Announce: udns 0.1 is released

Michael Tokarev mjt at tls.msk.ru
Mon Dec 27 23:03:06 MSK 2010


The version 0.1. of small dns client (stub) resolver library
has been released, after more than 3 years of inactivity.

The library is available at the usual location, see the homepage
at http://www.corpit.ru/mjt/udns.html .

This is the first "alpha" release, numbered 0.1 - first release
with just two numbers in the version.  All previous versions
were "preview" releases, with number strings in form 0.0.n.

There isn't many changes between the latest 0.0.9 version
and the newly announced 0.1 version.  Here's the brief of
the changes, also available in the NEWS document:

0.1 (Dec 2010)

 - bugfix: udns_new(old) - when actually cloning another context -
   makes the new context referencing memory from old, which leads
   to crashes when old is modified later

 - use random queue IDs (the 16bit qID) in queries instead of sequentional
   ones, based on simple pseudo-random RNG by Bob Jenkins (udns_jran.[ch]).
   Some people believe that this improves security (CVE-2008-1447).  I'm
   still not convinced (see comments in udns_resolver.c), but it isn't
   difficult to add after all.

 - deprecate dns_random16() function which was declared in udns.h
   (not anymore) but never documented.  In order to keep ABI compatible
   it is still exported.

 - library has a way now to set query flags (DNS_SET_DO; DNS_SET_CD).

 - dnsget now prints non-printable chars in all strings in DNS RRs using
   decimal escape sequences (\%03u) instead of hexadecimal (\%02x) when
   before - other DNS software does it like this.

 - recognize a few more record types in dnsget, notable some DNSSEC RRs;
   add -f option for dnsget to set query flags.

 - udns is not a Debian native package anymore (was a wrong idea)


The most important and long-discussed change is the queue ID
randomization.  I'm still against this change since it is nothing
more but a false sense of security, but many users asked for this
change, and it wasn't a big deal to implement it, so here we go.

I mentioned in the past that I want to change API of the library.
After some thinking I can now declare that it is easy to implement
these changes without breaking current API, but by adding the new
API to be available in parallel with the current one.  The API
change was my main showstopper for the 0.1 release, so now it's
gone.

As can be seen from the NEWS section above, there's just one
bugfix change, fixing a very rarely used codepath (cloning an
existing dns_ctx structure).  Other than that, there's no known
programming bugs in the library, despite the more-than-3-year
delay between previous 0.0.9 and current 0.1 releases.

So here goes the 0.1 version.

Debian packages for it are available from the home page too.

Enjoy!

/mjt


More information about the udns mailing list