<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 12, 2015 at 10:31 AM, Bruce Ferrell <span dir="ltr"><<a href="mailto:bferrell@baywinds.org" target="_blank">bferrell@baywinds.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
I agree... DNSSEC... big deal. DNS cache? what?! Let the system do that and keep the bloat out of asterisk<br>
<div class=""><div class="h5"><br>
<br>
<br>
On 02/12/2015 07:37 AM, Olle E. Johansson wrote:<br>
> There is one version of c-ares in resiprocate as well.<br>
><br>
> C-ares has been in use for a long time and is in use every single day for you as part of<br>
> most curl installs. I am not sure there is much to do there.<br>
><br>
> Libunbound adds a lot if that is what we want.<br>
><br>
> Why is a cache a good thing? You surely have a caching resolver running<br>
> on your system, right?<br>
><br>
> DNSsec is a huge deal - and the foundation for a lot of security things coming up.<br>
> Someone wrote an IETF draft about that and SIP.<br>
><br>
> <a href="https://tools.ietf.org/html/draft-johansson-sipcore-dane-sip-00" target="_blank">https://tools.ietf.org/html/draft-johansson-sipcore-dane-sip-00</a><br>
><br>
> I got a patch sent to me that implements that in Asterisk with unbound,<br>
> but haven't gotten time to go through it and test it.<br>
><br>
> /O<br>
><br>
> On 12 Feb 2015, at 16:25, Brad Watkins <<a href="mailto:marquis42@gmail.com">marquis42@gmail.com</a>> wrote:<br>
><br>
>> Looking at this, I'm inclined to say that libunbound is the better of<br>
>> the two options in spite of it being somewhat more difficult to<br>
>> consume DNS records than it would be with c-ares. In my estimation a<br>
>> (seemingly?) more-active community and the inclusion of a cache are<br>
>> more important. DNSSEC isn't a huge deal, at least not for me at this<br>
>> time, but is a nice bonus as well.<br>
>><br>
>> - Brad<br>
>><br>
>> On Thu, Feb 12, 2015 at 10:01 AM, Joshua Colp <<a href="mailto:jcolp@digium.com">jcolp@digium.com</a>> wrote:<br>
>>> Greetings all,<br>
>>><br>
>>> I've extended the sections of my wiki page for c-ares[1] and libunbound[2]<br>
>>> to include further information about documentation, general usage<br>
>>> experience, and other aspects. Personally I lean towards libunbound because<br>
>>> it was straight forward to experiment with, supports DNSSEC, and has a<br>
>>> cache.<br>
>>><br>
>>> Cheers,<br>
>>><br>
>>> [1]<br>
>>> <a href="https://wiki.asterisk.org/wiki/display/~jcolp/DNS+Support+in+Asterisk#DNSSupportinAsterisk-c-ares" target="_blank">https://wiki.asterisk.org/wiki/display/~jcolp/DNS+Support+in+Asterisk#DNSSupportinAsterisk-c-ares</a><br>
>>> [2]<br>
>>> <a href="https://wiki.asterisk.org/wiki/display/~jcolp/DNS+Support+in+Asterisk#DNSSupportinAsterisk-libunbound" target="_blank">https://wiki.asterisk.org/wiki/display/~jcolp/DNS+Support+in+Asterisk#DNSSupportinAsterisk-libunbound</a><br>
>>><br clear="all"></div></div></blockquote><div><br></div><div>After reading through the posts to this list, looking at Josh's analysis on the aforementioned wiki pages, and looking at the libraries themselves, I'm inclined to think that both of these are good libraries, would be perfectly acceptable to use in Asterisk, and would be better than our current functionality.<br><br></div><div>There are certainly some finer points for one over the other. In the interest of moving forward, I'm going to propose that we choose libunbound for the following reasons:<br></div><div>(1) It does support DNSSEC already, which would obviously be nice to have available.<br></div><div>(2) Examples on the website are quite nice, which makes it a bit easier to implement and get going. A hard part of this project is going to be actually using the library in Asterisk, and the more time and energy we can throw at that as opposed to getting the shim between Asterisk and the library working, the better.<br><br></div><div>Keep in mind that Josh's proposed API (<a href="https://wiki.asterisk.org/wiki/display/~jcolp/Asterisk+DNS+API">https://wiki.asterisk.org/wiki/display/~jcolp/Asterisk+DNS+API</a>) allows for a resolver library to be changed behind the facade that the rest of Asterisk will use - so if libunbound proves to be a poor choice, we are not stuck with it.<br><br></div><div>Despite my motion for a resolution, if anyone has any objections, please feel free to reply. I don't want to cut off discussion by any means, but I think we're getting close to a point where we could start the implementation of this, and knowing which resolver we're going to use will be important in the next few weeks.<br></div></div><br></div><div class="gmail_extra">Thanks -<br><br></div><div class="gmail_extra">Matt<br><br></div><div class="gmail_extra">-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Matthew Jordan<br></div><div>Digium, Inc. | Director of Technology<br></div><div>445 Jan Davis Drive NW - Huntsville, AL 35806 - USA</div><div>Check us out at: <a href="http://digium.com" target="_blank">http://digium.com</a> & <a href="http://asterisk.org" target="_blank">http://asterisk.org</a></div></div></div></div></div>
</div></div>