ldns

The goal of ldns is to simplify DNS programming, it supports recent RFCs like the DNSSEC documents, and allows developers to easily create software conforming to current RFCs, and experimental software for current Internet Drafts. A secondary benefit of using ldns is speed; ldns is written in C it should be a lot faster than Perl.

The first major tool to use ldns is Drill, from which part of the library was derived. From version 1.0.0 on, drill is be included in the ldns release and will not be distributed separately anymore. Its version number will follow that of ldns. The library also includes some other examples and tools to show how it can be used.

ldns depends on OpenSSL for its crypto functions. It can be compiled without OpenSSL, but of course you'll lose the ability to perform any cryptographic functions.

Feature list

  • IP4 and IP6 support,
  • TSIG support,
  • DNSSEC support; signing and verification,
  • small size,
  • online documentation as well as manual pages.

If you want to send us patches please use the code from subversion (trunk).

Download

The latest release is 1.6.17, dating Jan 10, 2014

Download (checksum sha1: 4218897b3c002aadfc7280b3f40cda829e05c9a4)

The changelog for this version can be found at http://git.nlnetlabs.nl/ldns/tree/Changelog?id=release-1.6.17

Compiling

After downloading, you can compile the library by doing:
./configure && (g)make

You need GNU make to compile it.

If you compile from the repository, you also need the gnu autotools (autoreconf and libtool).

Creating documentation

The (html) documentation is created with doxygen. The manual pages are created with a perl program. While sitting in the source directory a simple gmake doc should create everything.

Drill

ldns includes the Drill tool.

Drill is a tool ala dig from BIND. It was designed with DNSSEC in mind and should be a useful debugging/query tool for DNSSEC.

A lot of DNS debugging is done with dig, but as dig is made with the same libraries as BIND8/9 (the most used DNS server out there), what are you actually debugging/testing? Drill has nothing in common with either NSD nor BIND. During the development process we are actually uncovering obscure bugs in NSD and BIND (and in drill itself).

Example programs

A few example programs are included in the source of ldns. They are not compiled by default. You need to explicitly build them with: cd examples && ./configure && (g)make
  1. ldns-chaos - Prints some information about the nameserver.
  2. ldns-key2ds - Creates a DS record from a DNSKEY record
  3. ldns-keyfetcher - Fetches DNSSEC public keys for zones
  4. ldns-keygen - Generate private/pubkey key pair for DNSSEC.
  5. ldns-mx - Explained in the tutorial. Prints the mx records for a domain.
  6. ldns-read-zone - Reads a zone file and prints it with 1 RR per line.
  7. ldns-signzone - Signs a zone file according to DNSSECbis.
  8. ldns-version - Prints the version of the library.
  9. ldns-update - UPDATE examples.
  10. ldns-walk - 'Walks' a DNSSEC zone
  11. ldns-zsplit - Splits a zone file in smaller parts
  12. ldns-zcat - Concatenates zone file parts split with ldns-zsplit
  13. ldns-compare-zones - See the differences between zones (added/removed names, added/removed rrs for names)
Also see their manual pages. (in the examples/ dir)

Support

We have a mailing list where ldns related discussion are held. These discussions can range from implementation issues to generic DNS/DNSSEC issues.

You can find the mailing list information page here.

Wed Mar 19 2014

© Stichting NLnet Labs

Science Park 400, 1098 XH Amsterdam, The Netherlands

labs@nlnetlabs.nl, subsidised by NLnet and SIDN.