mirror of https://github.com/c-ares/c-ares.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
151 lines
7.5 KiB
151 lines
7.5 KiB
# [![c-ares logo](https://c-ares.org/art/c-ares-logo.svg)](https://c-ares.org/) |
|
|
|
[![Build Status](https://api.cirrus-ci.com/github/c-ares/c-ares.svg?branch=main)](https://cirrus-ci.com/github/c-ares/c-ares) |
|
[![Windows Build Status](https://ci.appveyor.com/api/projects/status/aevgc5914tm72pvs/branch/main?svg=true)](https://ci.appveyor.com/project/c-ares/c-ares/branch/main) |
|
[![Coverage Status](https://coveralls.io/repos/github/c-ares/c-ares/badge.svg?branch=main)](https://coveralls.io/github/c-ares/c-ares?branch=main) |
|
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/291/badge)](https://bestpractices.coreinfrastructure.org/projects/291) |
|
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/c-ares.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:c-ares) |
|
[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=c-ares_c-ares&metric=bugs)](https://sonarcloud.io/summary/new_code?id=c-ares_c-ares) |
|
[![Coverity Scan Status](https://scan.coverity.com/projects/c-ares/badge.svg)](https://scan.coverity.com/projects/c-ares) |
|
|
|
- [Overview](#overview) |
|
- [Code](#code) |
|
- [Communication](#communication) |
|
- [Release Keys](#release-keys) |
|
- [Verifying signatures](#verifying-signatures) |
|
- [Features](#features) |
|
- [RFCs and Proposals](#supported-rfcs-and-proposals) |
|
|
|
## Overview |
|
[c-ares](https://c-ares.org) is a modern DNS (stub) resolver library, written in |
|
C. It provides interfaces for asynchronous queries while trying to abstract the |
|
intricacies of the underlying DNS protocol. It was originally intended for |
|
applications which need to perform DNS queries without blocking, or need to |
|
perform multiple DNS queries in parallel. |
|
|
|
One of the goals of c-ares is to be a better DNS resolver than is provided by |
|
your system, regardless of which system you use. We recommend using |
|
the c-ares library in all network applications even if the initial goal of |
|
asynchronous resolution is not necessary to your application. |
|
|
|
c-ares will build with any C89 compiler and is [MIT licensed](LICENSE.md), |
|
which makes it suitable for both free and commercial software. c-ares runs on |
|
Linux, FreeBSD, OpenBSD, MacOS, Solaris, AIX, Windows, Android, iOS and many |
|
more operating systems. |
|
|
|
c-ares has a strong focus on security, implementing safe parsers and data |
|
builders used throughout the code, thus avoiding many of the common pitfalls |
|
of other C libraries. Through automated testing with our extensive testing |
|
framework, c-ares is constantly validated with a range of static and dynamic |
|
analyzers, as well as being constantly fuzzed by [OSS Fuzz](https://github.com/google/oss-fuzz). |
|
|
|
While c-ares has been around for over 20 years, it has been actively maintained |
|
both in regards to the latest DNS RFCs as well as updated to follow the latest |
|
best practices in regards to C coding standards. |
|
|
|
## Code |
|
|
|
The full source code and revision history is available in our |
|
[GitHub repository](https://github.com/c-ares/c-ares). Our signed releases |
|
are available in the [release archives](https://c-ares.org/download/). |
|
|
|
|
|
See the [INSTALL.md](INSTALL.md) file for build information. |
|
|
|
## Communication |
|
|
|
**Issues** and **Feature Requests** should be reported to our |
|
[GitHub Issues](https://github.com/c-ares/c-ares/issues) page. |
|
|
|
**Discussions** around c-ares and its use, are held on |
|
[GitHub Discussions](https://github.com/c-ares/c-ares/discussions/categories/q-a) |
|
or the [Mailing List](https://lists.haxx.se/mailman/listinfo/c-ares). Mailing |
|
List archive [here](https://lists.haxx.se/pipermail/c-ares/). |
|
Please, do not mail volunteers privately about c-ares. |
|
|
|
**Security vulnerabilities** are treated according to our |
|
[Security Procedure](SECURITY.md), please email c-ares-security at |
|
