Thu 06 Apr 2017  

Second release candidate for getdns-1.1.0

5b58ce061cea83344bdd85a9e9129a45cb785de887ebe670f99a0f5c09e169a0

Dear all,

We have a second release candidate for the new feature release version 1.1.0 of getdns.

The first release has been extensively tested and used in the IETF98 Hackathon, which has let to some great hacks!, and also revealed some improvement potentials and even some bugs.

This second release candidate addresses those things:

  • The return_call_reporting extension now also returns the remote end's certificate if the interaction was over TLS.
  • Statefull connections with and idle_timeout > 0 will not be closed after doing a synchronous request anymore. This also involved a bugfix for naked timeout events with Windows.
  • Stability of the dnssec extensions in combination with statefull transports have been improved (and a bugfix in which this combination hang).
  • A default edns0 padding policy contributed by DKG.
  • A new function getdns_context_unset_edns_maximum_udp_payload_size() to reset to the default behaviour to have a maximum UDP payload size dependent on the address family; 1432 for IPv4 and 1232 for IPv6 to maximize receptivity.

Please review this release candidate carefully, if all is well, the actual release will follow Thursday the 13th of April.


ChangeLog:
* 2017-04-??: Version 1.1.0
  * bugfix: Reschedule request timeout when getting the DNSSEC chain.
  * getdns_context_unset_edns_maximum_udp_payload_size() to reset
    to default IPv4/IPv6 dependent edns max udp payload size.
  * Implement sensible default edns0 padding policy.  Thanks DKG.
  * Keep connections open with sync requests too.
  * Fix of event loops so they do not give up with naked timers with
    windows.  Thanks Christian Huitema.
  * Include peer certificate with DNS-over-TLS in combination with
    the return_call_reporting extension.

* 2017-03-23: Version 1.1.0-rc1
  * More fine grained control over TLS upstream retry and back off
    behaviour with getdns_context_set_tls_backoff_time() and
    getdns_context_set_tls_connection_retries().
  * New round robin over the available upstreams feaure.
    Enable with getdns_context_set_round_robin_upstreams()
  * Bugfix: Queue requests when no sockets available for outgoing queries.
  * Obey the outstanding query limit with STUB resolution mode too.
  * Updated stubby config file
  * Draft MDNS client implementation by Christian Huitema.
    Enable with --enable-draft-mdns-support to configure
  * bugfix: Let synchronous queries use fds > MAX_FDSETSIZE;
            By moving default eventloop from select to poll
    Thanks Neil Cook
  * bugfix: authentication failure for self signed cert + only pinset
  * bugfix: issue with session re-use making authentication appear to fail

* 2016-10-19: Version 1.1.0-a2
  * Improved TLS connection management
  * OpenSSL 1.1 support
  * Stubby, Server version of getdns_query that by default listens
    on 127.0.0.1 and ::1 and reads config from /etc/stubby.conf
    and $HOME/.stubby.conf

* 2016-07-14: Version 1.1.0a1
  * Conversion functions from text strings to getdns native types:
    getdns_str2dict(), getdns_str2list(), getdns_str2bindata() and
    getdns_str2int()
  * A getdns_context_config() function that configures a context
    with settings given in a getdns_dict
  * A a getdns_context_set_listen_addresses() function and companion
    getdns_reply() function to construct simple name servers.
  * Relocate getdns_query to src/tools and build by default
  * Enhancements to the logic used to select connection based upstream
    transports (TCP, TLS) to improve robustness and re-use of
    connections/upstreams.

