[ldns-users] ldns 1.6.17 released

Willem Toorop willem at nlnetlabs.nl
Fri Jan 10 22:12:13 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear maintainers and users of ldns software,

I am pleased to announce that version 1.6.17 of ldns is now available.

Besides many bug fixes the most prominent new features are:
- - A new option to drill (-I) to query from a specific source address
- - All RR types registered at IANA are now implemented: HIP, NINFO, RKEY,
  CDS, EUI48, EUI64, TKEY, URI, CAA and TA, but RR types which are
  still draft need to be explicitly enabled with configure options:
  --enable-rrtype-ninfo
  --enable-rrtype-rkey
  --enable-rrtype-cds
  --enable-rrtype-uri
  --enable-rrtype-ta
- - Much better performance of ldns-verify-zone with bigger NSEC3 zones
  from NIC MX.
- - Perl5 bindings from Erik Ostlyngen. Enable with --with-p5-dns-ldns

I hope this release will be useful for you and that you will keep us
informed of your experiences.

Best regards,

Willem Toorop

link: http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.17.tar.gz
sha1: 4218897b3c002aadfc7280b3f40cda829e05c9a4

Changelog:
==========
* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
  zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
* Add --disable-dane option to configure and check availability of the
  for dane needed X509_check_ca function in openssl.
* bugfix #490: Get rid of type-punned pointer warnings.
  Thanks Adam Tkac.
* Make sure executables are linked against libcrypto with the
  LIBSSL_LDFLAGS. Thanks Leo Baltus.
* Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
* README now shows preferred way to configure for examples and drill.
* Bind to source address for resolvers. drill binds to source with -I.
  Thanks Bryan Duff.
* -T option for ldns-dane that has specific exit status for PKIX
  validated connections without (secure) TLSA records.
* Fix b{32,64}_{ntop,pton} detection and handling.
* New RR type TKEY, but without operational practice.
* New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
* New output format flag (and accompanying functions) to print certain
  RR's as unknown type
* -u and -U parameter for ldns-read-zone to mark/unmark a RR type
  for printing as unknown type
* bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
* bugfix #497: Properly test for EOF when reading key files with drill.
* New functions: ldns_pkt_ixfr_request_new and
  ldns_pkt_ixfr_request_new_frm_str.
* Use SNI with ldns-dane
* bugfix #507: ldnsx Fix use of non-existent variables and not
  properly referring to instance variable.  Patch from shussain.
* bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
  dictionary.  Patch from shussain.
* bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
  file pointer.
* Fix memory leak in contrib/python: ldns_pkt.new_query.
* Fix buffer overflow in fget_token and bget_token.
* ldns-verify-zone NSEC3 checking from quadratic to linear performance.
  Thanks NIC MX (nicmexico.mx)
* ldns-dane setup new ssl session for each new connect to prevent hangs
* bugfix #521: drill trace continue on empty non-terminals with NSEC3
* bugfix #525: Fix documentation of ldns_resolver_set_retry
* Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
* Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
* Configure option to build perl bindings: --with-p5-dns-ldns
  (DNS::LDNS is a contribution from Erik Ostlyngen)
* bugfix #527: Move -lssl before -lcrypto when linking
* Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
* Compare names case insensitive with ldns_pkt_rr_list_by_name and
  ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
* A separate --enable for each draft RR type: --enable-rrtype-ninfo,
  --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
  --enable-rrtype-ta
* bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
* Adjust ldns_sha1() so that the input data is not modified (Thanks
  Marc Buijsman)
* Messages to stderr are now off by default and can be reenabled with
  the --enable-stderr-msgs configure option.


pyldns Changelog:
=================
* Added ldns_rdf.data_as_bytearray(). The method returns a bytearray
  object containing rdf data.
* Changed the behaviour of ldns_resolver.trusted_key() in order to
  prevent memory corrupotion and leaks.
* Fixed memory leaks when destroying ldns_resolver.
* Removed ldns_pkt.section_count(), ldns_resolver.set_searchlist_count()
  because it is marked static in the library.
* Added ldns_pkt.new(), ldns_resolver.new().
* Marked as returning new object ldns_pkt.get_section_clone(),
  ldns_resolver.get_addr_by_name(), ldns_resolver.get_name_by_addr(),
  ldns_resolver.search().
* Added push cloning for ldns_pkt.safe_push_rr(),
  ldns_pkt.safe_push_rr_list(), ldns_pkt.set_additional(),
  ldns_pkt.set_answer(), ldns_pkt.set_answerfrom(),
  ldns_pkt.set_authority(), ldns_pkt.set_edns_data(),
  ldns_pkt.set_question(), ldns_pkt.set_tsig(),
  ldns_resolver.set_dnssec_anchors(), ldns_resolver.set_domain().
* Added pull cloning for ldns_pkt.answerfrom(), ldns_pkt.edns_data(),
  ldns_pkt.tsig(), ldns_resolver.axfr_last_pkt(),
  ldns_resolver.dnssec_anchors(), ldns_resolver.domain(),
  ldns_resolver.tsig_algorithm(), ldns_resolver.tsig_keydata(),
  ldns_resolver.tsig_keyname().
* Method ldns_rdf.reverse() now throws an exception when not applied
  on dname rdfs. This is to prevent assertion fails in ldns' C code.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS0HA3AAoJEOX4+CEvd6SYOE8P/3AHi/8WJ+XZB+Ow+na2gVEW
Cy6HI4yTnbbsHzlJgDtrGcU6eWqO0YNCVQcsWCI+1yWRNSMVpD3GtBn5edcQDkVg
ox3B4/guXYSmnKTonnbAS0sen3vLNNnc7Q5YMH2dIXO1brMaA1stLTGtOV4KsOMg
HOorYsVXq+Cp80uPjbelnpgzcoTp4s/J1fBIVm1npTZ6EVRDFkhmbw5K96vst7Li
ITVtsEkPNfV0qRDzHJWPAWz9a8yR6hJzsc2MQ3RjROWQK8UtXBQeOI7fSnMauytR
tFMgDyKpjj/u6lqM9dK2A+XBiTKL20X94VpFvI84rVtId6w5qjbtwrRcP11fRTut
uwpR2Fh3G2rD3lZR6DMNxfNFSt6uKuJVMHdV89IB2Qo1Nv69mIyBeJ8DuluZ0pak
kudWD3fmv9i3IGvmHXF3Q9TJFyg5ET+uxOqxdGhNPr4vRE41mTA3kPmgSlYr22ey
givftEDL8Fi/WqjyNGfF2BxmVocIPDbuTsgBH6jN6yns59RB+fP/aYFrKQrj15im
fXdW+Z7+GDwfO+sYdRiiBgeVH0N1qFexsbwD2yOGnPOHCkFbL1nRmc+hY5iDGqco
GoE8Cm0+4nzQWOycB/c01qc9NH6LPnIonJa+kgIDmzvJ3ruyrsVxFFaWzZBEnQJL
cjVU+2TUIVOQviSJSl61
=z93v
-----END PGP SIGNATURE-----

More information about the ldns-users mailing list