[dns-operations] [Ext] Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS

[Paul Hoffman]

A hopefully-only-somewhat defensive reply.

On Aug 17, 2021, at 5:25 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> 
> Sadly, while getdnsapi looks somewhat natural to a Python programmer,

The team that put together getdns aimed at "modern C usage". If that looks like Python/JavaScript/Go, it's because they are more modern. FWIW, I think the leaning of the team was much more strongly towards JavaScript than Python.

> it
> is a rather poor C API with so much ceremony and boilerplate as to be
> essentially unusable IMHO.

The DNS requires boilerplate: it just does. A boilerplate-free API for the DNS for any language is full of assumptions that are unlikely to be widely true.

>  If we want to see something adopted widely,
> I don't think getdnsapi will be it.

I would be thrilled if someone comes up with something more successfull than getdns, but to date no one has. As far as I can tell, no one has even tried.

--Paul Hoffman (who pulled getdns together, contracted by Google)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2584 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210818/2a5504f4/attachment.bin>