Related

  How to keep your ISP’s nose out of your browser history with encrypted DNS
  Sun 08 Apr 2018
  Media   DNS Privacy   Stubby
Blog post on DNS privacy by Sean Gallagher on Ars Technica
  How to Use Pihole With Stubby
  Mon 08 Jan 2018
  Media   DNS Privacy   Stubby
Guide by Frank Santoso describing how to use Stubby in the blockhole for Internet advertisements solution Pi-HOLE
  getdns-1.3.0 release
  Fri 22 Dec 2017
  Stubby   Zero config DNSSEC
Bug-, robustness- and stability-fixes that came out of Stubby usage
  First release candidate for getdns-1.2.2
  Thu 14 Dec 2017
  Stubby   Zero config DNSSEC
Bug-, robustness- and stability-fixes that came out of Stubby usage
  Quad9, a Public DNS Resolver - with Security
  Tue 21 Nov 2017
  Media   DNS Privacy   Stubby
Blog post on how to configure Stubby for use with Quad9 by Stéphane Bortzmeyer on RIPE Labs
  Privacy: Using DNS-over-TLS with the Quad9 DNS Service
  Mon 20 Nov 2017
  Media   DNS Privacy   Stubby
Blog post on how to configure Stubby for use with Quad9 by Alex Band
  getdns-1.2.1 release
  Sat 11 Nov 2017
  Stubby
Just bug-, robustness- and stability-fixes
  First release candidate for getdns-1.2.1
  Fri 03 Nov 2017
  Stubby
Just bug-, robustness- and stability-fixes
  getdns-1.2.0 release
  Fri 29 Sep 2017
  Stubby   Zero config DNSSEC
Zero configuration DNSSEC, Stubby config in YAML format and resilient TLS upstream management
  First release candidate for getdns-1.2.0
  Fri 22 Sep 2017
  Stubby   Zero config DNSSEC
Zero configuration DNSSEC, YAML config files and resilient TLS upstream management
  DNS over TLS: experience from the Go6lab
  Tue 05 Sep 2017
  Media   DNS Privacy   Stubby
Jan Žorž giving Stubby a spin in this excellent article on ISOC's Deploy360 blog
  getdns-1.1.3 release
  Mon 04 Sep 2017
  Stubby
Bugfixes and Stubby in its own repository
  First release candidate for getdns-1.1.3
  Fri 25 Aug 2017
  Stubby
Bugfixes and Stubby in its own repository
  DNS Privacy daemon - Stubby
  Wed 23 Aug 2017
  Sara Dickinson   Stubby   DNS Privacy
A reference page on how to get up and running with Stubby!
  Der coole Stubby
  Fri 18 Aug 2017
  Media   DNS Privacy   Stubby
Stubby mentioned in article about progress in DNS privacy in c't magazine
  getdns-1.1.2 release
  Mon 03 Jul 2017
  Stubby
At runtime upstream statistics logging
  First release candidate for getdns-1.1.2
  Wed 28 Jun 2017
  Stubby
At runtime upstream statistics logging
  getdns-1.1.1 release
  Thu 15 Jun 2017
  Stubby
stubby.conf and DNS setup script + guidance
  First release candidate for getdns-1.1.1
  Thu 08 Jun 2017
  Stubby
stubby.conf and DNS setup script + guidance
  getdns-1.1.0 release
  Thu 13 Apr 2017
  1.1.0 release   Stubby
New features release. Functions for serving DNS. Stubby on board!
  Developing a monitoring plugin for DNS-over-TLS at the IETF hackathon
  Mon 27 Mar 2017
  Media   Hackathon   1.1.0 release   DNS Privacy
Stephane Bortzmeyer's blog post about developing a DNS-over-TLS monitor plugin at the IETF98 hackathon
  IETF98 Hackathon results
  Sun 26 Mar 2017
  Hackathon @ IETF98
  Sara Dickinson   Hackathon   1.1.0 release
Overview of the DNS hackathon projects at the IETF98
  First release candidate for getdns-1.1.0
  Thu 23 Mar 2017
  1.1.0 release   Stubby
New features release. Functions for serving DNS. Stubby on board!
  Another mention of Stubby in the register
  Tue 06 Dec 2016
  Media   Stubby   DNS Privacy
Stubby in The Register again in an article about IETF pervasive monitoring work
  The Register article about Stubby
  Tue 22 Nov 2016
  Media   Stubby   DNS Privacy
The popular UK online computer magazine theregister.co.uk published an article about Stubby
  heise.de article about Stubby
  Thu 17 Nov 2016
  Media   Stubby   DNS Privacy
The popular German online computer magazine Heise.de published an article about Stubby
  DNS Privacy
  Sun 13 Nov 2016
  Tutorial @ IETF97
  Sara Dickinson   Stubby   DNS Privacy
DNS Privacy tutorial mentioning stubby at the IETF97 in Seoul
  Stubby
  Wed 19 Oct 2016
  NANOG68
  Willem Toorop   Stubby
Introducting Stubby at the NANOG68 in Dallas
  Second alpha release for getdns-1.1.0
  Wed 19 Oct 2016
  1.1.0 release
Introducting Stubby, a Privacy and Security local end-point stub resolver
  First alpha release for getdns-1.1.0
  Thu 14 Jul 2016
  1.1.0 release
str 2 getdns type conversion functions. Configure a context by dict. Functions for creating simple servers.