Skip to content

Latest commit

 

History

History
175 lines (143 loc) · 8.21 KB

index.md

File metadata and controls

175 lines (143 loc) · 8.21 KB
layout version
page
version date
1.34.4
14-dec-2024

c-ares is a modern DNS (stub) resolver library, written in C. It provides interfaces for asynchronous queries while trying to abstract the intricacies of the underlying DNS protocol. It was originally intended for applications which need to perform DNS queries without blocking, or need to perform multiple DNS queries in parallel.

One of the goals of c-ares is to be a better DNS resolver than is provided by your system, regardless of which system you use. We recommend using the c-ares library in all network applications even if the initial goal of asynchronous resolution is not necessary to your application.

c-ares will build with any C89 compiler and is MIT licensed, which makes it suitable for both free and commercial software. c-ares runs on Linux, FreeBSD, OpenBSD, MacOS, Solaris, AIX, Windows, Android, iOS and many more operating systems.

c-ares has a strong focus on security, implementing safe parsers and data builders used throughout the code, thus avoiding many of the common pitfalls of other C libraries. Through automated testing with our extensive testing framework, c-ares is constantly validated with a range of static and dynamic analyzers, as well as being constantly fuzzed by OSS Fuzz{:target="_blank"}.

While c-ares has been around for over 20 years, it has been actively maintained both in regards to the latest DNS RFCs as well as updated to follow the latest best practices in regards to C coding standards.

Download

[c-ares {{ page.version.version }}](https://github.com/c-ares/c-ares/releases/download/v{{ page.version.version }}/c-ares-{{ page.version.version }}.tar.gz) ({{ page.version.date }}) [GPG](https://github.com/c-ares/c-ares/releases/download/v{{ page.version.version }}/c-ares-{{ page.version.version }}.tar.gz.asc) Changelog

You can also download old packages

PGP / GPG Signatures

Valid PGP / GPG signing keys for packages are:

SLSA Provenance

This project generates SLSA provenance for its releases! This enables you to verify the integrity of the downloaded artifacts and ensure that the release was generated from the intended repository.

To verify the provenance of the release, please follow the instructions here.

Example:

$ curl -sO https://github.com/c-ares/c-ares/releases/download/v1.34.3/c-ares-1.34.3.intoto.jsonl
$ curl -sO https://github.com/c-ares/c-ares/releases/download/v1.34.3/c-ares-1.34.3.tar.gz
$ slsa-verifier verify-artifact c-ares-1.34.3.tar.gz \
    --provenance-path c-ares-1.34.3.intoto.jsonl \
    --source-uri github.com/c-ares/c-ares \
    --source-tag v1.34.3
Verified signature against tlog entry index 147812470 at URL: https://rekor.sigstore.dev/api/v1/log/entries/108e9186e8c5677a9bfd5bc5181d05ada688a805f9a59cfd082dec27cb6d6567f85b7382eea39dc5
Verified build using builder "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v2.0.0" at commit c29e75d54c3743783d51a609980495cf553b4bca
Verifying artifact c-ares-1.34.3.tar.gz: PASSED

PASSED: SLSA verification passed

Features

See Features

Supported RFCs and Proposals

  • RFC1035. Initial/Base DNS RFC
  • RFC2671, RFC6891. EDNS0 option (meta-RR)
  • RFC3596. IPv6 Address. AAAA Record.
  • RFC2782. Server Selection. SRV Record.
  • RFC3403. Naming Authority Pointer. NAPTR Record.
  • RFC6698. DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol. TLSA Record.
  • RFC9460. General Purpose Service Binding, Service Binding type for use with HTTPS. SVCB and HTTPS Records.
  • RFC7553. Uniform Resource Identifier. URI Record.
  • RFC6844. Certification Authority Authorization. CAA Record.
  • RFC2535, RFC2931. SIG0 Record. Only basic parser, not full implementation.
  • RFC7873, RFC9018. DNS Cookie off-path dns poisoning and amplification mitigation.
  • draft-vixie-dnsext-dns0x20-00. DNS 0x20 query name case randomization to prevent cache poisioning attacks.
  • RFC7686. Reject queries for .onion domain names with NXDOMAIN.
  • RFC2606, RFC6761. Special case treatment for localhost/.localhost.
  • RFC2308, RFC9520. Negative Caching of DNS Resolution Failures.
  • RFC6724. IPv6 address sorting as used by ares_getaddrinfo().
  • RFC7413. TCP FastOpen (TFO) for 0-RTT TCP Connection Resumption.
  • RFC3986. Uniform Resource Identifier (URI). Used for server configuration.

Communication

Issues and Feature Requests should be reported to our GitHub Issues{:target="_blank"} page.

Discussions around c-ares and its use are held on GitHub Discussions{:target="_blank"} or the Mailing List{:target="_blank"}. Mailing list archive here{:target="_blank"}. Please, do not mail volunteers privately about c-ares.

Security vulnerabilities are treated according to our security procedure, please email c-ares-security at haxx.se if you suspect one. Previous security vulnerabilities.

Source code

Browse the git repository on GitHub{:target="_blank"}.

Check out from git like this:

git clone https://github.com/c-ares/c-ares.git

Who is c-ares?

Contributions have been made by these friendly people{:target="_blank"}.

c-ares is being used by:

Please let us know if you use it!