From matthijs at NLnetLabs.nl Mon Nov 8 11:28:32 2010 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Mon, 08 Nov 2010 12:28:32 +0100 Subject: [ldns-users] ldns 1.6.7 released Message-ID: <4CD7DEE0.40108@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, ldns 1.6.7 is out. Mainly bugfixes. See below for the Changelog. You can download it at: http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.7.tar.gz sha1sum: 667173af99641997de248d211da0705874d1f030 Best regards, Matthijs Changelog * EXPERIMENTAL ecdsa implementation, please do not enable on real servers. * GOST code enabled by default (RFC 5933). * bugfix #326: ignore whitespace between directives and their values. * Header comment to advertise ldns_axfr_complete to check for successfully completed zone transfers. * read resolv.conf skips interface labels, e.g. %eth0. * Fix drill verify NSEC3 denials. * Use closesocket() on windows. * Add ldns_get_signing_algorithm_by_name that understand aliases, names changed to RFC names and aliases for compatibility added. * bugfix: don't print final dot if the domain is relative. * bugfix: resolver search continue when packet rcode != NOERROR. * bugfix: resolver push all domains in search directive to list. * bugfix: resolver search by default includes the root domain. * bugfix: tcp read could fail on single octet recv. * bugfix: read of RR in unknown syntax with missing fields. * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next() to sign and verify TSIG RRs on subsequent messages (section 4.4, RFC 2845). * bugfix: signer sigs nsecs with zsks only. * bugfix #333: fix ldns_dname_absolute for name ending with backslash. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJM197fAAoJEA8yVCPsQCW5mtsH/iS73+uQtyByOoexUE6UBVkB f/8NBfdF0r8rizRoMVzGujtKNsYYnfIlHwC7jxfczL+gb+mJ05E4D39HzaV016jr pAh4Z7dj8rPE6u08XScgEzlPFAXnwKR0LTXgXEMse5bfzLgcXh13shNxKBK4FTs0 UUTdw5KJb2v7l+YOCgWUdkmoo2hQ4sp+GLIIfhqd7rV95scGPnA7ICYZqMRO+PZP oiRYscpf5tzCCKn0RnGAF2OtfBixB0oFrQiuRjs2uvqSeyEdBAPl2P0r+crADjvk BVzDHZkeK9NMgUF4WB6SOQnGwtGtoQ81bW3BDiTC/bJTAxf4OgIqCzf1SP7dB4s= =J6fc -----END PGP SIGNATURE----- From matthijs at NLnetLabs.nl Mon Nov 8 11:28:37 2010 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Mon, 08 Nov 2010 12:28:37 +0100 Subject: [ldns-users] ldns 1.6.7 released Message-ID: <4CD7DEE5.3070400@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, ldns 1.6.7 is out. Mainly bugfixes. See below for the Changelog. You can download it at: http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.7.tar.gz sha1sum: 667173af99641997de248d211da0705874d1f030 Best regards, Matthijs Changelog * EXPERIMENTAL ecdsa implementation, please do not enable on real servers. * GOST code enabled by default (RFC 5933). * bugfix #326: ignore whitespace between directives and their values. * Header comment to advertise ldns_axfr_complete to check for successfully completed zone transfers. * read resolv.conf skips interface labels, e.g. %eth0. * Fix drill verify NSEC3 denials. * Use closesocket() on windows. * Add ldns_get_signing_algorithm_by_name that understand aliases, names changed to RFC names and aliases for compatibility added. * bugfix: don't print final dot if the domain is relative. * bugfix: resolver search continue when packet rcode != NOERROR. * bugfix: resolver push all domains in search directive to list. * bugfix: resolver search by default includes the root domain. * bugfix: tcp read could fail on single octet recv. * bugfix: read of RR in unknown syntax with missing fields. * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next() to sign and verify TSIG RRs on subsequent messages (section 4.4, RFC 2845). * bugfix: signer sigs nsecs with zsks only. * bugfix #333: fix ldns_dname_absolute for name ending with backslash. