From msheldon at godaddy.com  Mon Jun  7 20:33:50 2010
From: msheldon at godaddy.com (Michael Sheldon)
Date: Mon, 07 Jun 2010 13:33:50 -0700
Subject: [ldns-users] =?utf-8?q?Inconsistency_in_ldns=5Fzone=5Fsign=5Fnsec?=
	=?utf-8?q?3?=
Message-ID: <20100607133350.205a61dff9fc1684c258b274662bb912.1c05304156.wbe@email.secureserver.net>

The function ldns_zone_sign_nsec3 creates a new signed copy of the
original unsigned zone. In doing so, it clones all of the original RR
records, EXCEPT, it does not clone the SOA record. For that record it
just copies the pointer.

This means if you do a deep free of both the original and the signed
zone, a segfault results. I'm currently working around it by setting the
SOA to NULL after freeing the first copy of the zone.

Michael Sheldon
Dev-DNS Services
GoDaddy.com



From matthijs at NLnetLabs.nl  Tue Jun 15 08:07:21 2010
From: matthijs at NLnetLabs.nl (Matthijs Mekking)
Date: Tue, 15 Jun 2010 10:07:21 +0200
Subject: [ldns-users] ldns 1.6.5 released
Message-ID: <4C1734B9.2020804@nlnetlabs.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

We are pleased to announce ldns 1.6.5.

http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.5.tar.gz
sha1: 267eea7a8a7af5a373aed6c26084ed9e43bddc4d

It comes with:
* Support for GOST with the correct algorithm numbers, but it is
currently disabled by default (you can enable it with --enable-gost).
* Support for a new RRtype, TALINK.
* An extensive list of bugfixes, see the Changelog (in the source or on
the website) for more information.

Best regards,

Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMFzS5AAoJEA8yVCPsQCW5IuwIAMqRDCF+aTl7Dzqbr5a5JCMI
SR6Gu7jI7wmZtpsu3onM23ovNrebIQJEGiQ5nCV465OIe+6WaWbaZ45/OIKR85Ls
0loYaVP/XwPRMlpJNVlB5SmeMohTicwa+cj9mJdxAxvyJzFyTeG/aHGzxLN+AAHM
FREhS3L8RlSE1hxwTtBjiU37/4OMD9ghEobq+BauF72LBLoo6SQ4Nq3bSBwq8DxR
R7+ZqwrmTsHA9yUn8FXAtx4lRRMWZgJJdJVe6cR3tU2MwpeuWiw6Y0ws4PloEBJF
OZ/U/JtPHzsElXifwh4R5f/JsBTNW8sbRlMKt/O21udQJEidMaUe6Sl/pr7ygao=
=c9Hw
-----END PGP SIGNATURE-----


From dennis.knorr at gmx.net  Tue Jun 15 11:58:12 2010
From: dennis.knorr at gmx.net (Dennis Knorr)
Date: Tue, 15 Jun 2010 13:58:12 +0200
Subject: [ldns-users] trusted-keys fileformat?
Message-ID: <4C176AD4.80307@gmx.net>

Hi,
i wanted to validate a dlv-domain which ist secured via dlv.isc.org.
I got the key from the website, but it seems it has not the right format?

I used
https://dlv.isc.org/about/using in 3. the trusted-key with the 
bind-syntax. But i didn't find any documentation about that.

thx


From paul at xelerance.com  Tue Jun 15 15:33:14 2010
From: paul at xelerance.com (Paul Wouters)
Date: Tue, 15 Jun 2010 11:33:14 -0400 (EDT)
Subject: [ldns-users] trusted-keys fileformat?
In-Reply-To: <4C176AD4.80307@gmx.net>
References: <4C176AD4.80307@gmx.net>
Message-ID: <alpine.LFD.1.10.1006151130230.29711@newtla.xelerance.com>

On Tue, 15 Jun 2010, Dennis Knorr wrote:

> i wanted to validate a dlv-domain which ist secured via dlv.isc.org.
> I got the key from the website, but it seems it has not the right format?
>
> I used
> https://dlv.isc.org/about/using in 3. the trusted-key with the bind-syntax. 
> But i didn't find any documentation about that.

