_MEMORY_ERROR;
 	newbindata->size -= 1;
 	if ((r = _getdns_dict_find_and_add(dict, name, &item))) {
 		_getdns_bindata_destroy(&dict->mf, newbindata);
 		return r;
 	}
 	item->dtype = t_bindata;
 	item->data.bindata = newbindata;
 	return GETDNS_RETURN_GOOD;
 }				/* getdns_dict_util_set_dict */
 /*---------------------------------------- getdns_dict_set_int */
@ -733,39 +671,18 @@ _getdns_bindata_is_dname(getdns_bindata *bindata)
 		bindata->data[bindata->size - 1] == 0;
 }
 static int
 getdns_pp_base64(gldns_buffer *buf, getdns_bindata *bindata)
 {
 	size_t p = gldns_buffer_position(buf);
 	size_t base64str_sz;
 	if (gldns_buffer_printf(buf, " <bindata of ") < 0)
 		return -1;
 	base64str_sz = gldns_b64_ntop_calculate_size(bindata->size);
 	if (!gldns_buffer_reserve(buf, base64str_sz))
 		return -1;
 	gldns_buffer_skip(buf, gldns_b64_ntop(bindata->data, bindata->size,
 	    (char *)gldns_buffer_current(buf), base64str_sz));
 	if (gldns_buffer_printf(buf, ">") < 0)
 		return -1;
 	return gldns_buffer_position(buf) - p;
 }
 /*---------------------------------------- getdns_pp_bindata */
 /**
 * private function to pretty print bindata to a gldns_buffer
 * @param buf     buffer to write to
 * @param indent  number of spaces to append after newline
 * @param bindata the bindata to print
 * @return        on success the number of written characters
 *                if an output error is encountered, a negative value
 */
 static int
-getdns_pp_bindata(gldns_buffer *buf, getdns_bindata *bindata,
+getdns_pp_bindata(gldns_buffer *buf, size_t indent,
-    int rdata_raw, int json)
+	getdns_bindata *bindata, int rdata_raw, int json)
 {
 	size_t i, p = gldns_buffer_position(buf);
 	uint8_t *dptr;
@ -782,37 +699,13 @@ getdns_pp_bindata(gldns_buffer *buf, getdns_bindata *bindata,
 	if (bindata->size > 0 && i == bindata->size) {     /* all printable? */
-		if (json) {
+		if (json)
-			const uint8_t *s = bindata->data;
+			(void)snprintf(spc, sizeof(spc), "\"%%.%ds\"", (int)i);
-			const uint8_t *e = s + bindata->size;
+		else
 			const uint8_t *b;
 			if (!gldns_buffer_reserve(buf, (e - s) + 2))
 				return -1;
 			gldns_buffer_write_u8(buf, '"');
 			for (;;) {
 				for ( b = s
 				    ; b < e && *b != '\\' && *b != '"'
 				    ; b++)
 					; /* pass */
 				if (b == e)
 					break;
 				if (!gldns_buffer_reserve(buf, (b - s) + 3))
 					return -1;
 				gldns_buffer_write(buf, s, b - s);
 				gldns_buffer_write_u8(buf, '\\');
 				gldns_buffer_write_u8(buf, *b);
 				s = b + 1;
 			}
 			if (s < e)
 			       	gldns_buffer_write(buf, s, e - s);
 			gldns_buffer_write_u8(buf, '"');
 		} else {
 			(void)snprintf(spc, sizeof(spc), "of \"%%.%ds\"%s>",
 			    (int)(i > 32 ? 32 : i), (i > 32 ? "..." : ""));
 		if (gldns_buffer_printf(buf, spc, bindata->data) < 0)
 			return -1;
 		}
 	} else if (bindata->size > 1 &&         /* null terminated printable */
 	    i == bindata->size - 1 && bindata->data[i] == 0) {
@ -829,7 +722,7 @@ getdns_pp_bindata(gldns_buffer *buf, getdns_bindata *bindata,
 		(void)gldns_wire2str_dname_buf(
 		    bindata->data, bindata->size, spc, sizeof(spc));
 		if (gldns_buffer_printf(
-		    buf, (json ? "\"%s\"" : "for %s>"), spc) < 0)
+		    buf, (json ? "\"%s\"" : "of \"%s\">"), spc) < 0)
 			return -1;
 	} else if (json) {
 		if (gldns_buffer_printf(buf, "[") < 0)
@ -892,7 +785,6 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
 	struct getdns_bindata *bindata_item;
 	uint32_t int_item;
 	const char *strval;
 	char abuf[80];
 	if (list == NULL)
 		return 0;
@ -934,22 +826,8 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
 			if (getdns_list_get_bindata(list, i, &bindata_item) !=
 			    GETDNS_RETURN_GOOD)
 				return -1;
-
+			if (getdns_pp_bindata(
-			if (for_literals && (bindata_item->size == 4  ||
+			    buf, indent, bindata_item, 0, json) < 0)
 			                     bindata_item->size == 16 )) {
 				if (gldns_buffer_printf(buf, 
 				    (json ? "\"%s\"" : " <bindata for %s>"),
 				    inet_ntop(( bindata_item->size == 4
 				              ? AF_INET : AF_INET6)
 				              , bindata_item->data
 				              , abuf
 				              , sizeof(abuf) - 1
 				              )) < 0)
 					return -1;
 			} else if (getdns_pp_bindata(
 			    buf, bindata_item, 0, json) < 0)
 				return -1;
 			break;
@ -1037,7 +915,7 @@ _getdns_print_rcode(gldns_buffer *buf, uint32_t rcode)
 {
 	static const char *rcodes[] = {
 		" GETDNS_RCODE_NOERROR" , " GETDNS_RCODE_FORMERR" ,
-		" GETDNS_RCODE_SERVFAIL", " GETDNS_RCODE_NXDOMAIN" ,
+		" GETDNS_RCODE_SERVFAIL", " GETDNS_RCODE_NXDOMAIN",
 		" GETDNS_RCODE_NOTIMP"  , " GETDNS_RCODE_REFUSED" ,
 		" GETDNS_RCODE_YXDOMAIN", " GETDNS_RCODE_YXRRSET" ,
 		" GETDNS_RCODE_NXRRSET" , " GETDNS_RCODE_NOTAUTH" ,
@ -1045,12 +923,12 @@ _getdns_print_rcode(gldns_buffer *buf, uint32_t rcode)
 		" GETDNS_RCODE_BADSIG"  , " GETDNS_RCODE_BADKEY"  ,
 		" GETDNS_RCODE_BADTIME" , " GETDNS_RCODE_BADMODE" ,
 		" GETDNS_RCODE_BADNAME" , " GETDNS_RCODE_BADALG"  ,
-		" GETDNS_RCODE_BADTRUNC", " GETDNS_RCODE_BADCOOKIE"
+		" GETDNS_RCODE_BADTRUNC"
 	};
 	if (rcode <= 10)
