commit | 8d360330a53b2b55e718dd7cb671c9968caa8920 | [log] [tgz] |
---|---|---|
author | Brad House <brad@brad-house.com> | Mon Sep 09 10:04:04 2024 -0400 |
committer | GitHub <noreply@github.com> | Mon Sep 09 10:04:04 2024 -0400 |
tree | 91843f3164db10ee20fda4c33763461facf94bc5 | |
parent | 90d545c64225783f1642dbff8b8857b7eb89ae42 [diff] |
Probe for failed servers instead of redirecting query (#877) The previous implementation would redirect a query to a failed server based on a timeout and random chance per query. This could lead to issues of having to deal with server timeout scenarios when the server isn't back online yet causing latency issues. Instead, we should continue to use the known good servers for the query itself, but spawn a second query with the same question to a different downed server. That query will be able to be processed in the background and potentially bring the server back online. Also, when using the `rotate` option, servers were previously chosen at random from the complete list. This PR changes that to choose only from the servers that share the same highest priority. Authored-By: Brad House (@bradh352)
c-ares is a modern DNS (stub) resolver library, written in C. It provides interfaces for asynchronous queries while trying to abstract the intricacies of the underlying DNS protocol. It was originally intended for applications which need to perform DNS queries without blocking, or need to perform multiple DNS queries in parallel.
One of the goals of c-ares is to be a better DNS resolver than is provided by your system, regardless of which system you use. We recommend using the c-ares library in all network applications even if the initial goal of asynchronous resolution is not necessary to your application.
c-ares will build with any C89 compiler and is MIT licensed, which makes it suitable for both free and commercial software. c-ares runs on Linux, FreeBSD, OpenBSD, MacOS, Solaris, AIX, Windows, Android, iOS and many more operating systems.
c-ares has a strong focus on security, implementing safe parsers and data builders used throughout the code, thus avoiding many of the common pitfalls of other C libraries. Through automated testing with our extensive testing framework, c-ares is constantly validated with a range of static and dynamic analyzers, as well as being constantly fuzzed by OSS Fuzz.
While c-ares has been around for over 20 years, it has been actively maintained both in regards to the latest DNS RFCs as well as updated to follow the latest best practices in regards to C coding standards.
The full source code and revision history is available in our GitHub repository. Our signed releases are available in the release archives.
See the INSTALL.md file for build information.
Issues and Feature Requests should be reported to our GitHub Issues page.
Discussions around c-ares and its use, are held on GitHub Discussions or the Mailing List. Mailing List archive here. Please, do not mail volunteers privately about c-ares.
Security vulnerabilities are treated according to our Security Procedure, please email c-ares-security at haxx.se if you suspect one.
Primary GPG keys for c-ares Releasers (some Releasers sign with subkeys):
27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
DA7D64E4C82C6294CB73A20E22E3D13B5411B7CA
To import the full set of trusted release keys (including subkeys possibly used to sign releases):
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 # Daniel Stenberg gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys DA7D64E4C82C6294CB73A20E22E3D13B5411B7CA # Brad House
For each release c-ares-X.Y.Z.tar.gz
there is a corresponding c-ares-X.Y.Z.tar.gz.asc
file which contains the detached signature for the release.
After fetching all of the possible valid signing keys and loading into your keychain as per the prior section, you can simply run the command below on the downloaded package and detached signature:
% gpg -v --verify c-ares-1.29.0.tar.gz.asc c-ares-1.29.0.tar.gz gpg: enabled compatibility flags: gpg: Signature made Fri May 24 02:50:38 2024 EDT gpg: using RSA key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 gpg: using pgp trust model gpg: Good signature from "Daniel Stenberg <daniel@haxx.se>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 27ED EAF2 2F3A BCEB 50DB 9A12 5CC9 08FD B71E 12C2 gpg: binary signature, digest algorithm SHA512, key algorithm rsa2048
See Features
AAAA
Record.SRV
Record.NAPTR
Record.TLSA
Record.SVCB
and HTTPS
Records.URI
Record.CAA
Record.SIG0
Record. Only basic parser, not full implementation..onion
domain names with NXDOMAIN
.localhost
/.localhost
.ares_getaddrinfo()
.