haxx.se if you suspect one. |
|
|
|
|
|
## Release keys |
|
|
|
Primary GPG keys for c-ares Releasers (some Releasers sign with subkeys): |
|
|
|
* **Daniel Stenberg** <<daniel@haxx.se>> |
|
`27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2` |
|
* **Brad House** <<brad@brad-house.com>> |
|
`DA7D64E4C82C6294CB73A20E22E3D13B5411B7CA` |
|
|
|
To import the full set of trusted release keys (including subkeys possibly used |
|
to sign releases): |
|
|
|
```bash |
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 # Daniel Stenberg |
|
gpg --keyserver hkps://keys.openpgp.org --recv-keys DA7D64E4C82C6294CB73A20E22E3D13B5411B7CA # Brad House |
|
``` |
|
|
|
### Verifying signatures |
|
|
|
For each release `c-ares-X.Y.Z.tar.gz` there is a corresponding |
|
`c-ares-X.Y.Z.tar.gz.asc` file which contains the detached signature for the |
|
release. |
|
|
|
After fetching all of the possible valid signing keys and loading into your |
|
keychain as per the prior section, you can simply run the command below on |
|
the downloaded package and detached signature: |
|
|
|
```bash |
|
% gpg -v --verify c-ares-1.29.0.tar.gz.asc c-ares-1.29.0.tar.gz |
|
gpg: enabled compatibility flags: |
|
gpg: Signature made Fri May 24 02:50:38 2024 EDT |
|
gpg: using RSA key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 |
|
gpg: using pgp trust model |
|
gpg: Good signature from "Daniel Stenberg <daniel@haxx.se>" [unknown] |
|
gpg: WARNING: This key is not certified with a trusted signature! |
|
gpg: There is no indication that the signature belongs to the owner. |
|
Primary key fingerprint: 27ED EAF2 2F3A BCEB 50DB 9A12 5CC9 08FD B71E 12C2 |
|
gpg: binary signature, digest algorithm SHA512, key algorithm rsa2048 |
|
``` |
|
|
|
## Features |
|
### Supported RFCs and Proposals |
|
- [RFC1035](https://datatracker.ietf.org/doc/html/rfc7873). |
|
Initial/Base DNS RFC |
|
- [RFC2671](https://datatracker.ietf.org/doc/html/rfc2671), |
|
[RFC6891](https://datatracker.ietf.org/doc/html/rfc6891). |
|
EDNS0 option (meta-RR) |
|
- [RFC3596](https://datatracker.ietf.org/doc/html/rfc3596). |
|
IPv6 Address. `AAAA` Record. |
|
- [RFC2782](https://datatracker.ietf.org/doc/html/rfc2782). |
|
Server Selection. `SRV` Record. |
|
- [RFC3403](https://datatracker.ietf.org/doc/html/rfc3403). |
|
Naming Authority Pointer. `NAPTR` Record. |
|
- [RFC6698](https://datatracker.ietf.org/doc/html/rfc6698). |
|
DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol. |
|
`TLSA` Record. |
|
- [RFC9460](https://datatracker.ietf.org/doc/html/rfc9460). |
|
General Purpose Service Binding, Service Binding type for use with HTTPS. |
|
`SVCB` and `HTTPS` Records. |
|
- [RFC7553](https://datatracker.ietf.org/doc/html/rfc7553). |
|
Uniform Resource Identifier. `URI` Record. |
|
- [RFC6844](https://datatracker.ietf.org/doc/html/rfc6844). |
|
Certification Authority Authorization. `CAA` Record. |
|
- [RFC2535](https://datatracker.ietf.org/doc/html/rfc2535), |
|
[RFC2931](https://datatracker.ietf.org/doc/html/rfc2931). |
|
`SIG0` Record. Only basic parser, not full implementation. |
|
- [RFC7873](https://datatracker.ietf.org/doc/html/rfc7873), |
|
[RFC9018](https://datatracker.ietf.org/doc/html/rfc9018). |
|
DNS Cookie off-path dns poisoning and amplification mitigation. *In progress*. |
|
- [draft-vixie-dnsext-dns0x20-00](https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00). |
|
DNS 0x20 query name case randomization to prevent cache poisioning attacks. |
|
- [RFC7686](https://datatracker.ietf.org/doc/html/rfc7686). |
|
Reject queries for `.onion` domain names with `NXDOMAIN`. |
|
- [RFC2606](https://datatracker.ietf.org/doc/html/rfc2606), |
|
[RFC6761](https://datatracker.ietf.org/doc/html/rfc6761). |
|
Special case treatment for `localhost`/`.localhost`. |
|
- [RFC2308](https://datatracker.ietf.org/doc/html/rfc2308), |
|
[RFC9520](https://datatracker.ietf.org/doc/html/rfc9520). |
|
Negative Caching of DNS Resolution Failures. |
|
- [RFC6724](https://datatracker.ietf.org/doc/html/rfc6724). |
|
IPv6 address sorting as used by `ares_getaddrinfo()`.
|
|
|