 		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode]);
-	else if (rcode >= 16 && rcode <= 23)
+	else if (rcode >= 16 && rcode <= 22)
-		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode-5]);
+		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode-6]);
 	else
 		return 0;
 	return 1;
@ -1117,28 +995,7 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			     strcmp(item->node.key, "follow_redirects") == 0 ||
 				 strcmp(item->node.key, "transport") == 0 ||
 			     strcmp(item->node.key, "resolution_type") == 0 ||
-			     strcmp(item->node.key, "tls_authentication") == 0 ||
+			     strcmp(item->node.key, "tls_authentication") == 0 ) &&
 			     strcmp(item->node.key, "tls_min_version") == 0 ||
 			     strcmp(item->node.key, "tls_max_version") == 0 ||
 			     /* extensions */
 			     strcmp(item->node.key, "add_warning_for_bad_dns") == 0 ||
 			     strcmp(item->node.key, "dnssec") == 0 ||
 			     strcmp(item->node.key, "dnssec_return_all_statuses") == 0 ||
 			     strcmp(item->node.key, "dnssec_return_full_validation_chain") == 0 ||
 			     strcmp(item->node.key, "dnssec_return_only_secure") == 0 ||
 			     strcmp(item->node.key, "dnssec_return_status") == 0 ||
 			     strcmp(item->node.key, "dnssec_return_validation_chain") == 0 ||
 #if defined(DNSSEC_ROADBLOCK_AVOIDANCE) && defined(HAVE_LIBUNBOUND)
 			     strcmp(item->node.key, "dnssec_roadblock_avoidance") == 0 ||
 #endif
 #ifdef EDNS_COOKIES
 			     strcmp(item->node.key, "edns_cookies") == 0 ||
 #endif
 			     strcmp(item->node.key, "return_api_information") == 0 ||
 			     strcmp(item->node.key, "return_both_v4_and_v6") == 0 ||
 			     strcmp(item->node.key, "return_call_reporting") == 0
 			     ) &&
 			    (strval =
 			     _getdns_get_const_info(item->i.data.n)->name)) {
 				if (gldns_buffer_printf(buf, " %s", strval) < 0)
@ -1156,11 +1013,6 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			if (!json && strcmp(item->node.key, "rcode") == 0 &&
 			    _getdns_print_rcode(buf, item->i.data.n))
 				break;
 			if (!json &&
 			    strcmp(item->node.key, "extended_rcode") == 0 &&
 			    item->i.data.n >= 16 &&
 			    _getdns_print_rcode(buf, item->i.data.n))
 				break;
 			if (gldns_buffer_printf(
 			    buf,(json < 2 ? " %d" : "%d"), item->i.data.n) < 0)
 				return -1;
@ -1169,9 +1021,7 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 		case t_bindata:
 			if ((strcmp(item->node.key, "address_data") == 0 ||
 			     strcmp(item->node.key, "ipv4_address") == 0 ||
-			     strcmp(item->node.key, "ipv6_address") == 0 ||
+			     strcmp(item->node.key, "ipv6_address") == 0 ) &&
 			     strcmp(item->node.key, "answer_ipv4_address") == 0 ||
 			     strcmp(item->node.key, "answer_ipv6_address") == 0) &&
 			    (item->i.data.bindata->size == 4  ||
 			     item->i.data.bindata->size == 16 )) {
@ -1185,18 +1035,8 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 				              )) < 0)
 					return -1;
 			} else if (!json &&
 			    (strcmp(item->node.key, "pin-sha256") == 0 ||
 			     strcmp(item->node.key, "value") == 0) &&
 			     item->i.data.bindata->size > 0 &&
 			     item->i.data.bindata->size % 4 == 0) {
 				if (getdns_pp_base64(buf,
 				    item->i.data.bindata) < 0)
 					return -1;
 			} else if (getdns_pp_bindata(
-			    buf, item->i.data.bindata,
+			    buf, indent, item->i.data.bindata,
 			    (strcmp(item->node.key, "rdata_raw") == 0),
 			    json) < 0)
 				return -1;
@ -1219,9 +1059,8 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			if (getdns_pp_list(buf, indent, item->i.data.list, 
 			    (strcmp(item->node.key, "namespaces") == 0 ||
 			     strcmp(item->node.key, "dns_transport_list") == 0
-			     || strcmp(item->node.key, "bad_dns") == 0 ||
+			     || strcmp(item->node.key, "bad_dns") == 0),
-			     strcmp(item->node.key, "dns_root_servers") == 0
+			    json) < 0)
 			    ), json) < 0)
 				return -1;
 			break;
@ -1288,9 +1127,9 @@ getdns_pretty_snprint_dict(char *str, size_t size, const getdns_dict *dict)
 	if (!dict) return -1;
-	gldns_buffer_init_vfixed_frm_data(&buf, str, size);
+	gldns_buffer_init_frm_data(&buf, str, size);
 	return getdns_pp_dict(&buf, 0, dict, 0) < 0
-	     ? -1 : (int)gldns_buffer_position(&buf);
+	     ? -1 : gldns_buffer_position(&buf);
 }
 char *
@ -1322,9 +1161,9 @@ getdns_pretty_snprint_list(char *str, size_t size, const getdns_list *list)
 	if (!list) return -1;
-	gldns_buffer_init_vfixed_frm_data(&buf, str, size);
+	gldns_buffer_init_frm_data(&buf, str, size);
 	return getdns_pp_list(&buf, 0, list, 0, 0) < 0
-	     ? -1 : (int)gldns_buffer_position(&buf);
+	     ? -1 : gldns_buffer_position(&buf);
 }
 char *
@ -1357,9 +1196,9 @@ getdns_snprint_json_dict(
 	if (!dict) return -1;
-	gldns_buffer_init_vfixed_frm_data(&buf, str, size);
+	gldns_buffer_init_frm_data(&buf, str, size);
 	return getdns_pp_dict(&buf, 0, dict, pretty ? 1 : 2) < 0
-	     ? -1 : (int)gldns_buffer_position(&buf);
+	     ? -1 : gldns_buffer_position(&buf);
 }
 char *
@ -1392,9 +1231,9 @@ getdns_snprint_json_list(
 	if (!list) return -1;
-	gldns_buffer_init_vfixed_frm_data(&buf, str, size);
+	gldns_buffer_init_frm_data(&buf, str, size);
