From the Homepage:
Advanced, easy to use, asynchronous-capable DNS client library and utilities.
adns is a resolver library for C (and C++) programs, and a collection of useful
DNS resolver utilities.
I'm (Ian) afraid there is no manual yet. However, competent C programmers should
be able to use the library based on the commented adns.h header file, and
the usage messages for the programs should be sufficient.
adns also comes with a number of utility programs for use from the command
line and in scripts:
* adnslogres is a much faster version of Apache's logresolv program.
* adnsresfilter is a filter which copies its input to its output,
replacing IP addresses by the corresponding names, without unduly
delaying the output. For example, you can usefully pipe the
output of netstat -n, tcpdump -ln, and the like, into it.
* adnshost is a general-purpose DNS lookup utility which can be used easily
in from the command line and from shell scripts to do simple lookups.
In a more advanced mode it can be used as a general-purpose DNS helper
program for scripting languages which can invoke and communicate with
subprocesses. See the adnshost usage message for a summary of its capabilities.
From the INSTALL file:
SECURITY AND PERFORMANCE - AN IMPORTANT NOTE
adns is not a `full-service resolver': it does no caching of responses
at all, and has no defence against bad nameservers or fake packets
which appear to come from your real nameservers. It relies on the
full-service resolvers listed in resolv.conf to handle these tasks.
For secure and reasonable operation you MUST run a full-service
nameserver on the same system as your adns applications, or on the
same local, fully trusted network. You MUST only list such
nameservers in the adns configuration (eg resolv.conf).
You MUST use a firewall or other means to block packets which appear
to come from these nameservers, but which were actually sent by other,
Furthermore, adns is not DNSSEC-aware in this version; it doesn't
understand even how to ask a DNSSEC-aware nameserver to perform the
DNSSEC cryptographic signature checking.
In particular, adns does not randomize the query source port or transaction ID;
relevant advisories are CVE-2008-1447 and CVE-2008-4100. Since adns is a stub
resolver, the workarounds listed in DSA-1605-1 for glibc also apply to adns.