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJM197lAAoJEA8yVCPsQCW5qwUH/R/In3Ox4FSdRWexuWW9XgwN 5NA2G7tjiyN8jggUNkK525iPW6C9NtomGlT20BTv5RT5Wy8Ow0tHwJID20rKXx9L Oj3Zxp7OSYi40OWHUoUkqXCzpMUeh4rAszvPtTRvXOhs3BXqfMayLNnhoc6NzURI eu02Nc2IJ/Qyuxkh50GemJItyO0WRTg/Cq8Wf+wXr8WoOYJ3IfTKdUzF3smllvgZ B2UVeFys1KaSX2XphC3JNSIb5h2E8JueKcPt55n7NZKioeU8rsDgWrvRa60CX4A8 DKIyCnfCQCat0DYU86nvAA0M5c3PdpZ0yfUC567ONk/i/BCesjm1RWxBjrEmxA4= =Trh3 -----END PGP SIGNATURE----- From zbynek.michl at nic.cz Thu Nov 11 16:20:20 2010 From: zbynek.michl at nic.cz (Zbynek Michl) Date: Thu, 11 Nov 2010 17:20:20 +0100 Subject: [ldns-users] ldns does not use random source ports Message-ID: <4CDC17C4.6080100@nic.cz> Hi, ldns resolver does not use bind() function with random generated port number when sending a packet. Would not be better to implement it as randomly as it is in unbound? Currently on Linux it is ok, because system generates port numbers randomly itself, however other systems (Mac OS X, Windows) just increment port numbers (except port is in use already). Regards, Zbynek From matthijs at NLnetLabs.nl Mon Nov 15 08:52:49 2010 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Mon, 15 Nov 2010 09:52:49 +0100 Subject: [ldns-users] ldns does not use random source ports In-Reply-To: <4CDC17C4.6080100@nic.cz> References: <4CDC17C4.6080100@nic.cz> Message-ID: <4CE0F4E1.2080000@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Zbynek, Why would you want port randomization in ldns? This feature is useful for non-validating resolvers, something that the ldns resolver is not suitable for. The ldns resolver is useful for dns tools, such as drill and the example tools. If you want to deploy a resolver, I'd recommend you to use Unbound. Best regards, Matthijs On 11/11/2010 05:20 PM, Zbynek Michl wrote: > Hi, > > ldns resolver does not use bind() function with random generated port > number when sending a packet. Would not be better to implement it as > randomly as it is in unbound? > > Currently on Linux it is ok, because system generates port numbers > randomly itself, however other systems (Mac OS X, Windows) just > increment port numbers (except port is in use already). > > Regards, > Zbynek > _______________________________________________ > ldns-users mailing list > ldns-users at open.nlnetlabs.nl > http://open.nlnetlabs.nl/mailman/listinfo/ldns-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJM4PThAAoJEA8yVCPsQCW5eTUIANi4H1eYwCoO5T9Lgxxi17XB tMzp6OKq5Mp1ipyS2TGBbYpTgKnqboN4+sNGQIaU4xSEuvU8rJVOErAxTdb76plG g8k6vzeAWndEXyBar8qvIAsgdM2tTIC7Ce/UHuTNW0T89qyQywzrXjsDiMpgIxfw BjB74R0PD9CGyobRxXrk2RvlivduDjvi1icix/YcH66RspywzlXhxp7X8bCu9bhT AgvOjF6BzBztCQeGT5Y1tM1PfheCwIujjHJVS4SW93Dt05AATznMlw8juSZXjKFC ACTN+dG1AB3X8ErQW12Ezm/uToZ9890wUz/PGVIrqTkV6ITe+DD4U+VTA6vtW6c= =UfDl -----END PGP SIGNATURE----- From pasja at digitus.itk.ppke.hu Mon Nov 29 22:00:52 2010 From: pasja at digitus.itk.ppke.hu (=?ISO-8859-2?Q?P=E1sztor_J=E1nos?=) Date: Mon, 29 Nov 2010 23:00:52 +0100 Subject: [ldns-users] Drill date strageness Message-ID: <4CF42294.7070106@digitus.itk.ppke.hu> Hi, Today i've made some experiment with drill, and found some strange dates in the answers. I've made a trace to the domain 'se.' form the root, with verbosity 5. And i've found that all dates are ';; WHEN: Thu Jan 1 01:00:00 1970' After i repeat the experiment with dig, and it printed out the correct dates. I've attached the two replies. I use debian 5.0.7, ldns 1.6.7 and DiG 9.7.1-P2 Is this intentional? Best regards, J?nos -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: bind URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: drill URL: