tags:

views:

35

answers:

2
+1  Q: 

DNS resolver libraries with support for DNSSEC and/or experimental new RR types

What's the state of the art in DNS resolver libraries? I am particularly interested in full (not stub) resolvers that support any or all of: making multiple queries in one request packet, complete DNSSEC validation, returning detailed information about DNSSEC validation to the application, and can handle experimental new RRs without much hacking. Async queries are nice but not required.

Preferred implementation languages would be C, C++, Python, or Javascript, but I'll look at anything (I'd really rather not know about your DNS resolver in INTERCAL, though ;-) A pure-JS implementation that could run in a browser with WebSockets support would be extra awesome.

+1  A: 

The best library I know of (and it includes DNSSEC validation) is libunbound which is part of the Unbound distribution.

Note that the DNS protocol itself does not support your first requirement (multiple queries in one packet). The best you can do is use TCP and then issue multiple sequential queries over one socket.

Alnitak  2010-09-01 15:04:45
You can't put more than one thing in the query section? Is that a RFC constraint or just a "it doesn't work if you try it"?
Zack  2010-09-01 15:12:54
it's not actually prohibited by RFC 1035 (see §4.1.2), but most DNS servers (and other DNS aware devices) will crap out if they see a packet with more than one question in it.
Alnitak  2010-09-02 07:46:57
I guess I'm not getting any other answers for this, sigh.
Zack  2010-09-13 17:01:58
A: 

The DNSSEC-Tools project has a libval C library (and a corresponding perl binding) that supports multi-threaded DNSSEC enabled lookups using their API. It is distributed on many linux platforms and works on most other platforms as well.

(in fact, I'm typing this response in a version of firefox that was linked against the library to provide DNSSEC protection for Firefox).

You can't ask two questions in a single packet though. Everyone else is right about that...

Wes Hardaker  2010-10-12 20:20:46

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS