README.SUSE
ADNS From the Homepage: Advanced, easy to use, asynchronous-capable DNS client library and utilities. adns is a resolver library for C (and C++) programs, and a collection of useful DNS resolver utilities. I'm (Ian) afraid there is no manual yet. However, competent C programmers should be able to use the library based on the commented adns.h header file, and the usage messages for the programs should be sufficient. adns also comes with a number of utility programs for use from the command line and in scripts: * adnslogres is a much faster version of Apache's logresolv program. * adnsresfilter is a filter which copies its input to its output, replacing IP addresses by the corresponding names, without unduly delaying the output. For example, you can usefully pipe the output of netstat -n, tcpdump -ln, and the like, into it. * adnshost is a general-purpose DNS lookup utility which can be used easily in from the command line and from shell scripts to do simple lookups. In a more advanced mode it can be used as a general-purpose DNS helper program for scripting languages which can invoke and communicate with subprocesses. See the adnshost usage message for a summary of its capabilities. From the INSTALL file: SECURITY AND PERFORMANCE - AN IMPORTANT NOTE adns is not a `full-service resolver': it does no caching of responses at all, and has no defence against bad nameservers or fake packets which appear to come from your real nameservers. It relies on the full-service resolvers listed in resolv.conf to handle these tasks. For secure and reasonable operation you MUST run a full-service nameserver on the same system as your adns applications, or on the same local, fully trusted network. You MUST only list such nameservers in the adns configuration (eg resolv.conf). You MUST use a firewall or other means to block packets which appear to come from these nameservers, but which were actually sent by other, untrusted, entities. Furthermore, adns is not DNSSEC-aware in this version; it doesn't understand even how to ask a DNSSEC-aware nameserver to perform the DNSSEC cryptographic signature checking. In particular, adns does not randomize the query source port or transaction ID; relevant advisories are CVE-2008-1447 and CVE-2008-4100. Since adns is a stub resolver, the workarounds listed in DSA-1605-1 for glibc also apply to adns.