Home / Industry

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.

Verisign is pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.

At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).

Several years of community and researcher effort have led up to this introduction. The modernized, extensible DNS API specification was developed by a volunteer team of Web applications developers — the contributors included people specializing in instant messaging programs, Web browsers, and social networking systems. Its novel goal was to offer DNS programming calls adapted to the use of application developers, allowing full access to the power of the DNS ecosystem without requiring the applications developers to be deep experts in the DNS protocol.

Paul Hoffman, an application security consultant, edited the API and Verisign Labs joined in the fun over a year ago, several months before the first publication. Once it was published, we invited NLNet Labs to join us in creating an open source implementation for widespread public distribution, getdns. Hoffman and the community then updated the specification to address discoveries we made during implementation. In February 2014, we unveiled early beta code for review and in the months since we have also released an early port of getdns to iOS, and beta versions of node.js and Python language bindings. Source repositories are publicly available on github.

At its heart, getdns makes use of the DNS protocol processing of the NLNet Labs Unbound open source — Unbound is a widely used, DNS Security Extensions (DNSSEC)-centric implementation of the DNS standards. We reflect this in the phrase "Unbound Security" in the getdns logo. The double meaning: removal of the bounds that have kept applications from easy access to a global security infrastructure in the DNS.

getdns provides easy access to the powerful evolving capabilities of DNS, including the DNSSEC and DNS-based Authentication of Named Entities (DANE). In the common DNS APIs, found on most computers, the calls were last updated in 2000 (to add IPv6 addresses). With getdns, programmers can access the modern DNS. Notably, with one function call, programs can elect to perform DNSSEC validation, while still making use of the resources of their enterprise or ISP DNS resolver. getdns offers a simple set of choices, a clean abstraction of the extensive support provided by Unbound underneath.

Due to the aging of the common APIs for DNS, the powerful, modern capabilities of the system have been underutilized. This situation has contributed to the perception by some that DNS is onerous and insufficiently speedy. Another key deliverable of getdns is default asynchronous access to DNS. In the common DNS APIs, when a query is sent to the DNS, another query will not be sent until the response for the first one has been received. The getdns implementation allows programmers to select their favorite programming library for asynchronous processing, and then to send arbitrary numbers of DNS queries while waiting for responses to arrive.

Consider what this means: before your Web browser loads a Web page for the first time, it requests the look up of typically hundreds of domain names, both for the initial page and to "pre-fetch" information that you may want soon after. Instead of doing these lookups one after another, an asynchronous API means that the queries are processed as rapidly as the domain servers can reply to them.

We are at the start of a promising new chapter in the tale of the mighty domain name ecosystem. As the getdns launch continues, I look forward to bringing you more updates, including results from the TNWEurope Hack Battle. Watch this space.


About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Learn More

Related topics: DNS, DNS Security


Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Don't Gamble With Your DNS

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

What Holds Firms Back from Choosing Cloud-Based External DNS?

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Protect Your Privacy - Opt Out of Public DNS Data Collection

Measuring DNS Performance for the User Experience

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Internet Grows to 296 Million Domain Names in Q2 2015

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Introducing the Verisign DNS Firewall

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider