Home / Industry

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

Verisign is pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.

At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).

Several years of community and researcher effort have led up to this introduction. The modernized, extensible DNS API specification was developed by a volunteer team of Web applications developers — the contributors included people specializing in instant messaging programs, Web browsers, and social networking systems. Its novel goal was to offer DNS programming calls adapted to the use of application developers, allowing full access to the power of the DNS ecosystem without requiring the applications developers to be deep experts in the DNS protocol.

Paul Hoffman, an application security consultant, edited the API and Verisign Labs joined in the fun over a year ago, several months before the first publication. Once it was published, we invited NLNet Labs to join us in creating an open source implementation for widespread public distribution, getdns. Hoffman and the community then updated the specification to address discoveries we made during implementation. In February 2014, we unveiled early beta code for review and in the months since we have also released an early port of getdns to iOS, and beta versions of node.js and Python language bindings. Source repositories are publicly available on github.

At its heart, getdns makes use of the DNS protocol processing of the NLNet Labs Unbound open source — Unbound is a widely used, DNS Security Extensions (DNSSEC)-centric implementation of the DNS standards. We reflect this in the phrase "Unbound Security" in the getdns logo. The double meaning: removal of the bounds that have kept applications from easy access to a global security infrastructure in the DNS.

getdns provides easy access to the powerful evolving capabilities of DNS, including the DNSSEC and DNS-based Authentication of Named Entities (DANE). In the common DNS APIs, found on most computers, the calls were last updated in 2000 (to add IPv6 addresses). With getdns, programmers can access the modern DNS. Notably, with one function call, programs can elect to perform DNSSEC validation, while still making use of the resources of their enterprise or ISP DNS resolver. getdns offers a simple set of choices, a clean abstraction of the extensive support provided by Unbound underneath.

Due to the aging of the common APIs for DNS, the powerful, modern capabilities of the system have been underutilized. This situation has contributed to the perception by some that DNS is onerous and insufficiently speedy. Another key deliverable of getdns is default asynchronous access to DNS. In the common DNS APIs, when a query is sent to the DNS, another query will not be sent until the response for the first one has been received. The getdns implementation allows programmers to select their favorite programming library for asynchronous processing, and then to send arbitrary numbers of DNS queries while waiting for responses to arrive.

Consider what this means: before your Web browser loads a Web page for the first time, it requests the look up of typically hundreds of domain names, both for the initial page and to "pre-fetch" information that you may want soon after. Instead of doing these lookups one after another, an asynchronous API means that the queries are processed as rapidly as the domain servers can reply to them.

We are at the start of a promising new chapter in the tale of the mighty domain name ecosystem. As the getdns launch continues, I look forward to bringing you more updates, including results from the TNWEurope Hack Battle. Watch this space.

About Verisign

Verisign

As the global leader in domain names, Verisign powers the invisible navigation that takes people to where they want to go on the Internet. For more than 15 years, Verisign has operated the infrastructure for a portfolio of top-level domains that today include .com, .net, .tv, .edu, .gov, .jobs, .name and .cc, as well as two of the world's 13 Internet root servers. Verisign's product suite also includes Distributed Denial of Service (DDoS) Protection Services, iDefense Security Intelligence Services and Managed DNS. (Learn More)

Related topics: DNS, DNS Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

Nominum Announces Future Ready DNS

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Dyn Acquires Internet Intelligence Company, Renesys

Why We Decided to Stop Offering Free Accounts

Tony Kirsch Announced As Head of Global Consulting of ARI Registry Services

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Dyn Acquires Managed DNS Provider Nettica

Why Managed DNS Means Secure DNS

SPECIAL: Video Interviews from NamesCon 2014 in Las Vegas

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

Dyn Announces Largest Quarter In Company History

Diversity, Openness and vBSDcon 2013

How Does Dyn Deliver on Powering the Internet? By Investing in Standards Organizations Like the IETF

Neustar's Proposal for New gTLD Collision Risk Mitigation

Dyn Announces the Opening of New Data Center in Mumbai, India

15 Facts About .net to Celebrate 15 Million Registrations

SPECIAL: Updates from the ICANN Meetings in Durban

Sponsored Topics