 	return getdns_pp_list(&buf, 0, list, 0, pretty ? 1 : 2) < 0
-	     ? -1 : (int)gldns_buffer_position(&buf);
+	     ? -1 : gldns_buffer_position(&buf);
 }
 /* dict.c */
--- a/src/dict.h
+++ b/src/dict.h
@ -61,7 +61,7 @@ struct getdns_dict
 	struct mem_funcs mf;
 };
-static inline getdns_dict *_getdns_dict_create_with_mf(struct mem_funcs *mf)
+inline static getdns_dict *_getdns_dict_create_with_mf(struct mem_funcs *mf)
 { return getdns_dict_create_with_extended_memory_functions(
         mf->mf_arg, mf->mf.ext.malloc, mf->mf.ext.realloc, mf->mf.ext.free); }
--- a/src/dnssec.c
+++ b/src/dnssec.c
--- a/src/dnssec.h
+++ b/src/dnssec.h
@ -41,34 +41,13 @@
 #include "getdns/getdns.h"
 #include "config.h"
 #include "gldns/gbuffer.h"
 #include "gldns/rrdef.h"
 #include "types-internal.h"
 /* Do some additional requests to fetch the complete validation chain */
 void _getdns_get_validation_chain(getdns_dns_req *dns_req);
 void _getdns_cancel_validation_chain(getdns_dns_req *dns_req);
 void _getdns_validation_chain_timeout(getdns_dns_req *dns_req);
 void _getdns_ta_notify_dnsreqs(getdns_context *context);
 uint16_t _getdns_parse_ta_file(time_t *ta_mtime, gldns_buffer *gbuf);
 static inline int _dnssec_rdata_to_canonicalize(uint16_t rr_type)
 {
 	return rr_type == GLDNS_RR_TYPE_NS    || rr_type == GLDNS_RR_TYPE_MD
 	    || rr_type == GLDNS_RR_TYPE_MF    || rr_type == GLDNS_RR_TYPE_CNAME
 	    || rr_type == GLDNS_RR_TYPE_SOA   || rr_type == GLDNS_RR_TYPE_MB
 	    || rr_type == GLDNS_RR_TYPE_MG    || rr_type == GLDNS_RR_TYPE_MR
 	    || rr_type == GLDNS_RR_TYPE_PTR   || rr_type == GLDNS_RR_TYPE_MINFO
 	    || rr_type == GLDNS_RR_TYPE_MX    || rr_type == GLDNS_RR_TYPE_RP
 	    || rr_type == GLDNS_RR_TYPE_AFSDB || rr_type == GLDNS_RR_TYPE_RT
 	    || rr_type == GLDNS_RR_TYPE_SIG   || rr_type == GLDNS_RR_TYPE_PX
 	    || rr_type == GLDNS_RR_TYPE_NXT   || rr_type == GLDNS_RR_TYPE_NAPTR
 	    || rr_type == GLDNS_RR_TYPE_KX    || rr_type == GLDNS_RR_TYPE_SRV
 	    || rr_type == GLDNS_RR_TYPE_DNAME || rr_type == GLDNS_RR_TYPE_RRSIG;
 }
 int _getdns_bogus(getdns_dns_req *dns_req);
 #endif
 /* dnssec.h */
--- a/src/extension/default_eventloop.h
+++ b/src/extension/default_eventloop.h
@ -1,44 +0,0 @@
 /*
 * \file default_eventloop.h
 * @brief Build in default eventloop extension that uses either poll or select.
 *
 */
 /*
 * Copyright (c) 2013, NLNet Labs, Verisign, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * * Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 * * Neither the names of the copyright holders nor the
 *   names of its contributors may be used to endorse or promote products
 *   derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #ifndef DEFAULT_EVENTLOOP_H_
 #define DEFAULT_EVENTLOOP_H_
 #include "config.h"
 #ifdef USE_POLL_DEFAULT_EVENTLOOP
 #include "extension/poll_eventloop.h"
 #define _getdns_default_eventloop	_getdns_poll_eventloop
 #define _getdns_default_eventloop_init	_getdns_poll_eventloop_init
 #else
 #include "extension/select_eventloop.h"
 #define _getdns_default_eventloop	_getdns_select_eventloop
 #define _getdns_default_eventloop_init	_getdns_select_eventloop_init
 #endif
 #endif
--- a/src/extension/libev.c
+++ b/src/extension/libev.c
@ -97,7 +97,6 @@ static void
 getdns_libev_read_cb(struct ev_loop *l, struct ev_io *io, int revents)
 {
        getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
 	(void)l; (void)revents; /* unused parameters */
        assert(el_ev->read_cb);
        el_ev->read_cb(el_ev->userarg);
 }
@ -106,16 +105,14 @@ static void
 getdns_libev_write_cb(struct ev_loop *l, struct ev_io *io, int revents)
 {
        getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
 	(void)l; (void)revents; /* unused parameters */
        assert(el_ev->write_cb);
        el_ev->write_cb(el_ev->userarg);
 }
 static void
-getdns_libev_timeout_cb(struct ev_loop *l, struct ev_timer *timer, int revents)
+getdns_libev_timeout_cb(struct ev_loop *l, struct ev_timer *timer, int revent)
 {
        getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
 	(void)l; (void)revents; /* unused parameters */
        assert(el_ev->timeout_cb);
        el_ev->timeout_cb(el_ev->userarg);
 }
--- a/src/extension/libevent.c
+++ b/src/extension/libevent.c
@ -33,11 +33,7 @@
 #include "config.h"
 #include "types-internal.h"
 #ifndef USE_WINSOCK
 #include <sys/time.h>
 #else
 #include <winsock2.h>
 #endif
 #include "getdns/getdns_ext_libevent.h"
 #ifdef HAVE_EVENT2_EVENT_H
@ -99,7 +95,6 @@ static getdns_return_t
 getdns_libevent_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 {
 	struct event *my_ev = (struct event *)el_ev->ev;
 	(void)loop; /* unused parameter */
 	assert(my_ev);
@ -115,7 +110,6 @@ static void
 getdns_libevent_callback(evutil_socket_t fd, short bits, void *arg)
 {
 	getdns_eventloop_event *el_ev = (getdns_eventloop_event *)arg;
 	(void)fd; /* unused parameter */
 	if (bits & EV_READ) {
 		assert(el_ev->read_cb);
--- a/src/extension/libmini_event.c
+++ b/src/extension/libmini_event.c
@ -0,0 +1,238 @@
 /**
 *
 * \file libmini_event.c
 * @brief Build in default eventloop extension that uses select.
 *
 */
 /*
 * Copyright (c) 2013, NLnet Labs, Verisign, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * * Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 * * Neither the names of the copyright holders nor the
 *   names of its contributors may be used to endorse or promote products
 *   derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "config.h"
 #include "debug.h"
 #include "types-internal.h"
 #include "extension/libmini_event.h"
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 #include <inttypes.h>
 #endif
 static void
 _getdns_mini_event_cleanup(getdns_eventloop *loop)
 {
 	_getdns_mini_event *ext = (_getdns_mini_event *)loop;
 	_getdns_event_base_free(ext->base);
 }
 void
 _getdns_mini_event_destroy(_getdns_mini_event *ext)
 {
 	assert(ext);
 	ext->loop.vmt->cleanup(&ext->loop);
 	GETDNS_FREE(ext->mf, ext);
 }
 void _getdns_handle_timeouts(struct _getdns_event_base* base,
    struct timeval* now, struct timeval* wait);
 int _getdns_handle_select(struct _getdns_event_base* base, struct timeval* wait);
 static int
 _getdns_mini_event_settime(_getdns_mini_event *ext)
 {
 	if (gettimeofday(&ext->time_tv, NULL) < 0)
 		return -1;
 	ext->time_secs = (time_t)ext->time_tv.tv_sec;
 	return 0;
 }
 static void
 _getdns_mini_event_run(getdns_eventloop *loop)
 {
 	_getdns_mini_event *ext = (_getdns_mini_event *)loop;
 	struct timeval wait;
 	if (ext->n_events == 0 || _getdns_mini_event_settime(ext) < 0)
 		return;
 	do {
 		(void) _getdns_handle_timeouts(ext->base, &ext->time_tv, &wait);
 		if (!ext->n_events)
 			break;
 		if (_getdns_handle_select(ext->base, &wait))
 			break;
 	} while (ext->n_events);
 }
 static void
 _getdns_mini_event_run_once(getdns_eventloop *loop, int blocking)
 {
 	static struct timeval immediately = { 0, 0 };
 	_getdns_mini_event *ext = (_getdns_mini_event *)loop;
 	struct timeval wait;
 	if (blocking) {
 		if (_getdns_mini_event_settime(ext) < 0)
 			return;
 		_getdns_handle_timeouts(ext->base, &ext->time_tv, &wait);
 		if (_getdns_handle_select(ext->base, &wait) < 0)
 			return;
 	} else if (_getdns_handle_select(ext->base, &immediately) < 0)
 		return;
 	_getdns_handle_timeouts(ext->base, &ext->time_tv, &wait);
 }
 static getdns_return_t
 _getdns_mini_event_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 {
 	getdns_return_t r = GETDNS_RETURN_GOOD;
 	_getdns_mini_event *ext = (_getdns_mini_event *)loop;
 	assert(el_ev->ev);
 	DEBUG_SCHED("1. _getdns_mini_event_clear(loop: %p, el_ev: %p[userarg: %p, r: %p, w: %p, t: %p, ev: %p]); n_events: %d, times: %d\n", loop, el_ev, el_ev->userarg, el_ev->read_cb, el_ev->write_cb, el_ev->timeout_cb, el_ev->ev, (int)ext->n_events, (int)ext->base->times->count);
 	if (_getdns_event_del(el_ev->ev) != 0)
 		r = GETDNS_RETURN_GENERIC_ERROR;
 	GETDNS_FREE(ext->mf, el_ev->ev);
 	el_ev->ev = NULL;
 	ext->n_events--;
 	DEBUG_SCHED("2. %d <- _getdns_mini_event_clear(loop: %p, el_ev: %p[userarg: %p, r: %p, w: %p, t: %p, ev: %p]); n_events: %d, times: %d\n", r, loop, el_ev, el_ev->userarg, el_ev->read_cb, el_ev->write_cb, el_ev->timeout_cb, el_ev->ev, (int)ext->n_events, (int)ext->base->times->count);
 	return r;
 }
 static void
 _getdns_mini_event_callback(int fd, short bits, void *arg)
 {
 	getdns_eventloop_event *el_ev = (getdns_eventloop_event *)arg;
 	DEBUG_SCHED("1. _getdns_mini_event_callback(fd: %d, bits: %d, el_ev: %p[userarg: %p, r: %p, w: %p, t: %p, ev: %p])\n", fd, (int)bits, el_ev, el_ev->userarg, el_ev->read_cb, el_ev->write_cb, el_ev->timeout_cb, el_ev->ev);
 	if (bits & EV_READ) {
 		assert(el_ev->read_cb);
 		el_ev->read_cb(el_ev->userarg);
 	} else if (bits & EV_WRITE) {
 		assert(el_ev->write_cb);
 		el_ev->write_cb(el_ev->userarg);
 	} else if (bits & EV_TIMEOUT) {
 		assert(el_ev->timeout_cb);
 		el_ev->timeout_cb(el_ev->userarg);
 	} else
 		assert(ASSERT_UNREACHABLE);
 }
 static getdns_return_t
 _getdns_mini_event_schedule(getdns_eventloop *loop,
    int fd, uint64_t timeout, getdns_eventloop_event *el_ev)
 {
 	_getdns_mini_event *ext = (_getdns_mini_event *)loop;
 	struct _getdns_event *my_ev;
 	struct timeval tv = { timeout / 1000, (timeout % 1000) * 1000 };
 	assert(el_ev);
 	assert(!(el_ev->read_cb || el_ev->write_cb) || fd >= 0);
 	assert(  el_ev->read_cb || el_ev->write_cb  || el_ev->timeout_cb);
 	if (!(my_ev = GETDNS_MALLOC(ext->mf, struct _getdns_event)))
 		return GETDNS_RETURN_MEMORY_ERROR;
 	el_ev->ev = my_ev;
 	DEBUG_SCHED("1. _getdns_mini_event_schedule(loop: %p, fd: %d, timeout: %"PRId64", el_ev: %p[userarg: %p, r: %p, w: %p, t: %p, ev: %p]); n_events: %d\n", loop, fd, timeout, el_ev, el_ev->userarg, el_ev->read_cb, el_ev->write_cb, el_ev->timeout_cb, el_ev->ev, (int)ext->n_events);
 	_getdns_event_set(my_ev, fd, (
 	    (el_ev->read_cb ? EV_READ|EV_PERSIST : 0) |
 	    (el_ev->write_cb ? EV_WRITE|EV_PERSIST : 0) |
 	    (el_ev->timeout_cb ? EV_TIMEOUT : 0)),
 	    _getdns_mini_event_callback, el_ev);
 	if (_getdns_mini_event_settime(ext))
 		goto error;
 	(void) _getdns_event_base_set(ext->base, my_ev);
 	if (_getdns_event_add(my_ev, el_ev->timeout_cb ? &tv : NULL))
 		goto error;
 	ext->n_events++;
 	DEBUG_SCHED("2. _getdns_mini_event_schedule(loop: %p, fd: %d, timeout: %"PRId64", el_ev: %p[userarg: %p, r: %p, w: %p, t: %p, ev: %p]); n_events: %d\n", loop, fd, timeout, el_ev, el_ev->userarg, el_ev->read_cb, el_ev->write_cb, el_ev->timeout_cb, el_ev->ev, (int)ext->n_events);
 	return GETDNS_RETURN_GOOD;
 error:
 	GETDNS_FREE(ext->mf, my_ev);
 	el_ev->ev = NULL;
 	DEBUG_SCHED("3. _getdns_mini_event_schedule(loop: %p, fd: %d, timeout: %"PRId64", el_ev: %p[userarg: %p, r: %p, w: %p, t: %p, ev: %p]); n_events: %d\n", loop, fd, timeout, el_ev, el_ev->userarg, el_ev->read_cb, el_ev->write_cb, el_ev->timeout_cb, el_ev->ev, (int)ext->n_events);
 	return GETDNS_RETURN_GENERIC_ERROR;
 }
 getdns_return_t
 _getdns_mini_event_init(getdns_context *context, _getdns_mini_event *ext)
 {
 	static getdns_eventloop_vmt _getdns_mini_event_vmt = {
 		_getdns_mini_event_cleanup,
 		_getdns_mini_event_schedule,
 		_getdns_mini_event_clear,
 		_getdns_mini_event_run,
 		_getdns_mini_event_run_once
 	};
 	if (!context)
 		return GETDNS_RETURN_BAD_CONTEXT;
 	if (!ext)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 #ifdef USE_WINSOCK
 	int r;
 	WSADATA wsa_data;
 	if ((r = WSAStartup(MAKEWORD(2, 2), &wsa_data)) != 0) {
 		printf("could not init winsock. WSAStartup: %s",
 			wsa_strerror(r));
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 #endif
 	ext->n_events = 0;
 	ext->loop.vmt = &_getdns_mini_event_vmt;
 	ext->base = _getdns_event_init(&ext->time_secs, &ext->time_tv);
 	if (!ext->base)
 		return GETDNS_RETURN_MEMORY_ERROR;
 	ext->mf = *priv_getdns_context_mf(context);
 	return GETDNS_RETURN_GOOD;
 }
 getdns_return_t
 _getdns_mini_event_create(getdns_context *context, _getdns_mini_event **ext)
 {
 	if (!context) return GETDNS_RETURN_BAD_CONTEXT;
 	if (!ext)     return GETDNS_RETURN_INVALID_PARAMETER;
 	*ext = GETDNS_MALLOC(*priv_getdns_context_mf(context), _getdns_mini_event);
 	return _getdns_mini_event_init(context, *ext);
 }
--- a/src/extension/libmini_event.h
+++ b/src/extension/libmini_event.h
@ -1,9 +1,9 @@
 /**
 *
- * /brief dummy prototypes for logging a la unbound
+ * \file libmini_event.h
 * @brief Build in default eventloop extension that uses select.
 *
 */
 /*
 * Copyright (c) 2013, NLnet Labs, Verisign, Inc.
 * All rights reserved.
@ -31,30 +31,33 @@
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-#ifndef UTIL_LOG_H
+#ifndef _GETDNS_LIBMINI_EVENT_H_
-#define UTIL_LOG_H
+#define _GETDNS_LIBMINI_EVENT_H_
 #include <stdlib.h>
 #include "config.h"
-#include "debug.h"
+#ifndef USE_WINSOCK
-
+#include "util/mini_event.h"
 #ifdef DEBUGGING
 #define verbose(x, ...) DEBUG_NL(__VA_ARGS__)
 #define log_err(...)	DEBUG_NL(__VA_ARGS__)
 #define log_info(...)	DEBUG_NL(__VA_ARGS__)
 #define fatal_exit(...) do { DEBUG_NL(__VA_ARGS__); exit(EXIT_FAILURE); } while(0)
 #define log_assert(x)	do { if(!(x)) fatal_exit("%s:%d: %s: assertion %s failed", \
                                                __FILE__, __LINE__, __FUNC__, #x); \
                        } while(0)
 #else
-#define verbose(...)	((void)0)
+#include "util/winsock_event.h"
 #define log_err(...)	((void)0)
 #define log_info(...)	((void)0)
 #define fatal_exit(...)	((void)0)
 #define log_assert(x)	((void)0)
 #endif
 #include "types-internal.h"
 typedef struct _getdns_mini_event {
 	getdns_eventloop           loop;
 	time_t                     time_secs;
 	struct timeval             time_tv;
 	struct _getdns_event_base *base;
 	size_t                     n_events;
 	struct mem_funcs           mf;
 } _getdns_mini_event;
-#endif /* UTIL_LOG_H */
+getdns_return_t
 _getdns_mini_event_init(getdns_context *context, _getdns_mini_event *mini_event);
 getdns_return_t
 _getdns_mini_event_create(getdns_context *ctxt, _getdns_mini_event **mini_event);
 void
 _getdns_mini_event_destroy(_getdns_mini_event *mini_event);
 #endif /* _GETDNS_LIBMINI_EVENT_H_ */
--- a/src/extension/libuv.c
+++ b/src/extension/libuv.c
@ -73,7 +73,8 @@ getdns_libuv_cleanup(getdns_eventloop *loop)
 }
 typedef struct poll_timer {
-	uv_poll_t        poll;
+	uv_poll_t        read;
 	uv_poll_t        write;
 	uv_timer_t       timer;
 	int              to_close;
 	struct mem_funcs mf;
@ -103,15 +104,21 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 	poll_timer   *my_ev = (poll_timer *)el_ev->ev;
 	uv_poll_t    *my_poll;
 	uv_timer_t   *my_timer;
 	(void)loop; /* unused parameter */
 	assert(my_ev);
 	DEBUG_UV("enter libuv_clear(el_ev = %p, my_ev = %p, to_close = %d)\n"
 	        , el_ev, my_ev, my_ev->to_close);
-	if (el_ev->read_cb || el_ev->write_cb) {
+	if (el_ev->read_cb) {
-		my_poll = &my_ev->poll;
+		my_poll = &my_ev->read;
 		uv_poll_stop(my_poll);
 		my_ev->to_close += 1;
 		my_poll->data = my_ev;
 		uv_close((uv_handle_t *)my_poll, getdns_libuv_close_cb);
 	}
 	if (el_ev->write_cb) {
 		my_poll = &my_ev->write;
 		uv_poll_stop(my_poll);
 		my_ev->to_close += 1;
 		my_poll->data = my_ev;
@ -131,29 +138,27 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 }
 static void
-getdns_libuv_cb(uv_poll_t *poll, int status, int events)
+getdns_libuv_read_cb(uv_poll_t *poll, int status, int events)
 {
        getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
 	if (status == 0) {
 		if (events & UV_READABLE) {
        assert(el_ev->read_cb);
 	DEBUG_UV("enter libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
        el_ev->read_cb(el_ev->userarg);
 	DEBUG_UV("exit  libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
-		} else if (events & UV_WRITABLE) {
+}
 static void
 getdns_libuv_write_cb(uv_poll_t *poll, int status, int events)
 {
        getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
        assert(el_ev->write_cb);
 	DEBUG_UV("enter libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
        el_ev->write_cb(el_ev->userarg);
 	DEBUG_UV("exit  libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
 		} else {
 			assert(ASSERT_UNREACHABLE);
 		}
 	}
 }
 static void
@ -164,9 +169,6 @@ getdns_libuv_timeout_cb(uv_timer_t *timer, int status)
 #endif
 {
        getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
 #ifndef HAVE_NEW_UV_TIMER_CB
 	(void)status; /* unused parameter */
 #endif
        assert(el_ev->timeout_cb);
 	DEBUG_UV("enter libuv_timeout_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
@ -198,14 +200,17 @@ getdns_libuv_schedule(getdns_eventloop *loop,
 	my_ev->mf = ext->mf;
 	el_ev->ev = my_ev;
-	if (el_ev->read_cb || el_ev->write_cb) {
+	if (el_ev->read_cb) {
-		my_poll = &my_ev->poll;
+		my_poll = &my_ev->read;
 		my_poll->data = el_ev;
 		uv_poll_init(ext->loop, my_poll, fd);
-		int events =
+		uv_poll_start(my_poll, UV_READABLE, getdns_libuv_read_cb);
-			(el_ev->read_cb ? UV_READABLE : 0) |
+	}
-			(el_ev->write_cb ? UV_WRITABLE : 0);
+	if (el_ev->write_cb) {
-		uv_poll_start(my_poll, events, getdns_libuv_cb);
+		my_poll = &my_ev->write;
 		my_poll->data = el_ev;
 		uv_poll_init(ext->loop, my_poll, fd);
 		uv_poll_start(my_poll, UV_WRITABLE, getdns_libuv_write_cb);
 	}
 	if (el_ev->timeout_cb) {
 		my_timer = &my_ev->timer;
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@ -1,551 +0,0 @@
 /*
 * Copyright (c) 2013, NLNet Labs, Verisign, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * * Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 * * Neither the names of the copyright holders nor the
 *   names of its contributors may be used to endorse or promote products
 *   derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "config.h"
 #include "util-internal.h"
 #include "platform.h"
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
 #endif
 #include "extension/poll_eventloop.h"
 #include "debug.h"
 enum { init_fd_events_capacity = 64
     , init_to_events_capacity = 64 };
 static void *get_to_event(_getdns_poll_eventloop *loop,
    getdns_eventloop_event *event, uint64_t timeout_time)
