summaryrefslogtreecommitdiffstats
path: root/lib/dnspython/README
blob: 367e7a2b76e8bd3e467f64feb1286780d3efee39 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
dnspython

INTRODUCTION

dnspython is a DNS toolkit for Python. It supports almost all record
types. It can be used for queries, zone transfers, and dynamic
updates.  It supports TSIG authenticated messages and EDNS0.

dnspython provides both high and low level access to DNS. The high
level classes perform queries for data of a given name, type, and
class, and return an answer set.  The low level classes allow direct
manipulation of DNS zones, messages, names, and records.

To see a few of the ways dnspython can be used, look in the examples/
directory.

dnspython originated at Nominum where it was developed to facilitate
the testing of DNS software.  Nominum has generously allowed it to be
open sourced under a BSD-style license, and helps support its future
development by continuing to employ the author :).


ABOUT THIS RELEASE

This is dnspython 1.10.0

New since 1.9.4:

        XXX TBS.

Bugs fixed since 1.9.4:

        XXX TBS.

New since 1.9.3:

        Nothing.

Bugs fixed since 1.9.3:

     	The rdata _wire_cmp() routine now handles relative names.

	The SIG RR implementation was missing 'import struct'.

New since 1.9.2:

    	A boolean parameter, 'raise_on_no_answer', has been added to
	the query() methods.  In no-error, no-data situations, this
	parameter determines whether NoAnswer should be raised or not.
	If True, NoAnswer is raised.  If False, then an Answer()
	object with a None rrset will be returned.

	Resolver Answer() objects now have a canonical_name field.

	Rdata now have a __hash__ method.

Bugs fixed since 1.9.2:

       	Dnspython was erroneously doing case-insensitive comparisons
	of the names in NSEC and RRSIG RRs.

	We now use "is" and not "==" when testing what section an RR
	is in.

	The resolver now disallows metaqueries.

New since 1.9.1:

    	Nothing.

Bugs fixed since 1.9.1:

	The dns.dnssec module didn't work at all due to missing
	imports that escaped detection in testing because the test
	suite also did the imports.  The third time is the charm!

New since 1.9.0:

    	Nothing.

Bugs fixed since 1.9.0:

        The dns.dnssec module didn't work with DSA due to namespace
	contamination from a "from"-style import.

New since 1.8.0:

    	dnspython now uses poll() instead of select() when available.

	Basic DNSSEC validation can be done using dns.dnsec.validate()
	and dns.dnssec.validate_rrsig() if you have PyCrypto 2.3 or
	later installed.  Complete secure resolution is not yet
	available.

	Added key_id() to the DNSSEC module, which computes the DNSSEC
	key id of a DNSKEY rdata.

	Added make_ds() to the DNSSEC module, which returns the DS RR
	for a given DNSKEY rdata.

	dnspython now raises an exception if HMAC-SHA284 or
	HMAC-SHA512 are used with a Python older than 2.5.2.  (Older
	Pythons do not compute the correct value.)

	Symbolic constants are now available for TSIG algorithm names.

Bugs fixed since 1.8.0

        dns.resolver.zone_for_name() didn't handle a query response
	with a CNAME or DNAME correctly in some cases.

        When specifying rdata types and classes as text, Unicode
	strings may now be used.

	Hashlib compatibility issues have been fixed.

	dns.message now imports dns.edns.

	The TSIG algorithm value was passed incorrectly to use_tsig()
	in some cases.

New since 1.7.1:

    	Support for hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384
	and hmac-sha512 has been contributed by Kevin Chen.

	The tokenizer's tokens are now Token objects instead of (type,
	value) tuples.

Bugs fixed since 1.7.1:

        Escapes in masterfiles now work correctly.  Previously they
	were only working correctly when the text involved was part of
	a domain name.

     	When constructing a DDNS update, if the present() method was
	used with a single rdata, a zero TTL was not added.

	The entropy pool needed locking to be thread safe.

	The entropy pool's reading of /dev/random could cause
	dnspython to block.

	The entropy pool did buffered reads, potentially consuming more
	randomness than we needed.

	The entropy pool did not seed with high quality randomness on
	Windows.

	SRV records were compared incorrectly.

	In the e164 query function, the resolver parameter was not
	used.

New since 1.7.0:

    	Nothing

Bugs fixed since 1.7.0:

     	The 1.7.0 kitting process inadventently omitted the code for the
	DLV RR.

	Negative DDNS prerequisites are now handled correctly.

New since 1.6.0:

    	Rdatas now have a to_digestable() method, which returns the
	DNSSEC canonical form of the rdata, suitable for use in
	signature computations.

	The NSEC3, NSEC3PARAM, DLV, and HIP RR types are now supported.

	An entropy module has been added and is used to randomize query ids.

	EDNS0 options are now supported.

	UDP IXFR is now supported.

	The wire format parser now has a 'one_rr_per_rrset' mode, which
	suppresses the usual coalescing of all RRs of a given type into a
	single RRset.

	Various helpful DNSSEC-related constants are now defined.

	The resolver's query() method now has an optional 'source' parameter,
        allowing the source IP address to be specified.

Bugs fixed since 1.6.0:

     	On Windows, the resolver set the domain incorrectly.

	DS RR parsing only allowed one Base64 chunk.

	TSIG validation didn't always use absolute names.

	NSEC.to_text() only printed the last window.

	We did not canonicalize IPv6 addresses before comparing them; we
	would thus treat equivalent but different textual forms, e.g.
	"1:00::1" and "1::1" as being non-equivalent.

	If the peer set a TSIG error, we didn't raise an exception.

	Some EDNS bugs in the message code have been fixed (see the ChangeLog
	for details).

New since 1.5.0:
	Added dns.inet.is_multicast().

Bugs fixed since 1.5.0:
	
	If select() raises an exception due to EINTR, we should just
	select() again.

	If the queried address is a multicast address, then don't
	check that the address of the response is the same as the
	address queried.

	NAPTR comparisons didn't compare the preference field due to a
	typo.

	Testing of whether a Windows NIC is enabled now works on Vista
	thanks to code contributed by Paul Marks.

New since 1.4.0:

    	Answer objects now support more of the python sequence
	protocol, forwarding the requests to the answer rrset.
	E.g. "for a in answer" is equivalent to "for a in
	answer.rrset", "answer[i]" is equivalent to "answer.rrset[i]",
	and "answer[i:j]" is equivalent to "answer.rrset[i:j]".

	Making requests using EDNS, including indicating DNSSEC awareness,
	is now easier.  For example, you can now say:

	   q = dns.message.make_query('www.dnspython.org', 'MX',
				      want_dnssec=True)

	dns.query.xfr() can now be used for IXFR.

	Support has been added for the DHCID, IPSECKEY, and SPF RR types.

	UDP messages from unexpected sources can now be ignored by
	setting ignore_unexpected to True when calling dns.query.udp.

Bugs fixed since 1.4.0:

        If /etc/resolv.conf didn't exist, we raised an exception
	instead of simply using the default resolver configuration.

	In dns.resolver.Resolver._config_win32_fromkey(), we were
	passing the wrong variable to self._config_win32_search().

New since 1.3.5:

        You can now convert E.164 numbers to/from their ENUM name
        forms:

	      >>> import dns.e164
	      >>> n = dns.e164.from_e164("+1 555 1212")
	      >>> n
	      <DNS name 2.1.2.1.5.5.5.1.e164.arpa.>
	      >>> dns.e164.to_e164(n)
	      '+15551212'

	You can now convert IPv4 and IPv6 address to/from their
	corresponding DNS reverse map names:

	      >>> import dns.reversename
	      >>> n = dns.reversename.from_address("127.0.0.1")
	      >>> n
	      <DNS name 1.0.0.127.in-addr.arpa.>
	      >>> dns.reversename.to_address(n)
	      '127.0.0.1'

	You can now convert between Unicode strings and their IDN ACE
	form:

	      >>> n = dns.name.from_text(u'les-\u00e9l\u00e8ves.example.')
	      >>> n
	      <DNS name xn--les-lves-50ai.example.>
	      >>> n.to_unicode()
	      u'les-\xe9l\xe8ves.example.'

