| The resolver in the GNU C Library |
| ********************************* |
| |
| Starting with version 2.2, the resolver in the GNU C Library comes |
| from BIND 8. Only a subset of the src/lib/resolv part of libbind is |
| included here; basically the parts that are needed to provide the |
| functionality present in the resolver from BIND 4.9.7 that was |
| included in the previous release of the GNU C Library, augmented by |
| the parts needed to provide thread-safety. This means that support |
| for things as dynamic DNS updates and TSIG keys isn't included. If |
| you need those facilities, please take a look at the full BIND |
| distribution. |
| |
| |
| Differences |
| =========== |
| |
| The resolver in the GNU C Library still differs from what's in BIND |
| 8.2.3-T5B: |
| |
| * The RES_DEBUG option (`options debug' in /etc/resolv.conf) has been |
| disabled. |
| |
| * The resolver in glibc allows underscores in domain names. |
| |
| * The <resolv.h> header in glibc includes <netinet/in.h> and |
| <arpa/nameser.h> to make it self-contained. |
| |
| * The `res_close' function in glibc only tries to close open files |
| referenced through `_res' if the RES_INIT bit is set in |
| `_res.options'. This fixes a potential security bug with programs |
| that bogusly call `res_close' without initialising the resolver |
| state first. Note that the thread-safe `res_nclose' still doesn't |
| check the RES_INIT bit. By the way, you're not really supposed to |
| call `res_close/res_nclose' directly. |
| |
| * The resolver in glibc can connect to a nameserver over IPv6. Just |
| specify the IPv6 address in /etc/resolv.conf. You cannot change the |
| address of an IPv6 nameserver dynamically in your program though. |
| |
| |
| Using the resolver in multi-threaded code |
| ========================================= |
| |
| The traditional resolver interfaces `res_query', `res_search', |
| `res_mkquery', `res_send' and `res_init', used a static (global) |
| resolver state stored in the `_res' structure. Therefore, these |
| interfaces are not thread-safe. Therefore, BIND 8.2 introduced a set |
| of "new" interfaces `res_nquery', `res_nsearch', `res_nmkquery', |
| `res_nsend' and `res_ninit' that take a `res_state' as their first |
| argument, so you can use a per-thread resolver state. In glibc, when |
| you link with -lpthread, such a per-thread resolver state is already |
| present. It can be accessed using `_res', which has been redefined as |
| a macro, in a similar way to what has been done for the `errno' and |
| `h_errno' variables. This per-thread resolver state is also used for |
| the `gethostby*' family of functions, which means that for example |
| `gethostbyname_r' is now fully thread-safe and re-entrant. The |
| traditional resolver interfaces however, continue to use a single |
| resolver state and are therefore still thread-unsafe. The resolver |
| state is the same resolver state that is used for the initial ("main") |
| thread. |
| |
| This has the following consequences for existing binaries and source |
| code: |
| |
| * Single-threaded programs will continue to work. There should be no |
| user-visible changes when you recompile them. |
| |
| * Multi-threaded programs that use the traditional resolver interfaces |
| in the "main" thread should continue to work, except that they no |
| longer see any changes in the global resolver state caused by calls |
| to, for example, `gethostbyname' in other threads. Again there |
| should be no user-visible changes when you recompile these programs. |
| |
| * Multi-threaded programs that use the traditional resolver interfaces |
| in more than one thread should be just as buggy as before (there are |
| no problems if you use proper locking of course). If you recompile |
| these programs, manipulating the _res structure in threads other |
| than the "main" thread will seem to have no effect though. |
| |
| * In Multi-threaded that manipulate the _res structure, calls to |
| functions like `gethostbyname' in threads other than the "main" |
| thread won't be influenced by the those changes anymore. |
| |
| We recommend to use the new thread-safe interfaces in new code, since |
| the traditional interfaces have been deprecated by the BIND folks. |
| For compatibility with other (older) systems you might want to |
| continue to use those interfaces though. |
| |
| |
| Using the resolver in C++ code |
| ============================== |
| |
| There resolver contains some hooks which will allow the user to |
| install some callback functions that make it possible to filter DNS |
| requests and responses. Although we do not encourage you to make use |
| of this facility at all, C++ developers should realise that it isn't |
| safe to throw exceptions from such callback functions. |
| |
| |
| Source code |
| =========== |
| |
| The following files come from the BIND distribution (currently version |
| 8.2.3-T5B): |
| |
| src/include/ |
| arpa/nameser.h |
| arpa/nameser_compat.h |
| resolv.h |
| |
| src/lib/resolv/ |
| herror.c |
| res_comp.c |
| res_data.c |
| res_debug.c |
| res_init.c |
| res_mkquery.c |
| res_query.c |
| res_send.c |
| |
| src/lib/nameser/ |
| ns_name.c |
| ns_netint.c |
| ns_parse.c |
| ns_print.c |
| ns_samedomain.c |
| ns_ttl.c |
| |
| src/lib/inet/ |
| inet_addr.c |
| inet_net_ntop.c |
| inet_net_pton.c |
| inet_neta.c |
| inet_ntop.c |
| inet_pton.c |
| nsap_addr.c |
| |
| src/lib/isc/ |
| base64.c |
| |
| Some of these files have been optimised a bit, and adaptations have |
| been made to make them fit in with the rest of glibc. |
| |
| res_libc.c is home-brewn, although parts of it are taken from res_data.c. |
| |
| res_hconf.c and res_hconf.h were contributed by David Mosberger, and |
| do not come from BIND. |
| |
| The files gethnamaddr.c, mapv4v6addr.h and mapv4v6hostent.h are |
| leftovers from BIND 4.9.7. |