 {
 	if (loop->to_events_free == loop->to_events_capacity) {
 		if (loop->to_events_free) {
 			_getdns_poll_event *to_events = GETDNS_XREALLOC(
 			    loop->mf, loop->to_events, _getdns_poll_event,
 			    loop->to_events_free * 2);
 			if (!to_events)
 				return NULL;
 			(void) memset(&to_events[loop->to_events_free],
 			    0, sizeof(_getdns_poll_event)
 			     * loop->to_events_free);
 			loop->to_events_capacity = loop->to_events_free * 2;
 			loop->to_events = to_events;
 		} else {
 			if (!(loop->to_events = GETDNS_XMALLOC(loop->mf,
 			    _getdns_poll_event, init_to_events_capacity)))
 				return NULL;
 			(void) memset(loop->to_events, 0,
 			    sizeof(_getdns_poll_event)
 			    * init_to_events_capacity);
 			loop->to_events_capacity = init_to_events_capacity;
 		}
 	}
 	loop->to_events[loop->to_events_free].event = event;
 	loop->to_events[loop->to_events_free].timeout_time = timeout_time;
 	loop->to_events_n_used++;
 	return (void *) (intptr_t) (++loop->to_events_free);
 }
 static void *get_fd_event(_getdns_poll_eventloop *loop, int fd,
    getdns_eventloop_event *event, uint64_t timeout_time)
 {
 	size_t i;
 	if (loop->fd_events_free == loop->fd_events_capacity) {
 		if (loop->fd_events_free) {
 			_getdns_poll_event *fd_events = GETDNS_XREALLOC(
 			    loop->mf, loop->fd_events, _getdns_poll_event,
 			    loop->fd_events_free * 2);
 			struct pollfd *pfds = GETDNS_XREALLOC(
 			    loop->mf, loop->pfds, struct pollfd,
 			    loop->fd_events_free * 2);
 			if (!fd_events || !pfds) {
 				if (fd_events)
 					GETDNS_FREE(loop->mf, fd_events);
 				if (pfds)
 					GETDNS_FREE(loop->mf, pfds);
 				return NULL;
 			}
 			(void) memset(&fd_events[loop->fd_events_free],
 			    0, sizeof(_getdns_poll_event)
 			     * loop->fd_events_free);
 			for ( i = loop->fd_events_free
 			    ; i < loop->fd_events_free * 2
 			    ; i++) {
 				pfds[i].fd = -1;
 				pfds[i].events  = 0;
 				pfds[i].revents = 0;
 			}
 			loop->fd_events_capacity = loop->fd_events_free * 2;
 			loop->fd_events = fd_events;
 			loop->pfds = pfds;
 		} else {
 			if (!(loop->fd_events = GETDNS_XMALLOC(loop->mf,
 			    _getdns_poll_event, init_fd_events_capacity)) ||
 			    !(loop->pfds = GETDNS_XMALLOC(loop->mf,
 			    struct pollfd, init_fd_events_capacity))) {
 				GETDNS_NULL_FREE(loop->mf, loop->fd_events);
 				return NULL;
 			}
 			(void) memset(loop->fd_events, 0,
 			    sizeof(_getdns_poll_event)
 			    * init_fd_events_capacity);
 			for (i = 0; i < init_fd_events_capacity; i++) {
 				loop->pfds[i].fd = -1;
 				loop->pfds[i].events  = 0;
 				loop->pfds[i].revents = 0;
 			}
 			loop->fd_events_capacity = init_fd_events_capacity;
 		}
 	}
 	loop->pfds[loop->fd_events_free].fd = fd;
 	loop->pfds[loop->fd_events_free].events = 0;
 	if (event->read_cb)
 		loop->pfds[loop->fd_events_free].events |= POLLIN;
 	if (event->write_cb)
 		loop->pfds[loop->fd_events_free].events |= POLLOUT;
 	loop->fd_events[loop->fd_events_free].event = event;
 	loop->fd_events[loop->fd_events_free].timeout_time = timeout_time;
 	loop->fd_events_n_used++;
 	return (void *) (intptr_t) (++loop->fd_events_free);
 }
 static uint64_t get_now_plus(uint64_t amount)
 {
 	struct timeval tv;
 	uint64_t       now;
 	if (gettimeofday(&tv, NULL)) {
 		_getdns_perror("gettimeofday() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = tv.tv_sec * 1000000 + tv.tv_usec;
 	return (now + amount * 1000) >= now
 	      ? now + amount * 1000 : TIMEOUT_FOREVER;
 }
 static getdns_return_t
 poll_eventloop_schedule(getdns_eventloop *loop,
    int fd, uint64_t timeout, getdns_eventloop_event *event)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p)\n"
 	        , __FUNC__, (void *)loop, fd, timeout, (void *)event);
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 	if (fd >= 0 && !(event->read_cb || event->write_cb)) {
 		DEBUG_SCHED("WARNING: fd event without "
 		            "read or write cb!\n");
 		fd = -1;
 	}
 	if (fd >= 0) {
 		if (!(event->ev = get_fd_event(
 		    poll_loop, fd, event, get_now_plus(timeout)))) {
 			DEBUG_SCHED("ERROR: scheduled read/write slots!\n");
 			return GETDNS_RETURN_GENERIC_ERROR;
 		}
 		DEBUG_SCHED( "scheduled read/write at for %d at %p\n"
 		           , fd, (void *)event->ev);
 		return GETDNS_RETURN_GOOD;
 	}
 	if (!event->timeout_cb) {
 		DEBUG_SCHED("ERROR: fd < 0 without timeout_cb!\n");
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (event->read_cb) {
 		DEBUG_SCHED("ERROR: timeout event with read_cb! Clearing.\n");
 		event->read_cb = NULL;
 	}
 	if (event->write_cb) {
 		DEBUG_SCHED("ERROR: timeout event with write_cb! Clearing.\n");
 		event->write_cb = NULL;
 	}
 	if (!(event->ev = get_to_event(poll_loop, event, get_now_plus(timeout)))) {
 		DEBUG_SCHED("ERROR: Out of timeout slots!\n");
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	DEBUG_SCHED("scheduled timeout at slot %p\n", (void *)event->ev);
 	return GETDNS_RETURN_GOOD;
 }
 static getdns_return_t
 poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNC__, (void *)loop, (void *)event);
 	if (!event->ev)
 		return GETDNS_RETURN_GOOD;
 	else if (event->timeout_cb && !event->read_cb && !event->write_cb) {
 		size_t i = ((size_t) (intptr_t) event->ev) - 1;
 		/* This may happen with full recursive synchronous requests
 		 * with the unbound pluggable event API, because the default
 		 * poll_eventloop is temporarily replaced by a poll_eventloop
 		 * used only in synchronous calls. When the synchronous request
 		 * had an answer, the poll_eventloop for the synchronous is
 		 * cleaned, however it could still have outstanding events.