	The origin parameter to dns.zone.from_text() and dns.zone.to_text()
	is now optional.  If not specified, the origin will be taken from
	the first $ORIGIN statement in the master file.

	Sanity checking of a zone can be disabled; this is useful when
	working with files which are zone fragments.

Bugs fixed since 1.3.5:

     	The correct delimiter was not used when retrieving the
	list of nameservers from the registry in certain versions of
	windows.

        The floating-point version of latitude and longitude in LOC RRs
	(float_latitude and float_longitude) had incorrect signs for
	south latitudes and west longitudes.

	BIND 8 TTL syntax is now accepted in all TTL-like places (i.e.
	SOA fields refresh, retry, expire, and minimum; SIG/RRSIG
	field original_ttl).

	TTLs are now bounds checked when their text form is parsed,
	and their values must be in the closed interval [0, 2^31 - 1].

New since 1.3.4:

     	In the resolver, if time goes backward a little bit, ignore
    	it.

	zone_for_name() has been added to the resolver module.  It
	returns the zone which is authoritative for the specified
	name, which is handy for dynamic update.  E.g.

	      import dns.resolver
	      print dns.resolver.zone_for_name('www.dnspython.org')

	will output "dnspython.org." and

	      print dns.resolver.zone_for_name('a.b.c.d.e.f.example.')

	will output ".".

	The default resolver can be fetched with the
	get_default_resolver() method.

    	You can now get the parent (immediate superdomain) of a name
	by using the parent() method.

	Zone.iterate_rdatasets() and Zone.iterate_rdatas() now have
	a default rdtype of dns.rdatatype.ANY like the documentation
	says.

	A Dynamic DNS example, ddns.py, has been added.

New since 1.3.3:

	The source address and port may now be specified when calling
	dns.query.{udp,tcp,xfr}.
	
	The resolver now does exponential backoff each time it runs
	through all of the nameservers.

	Rcodes which indicate a nameserver is likely to be a
	"permanent failure" for a query cause the nameserver to be removed
	from the mix for that query.

New since 1.3.2:

    	dns.message.Message.find_rrset() now uses an index, vastly
	improving the from_wire() performance of large messages such
	as zone transfers.

	Added dns.message.make_response(), which creates a skeletal
	response for the specified query.

	Added opcode() and set_opcode() convenience methods to the
	dns.message.Message class.  Added the request_payload
	attribute to the Message class.

        The 'file' parameter of dns.name.Name.to_wire() is now
	optional; if omitted, the wire form will be returned as the
	value of the function.

	dns.zone.from_xfr() in relativization mode incorrectly set
	zone.origin to the empty name.

	The masterfile parser incorrectly rejected TXT records where a
	value was not quoted.

New since 1.3.1:

	The NSEC format doesn't allow specifying types by number, so
	we shouldn't either.  (Using the unknown type format is still
	OK though.)

	The resolver wasn't catching dns.exception.Timeout, so a timeout
	erroneously caused the whole resolution to fail instead of just
	going on to the next server.

	The renderer module didn't import random, causing an exception
	to be raised if a query id wasn't provided when a Renderer was
	created.

        The conversion of LOC milliseconds values from text to binary was
	incorrect if the length of the milliseconds string was not 3.

New since 1.3.0:

	Added support for the SSHFP type.

New since 1.2.0:

	Added support for new DNSSEC types RRSIG, NSEC, and DNSKEY.

This release fixes all known bugs.

See the ChangeLog file for more detailed information on changes since
the prior release.


REQUIREMENTS

Python 2.4 or later.


INSTALLATION

To build and install dnspython, type

	python setup.py install


HOME PAGE

For the latest in releases, documentation, and information, visit the
dnspython home page at

	http://www.dnspython.org/



DOCUMENTATION

Documentation is sparse at the moment.  Use pydoc, or read the HTML
documentation at the dnspython home page, or download the HTML
documentation.


BUG REPORTS

Bug reports may be sent to bugs@dnspython.org


MAILING LISTS

A number of mailing lists are available.  Visit the dnspython home
page to subscribe or unsubscribe.