As far as I know, ldns does not do validation. For that you will need
libunbound (if you want a library) or unbound (if you want a validating resolver)

For unbound:

-bash-3.2# cat /etc/unbound/dlv.isc.org.key 
; https://secure.isc.org/ops/dlv/dlv.isc.org.key
dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh

-bash-3.2# grep dlv /etc/unbound/unbound.conf
 	dlv-anchor-file: "/etc/unbound/dlv.isc.org.key"
 	# Downloaded from https://secure.isc.org/ops/dlv/dlv.isc.org.key

Paul


From marius.rieder at durchmesser.ch  Sun Jun 27 16:09:10 2010
From: marius.rieder at durchmesser.ch (Marius Rieder)
Date: Sun, 27 Jun 2010 18:09:10 +0200
Subject: [ldns-users] output in ldns_resolver_query
Message-ID: <4C2777A6.40606@durchmesser.ch>

Hi,

In line 916 of resolver.c [1] there is a fprintf to stderr. Is this a
leftover from a debugging process? If _defnames is set, but the domain
is not, there will be no such fprintf to stderr. I prefer to print a
error message myself in my code and not get it printed from the library.

 [1]
http://open.nlnetlabs.nl/projects/ldns/doc/resolver_8c_source.html#l00916

- Marius

-- 
   ~o__O                 Marius Rieder                  O__o~
    |vV|           http://www.durchmesser.ch/           |vV|
   /]  |         <marius.rieder at durchmesser.ch>         |  [\
---/|--|\--------[ Dance first.  Think later. ]--------/|--|\---


From wouter at NLnetLabs.nl  Mon Jun 28 07:11:34 2010
From: wouter at NLnetLabs.nl (W.C.A. Wijngaards)
Date: Mon, 28 Jun 2010 09:11:34 +0200
Subject: [ldns-users] output in ldns_resolver_query
In-Reply-To: <4C2777A6.40606@durchmesser.ch>
References: <4C2777A6.40606@durchmesser.ch>
Message-ID: <4C284B26.80503@nlnetlabs.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Marius,

Removed the fprintf.  It is probably a leftover from debugging, since
the status is not returned to the caller.

Best regards,
   Wouter

On 06/27/2010 06:09 PM, Marius Rieder wrote:
> Hi,
> 
> In line 916 of resolver.c [1] there is a fprintf to stderr. Is this a
> leftover from a debugging process? If _defnames is set, but the domain
> is not, there will be no such fprintf to stderr. I prefer to print a
> error message myself in my code and not get it printed from the library.
> 
>  [1]
> http://open.nlnetlabs.nl/projects/ldns/doc/resolver_8c_source.html#l00916
> 
> - Marius
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkwoSyYACgkQkDLqNwOhpPh1wgCgpnQ4HuNcMP3FzJ24gRmmIQnQ
g6kAoJOGRT3lwvIrIwccfWSVuLQvyw4R
=gUZr
-----END PGP SIGNATURE-----


From jason.khallouf at ausregistry.com.au  Tue Jun 29 04:05:12 2010
From: jason.khallouf at ausregistry.com.au (Jason Khallouf)
Date: Tue, 29 Jun 2010 14:05:12 +1000
Subject: [ldns-users] Dynamic updates using the Resolver module
Message-ID: <8CEF048B9EC83748B1517DC64EA130FB3F59392DF6@off-win2003-01.ausregistrygroup.local>

Hi everyone,

After working with the ldns-update sample and looking over the ldns source I was wondering if there are any issues with using the Net module directly for dynamic DNS updates.  The design page indicates that client applications are supposed to use it through the Resolver module (as per the sample app), but most of the resolver's functionality isn't necessary for updating a single name server. Using resolver also means that a failed update blacklists the name server, which is undesirable in this case.  The other option is to call ldns_resolver_set_rtt(r, LDNS_RESOLV_RTT_MIN) before every send, which is a little kludgy.

Thanks,

Jason Khallouf
AusRegistry