 		 */
 		if (i >= poll_loop->to_events_capacity ||
 		    poll_loop->to_events[i].event != event) {
 			event->ev = NULL;
 			DEBUG_SCHED( "ERROR: Event mismatch %p\n", (void *)event->ev);
 			return GETDNS_RETURN_GENERIC_ERROR;
 		}
 		poll_loop->to_events[i].event = NULL;
 		if (--poll_loop->to_events_n_used == 0) {
 			poll_loop->to_events_free = 0;
 		}
 		DEBUG_SCHED( "cleared timeout at slot %p\n", (void *)event->ev);
 	} else {
 		size_t i = ((size_t) (intptr_t) event->ev) - 1;
 		/* This may happen with full recursive synchronous requests
 		 * with the unbound pluggable event API, because the default
 		 * poll_eventloop is temporarily replaced by a poll_eventloop
 		 * used only in synchronous calls. When the synchronous request
 		 * had an answer, the poll_eventloop for the synchronous is
 		 * cleaned, however it could still have outstanding events.
 		 */
 		if (i >= poll_loop->fd_events_capacity ||
 		    poll_loop->fd_events[i].event != event) {
 			event->ev = NULL;
 			DEBUG_SCHED( "ERROR: Event mismatch %p\n", (void *)event->ev);
 			return GETDNS_RETURN_GENERIC_ERROR;
 		}
 		poll_loop->fd_events[i].event = NULL;
 		if (--poll_loop->fd_events_n_used == 0) {
 			poll_loop->fd_events_free = 0;
 		}
 		DEBUG_SCHED( "cleared read/write for %d at slot %p\n"
 		           , poll_loop->pfds[i].fd, (void *)event->ev);
 		poll_loop->pfds[i].fd = -1; /* Not necessary, but to be sure */
 	}
 	event->ev = NULL;
 	return GETDNS_RETURN_GOOD;
 }
 static void
 poll_eventloop_cleanup(getdns_eventloop *loop)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	struct mem_funcs *mf = &poll_loop->mf;
 	GETDNS_NULL_FREE(*mf, poll_loop->pfds);
 	if (poll_loop->fd_events) {
 		GETDNS_FREE(*mf, poll_loop->fd_events);
 		poll_loop->fd_events = NULL;
 		poll_loop->fd_events_capacity = 0;
 		poll_loop->fd_events_free     = 0;
 		poll_loop->fd_events_n_used   = 0;
 	}
 	if (poll_loop->to_events) {
 		GETDNS_FREE(*mf, poll_loop->to_events);
 		poll_loop->to_events = NULL;
 		poll_loop->to_events_capacity = 0;
 		poll_loop->to_events_free     = 0;
 		poll_loop->to_events_n_used   = 0;
 	}
 }
 static void
 poll_read_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
 	(void)fd; /* unused parameter */
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	if (event && event->read_cb)
 		event->read_cb(event->userarg);
 }
 static void
 poll_write_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
 	(void)fd; /* unused parameter */
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	if (event && event->write_cb)
 		event->write_cb(event->userarg);
 }
 static void
 poll_timeout_cb(getdns_eventloop_event *event)
 {
 	DEBUG_SCHED( "%s(event: %p)\n", __FUNC__, (void *)event);
 	if (event && event->timeout_cb)
 		event->timeout_cb(event->userarg);
 }
 static void
 poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	uint64_t now, timeout = TIMEOUT_FOREVER;
 	size_t  i = 0, j;
 	int poll_timeout = 0;
 	if (!loop)
 		return;
 	now = get_now_plus(0);
 	for (i = 0, j = 0; i < poll_loop->to_events_free; i++, j++) {
 		while (poll_loop->to_events[i].event == NULL) {
 			if (++i == poll_loop->to_events_free) {
 				poll_loop->to_events_free = j;
 				break;
 			}
 		}
 		if (j < i) {
 			if (j >= poll_loop->to_events_free)
 				break;
 			poll_loop->to_events[j] = poll_loop->to_events[i];
 			poll_loop->to_events[i].event = NULL;
 			poll_loop->to_events[j].event->ev =
 			    (void *) (intptr_t) (j + 1);
 		}
 		if (poll_loop->to_events[j].timeout_time < now)
 			poll_timeout_cb(poll_loop->to_events[j].event);
 	}
 	for (i = 0, j = 0; i < poll_loop->to_events_free; i++, j++) {
 		while (poll_loop->to_events[i].event == NULL) {
 			if (++i == poll_loop->to_events_free) {
 				poll_loop->to_events_free = j;
 				break;
 			}
 		}
 		if (j < i) {
 			if (j >= poll_loop->to_events_free)
 				break;
 			poll_loop->to_events[j] = poll_loop->to_events[i];
 			poll_loop->to_events[i].event = NULL;
 			poll_loop->to_events[j].event->ev =
 			    (void *) (intptr_t) (j + 1);
 		}
 		if (poll_loop->to_events[j].timeout_time < timeout)
 			timeout = poll_loop->to_events[j].timeout_time;
 	}
 	if ((timeout == TIMEOUT_FOREVER) && (poll_loop->fd_events_free == 0))
 		return;
 	for (i = 0, j = 0; i < poll_loop->fd_events_free; i++, j++) {
 		while (poll_loop->fd_events[i].event == NULL) {
 			if (++i == poll_loop->fd_events_free) {
 				poll_loop->fd_events_free = j;
 				break;
 			}
 		}
 		if (j < i) {
 			if (j >= poll_loop->fd_events_free)
 				break;
 			poll_loop->fd_events[j] = poll_loop->fd_events[i];
 			poll_loop->fd_events[i].event = NULL;
 			poll_loop->fd_events[j].event->ev =
 			    (void *) (intptr_t) (j + 1);
 			poll_loop->pfds[j] = poll_loop->pfds[i];
 			poll_loop->pfds[i].fd = -1;
 		}
 		if (poll_loop->fd_events[j].timeout_time < timeout)
 			timeout = poll_loop->fd_events[j].timeout_time;
 	}
 	if (timeout == TIMEOUT_FOREVER) {
 		poll_timeout = -1;
 	} else if (! blocking || now > timeout) {
 		poll_timeout = 0;
 	} else {
 		/* turn microseconds into milliseconds */
 		poll_timeout = (timeout - now) / 1000;
 	}
 	DEBUG_SCHED( "poll(fd_free: %d, fd_used: %d, to_free: %d, to_used: %d, timeout: %d)\n"
 	           , (int)poll_loop->fd_events_free, (int)poll_loop->fd_events_n_used
 	           , (int)poll_loop->to_events_free, (int)poll_loop->to_events_n_used
 		   , poll_timeout
 		   );
 #ifdef USE_WINSOCK
    if (poll_loop->fd_events_free == 0)
    {
        Sleep(poll_timeout);
    } else
 #endif
 	if (_getdns_poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 		if (_getdns_socketerror() == _getdns_EAGAIN ||
 		    _getdns_socketerror() == _getdns_EINTR )
 			return;
 		DEBUG_SCHED("I/O error with poll(): %s\n", _getdns_errnostr());
 		return;
 	}
 	now = get_now_plus(0);
 	for (i = 0, j = 0; i < poll_loop->fd_events_free; i++, j++) {
 		while (poll_loop->fd_events[i].event == NULL) {
 			if (++i == poll_loop->fd_events_free) {
 				poll_loop->fd_events_free = j;
 				break;
 			}
 		}
 		if (j < i) {
 			if (j >= poll_loop->fd_events_free)
 				break;
 			poll_loop->fd_events[j] = poll_loop->fd_events[i];
 			poll_loop->fd_events[i].event = NULL;
 			poll_loop->fd_events[j].event->ev =
 			    (void *) (intptr_t) (j + 1);
 			poll_loop->pfds[j] = poll_loop->pfds[i];
 			poll_loop->pfds[i].fd = -1;
 		}
 		if (poll_loop->fd_events[j].event->write_cb &&
 		    poll_loop->pfds[j].revents & (POLLOUT|POLLERR|POLLHUP|POLLNVAL))
 			poll_write_cb( poll_loop->pfds[j].fd
 			             , poll_loop->fd_events[j].event);
 		if (poll_loop->fd_events[j].event &&
 		    poll_loop->fd_events[j].event->read_cb &&
 		    poll_loop->pfds[j].revents & (POLLIN|POLLERR|POLLHUP|POLLNVAL))
 			poll_read_cb( poll_loop->pfds[j].fd
 			            , poll_loop->fd_events[j].event);
 	}
 	for (i = 0, j = 0; i < poll_loop->fd_events_free; i++, j++) {
 		while (poll_loop->fd_events[i].event == NULL) {
 			if (++i == poll_loop->fd_events_free) {
 				poll_loop->fd_events_free = j;
 				break;
 			}
 		}
 		if (j < i) {
 			if (j >= poll_loop->fd_events_free)
 				break;
 			poll_loop->fd_events[j] = poll_loop->fd_events[i];
 			poll_loop->fd_events[i].event = NULL;
 			poll_loop->fd_events[j].event->ev =
 			    (void *) (intptr_t) (j + 1);
 			poll_loop->pfds[j] = poll_loop->pfds[i];
 			poll_loop->pfds[i].fd = -1;
 		}
 		if (poll_loop->fd_events[j].timeout_time < now)
 			poll_timeout_cb(poll_loop->fd_events[j].event);
 	}
 	for (i = 0, j = 0; i < poll_loop->to_events_free; i++, j++) {
 		while (poll_loop->to_events[i].event == NULL) {
 			if (++i == poll_loop->to_events_free) {
 				poll_loop->to_events_free = j;
 				break;
 			}
 		}
 		if (j < i) {
 			if (j >= poll_loop->to_events_free)
 				break;
 			poll_loop->to_events[j] = poll_loop->to_events[i];
 			poll_loop->to_events[i].event = NULL;
 			poll_loop->to_events[j].event->ev =
 			    (void *) (intptr_t) (j + 1);
 		}
 		if (poll_loop->to_events[j].timeout_time < now)
 			poll_timeout_cb(poll_loop->to_events[j].event);
 	}
 }
 static void
 poll_eventloop_run(getdns_eventloop *loop)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	if (!loop)
 		return;
 	/* keep going until all the events are cleared */
 	while (poll_loop->fd_events_n_used || poll_loop->to_events_n_used) {
 		poll_eventloop_run_once(loop, 1);
 	}
 }
 void
 _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 {
 	static getdns_eventloop_vmt poll_eventloop_vmt = {
 		poll_eventloop_cleanup,
 		poll_eventloop_schedule,
 		poll_eventloop_clear,
 		poll_eventloop_run,
 		poll_eventloop_run_once
 	};
 	loop->loop.vmt = &poll_eventloop_vmt;
 	loop->mf = *mf;
 	loop->to_events_capacity = init_to_events_capacity;
 	if ((loop->to_events = GETDNS_XMALLOC(
 	    *mf, _getdns_poll_event, init_to_events_capacity)))
 		(void) memset(loop->to_events, 0,
 		    sizeof(_getdns_poll_event) * init_to_events_capacity);
 	else
 		loop->to_events_capacity = 0;
 	loop->to_events_free = 0;
 	loop->to_events_n_used = 0;
 	loop->fd_events_capacity = init_fd_events_capacity;
 	if ((loop->fd_events = GETDNS_XMALLOC(
 	    *mf, _getdns_poll_event, init_fd_events_capacity)) &&
 	    (loop->pfds = GETDNS_XMALLOC(
 	    *mf, struct pollfd, init_fd_events_capacity))) {
 		size_t i;
 		(void) memset(loop->fd_events, 0,
 		    sizeof(_getdns_poll_event) * init_fd_events_capacity);
 		for (i = 0; i < init_fd_events_capacity; i++) {
 			loop->pfds[i].fd = -1;
 			loop->pfds[i].events  = 0;
 			loop->pfds[i].revents = 0;
 		}
 	} else {
 		loop->fd_events_capacity = 0;
 		if (loop->fd_events) {
 			GETDNS_FREE(*mf, loop->fd_events);
 			loop->fd_events = NULL;
 		}
 	}
 	loop->fd_events_free = 0;
 	loop->fd_events_n_used = 0;
 }
--- a/Show More
+++ b/Show More