v3.6.4

• Fix Zone-class serialization (#​391)
• Avoid Double DNS Lookup for Names with Labels >= ndots (#​388)
• Prevent NPE when calling Message#getTSIG() on DNS request with bad header (#​384)
• Unwrap an exception in the legacy callback-based async interface (#​383)
• Prevent ConcurrentModificationException in NIO clients (#​379, @​bhaveshthakker)
• Handle null in all setSearchPath overloads equally (#​157)
• Reduce warning level of invalid hosts file entries (#​371)
• Remove a lock on the hot-path in the hosts file parser (#​371)
• DoH Resolver makes use of the Multi-Release jar and tests are executed for Java 8 and 11+ implementations (#​385)
• Fix DoH Resolver initial request delay (#​385)

Full Changelog: dnsjava/dnsjava@v3.6.3...v3.6.4

v3.6.3

• Support custom hosts file size (@​flaming-archer, #​349)
• Fix origin handling in zone loaded from file or stream (#​346)
• Prevent TCP port leak when closing IO (#​351)
• Fix confusing parameter name in CNAMERecord (@​chkal, #​354)
• Optionally disable ShutdownHook in NioClient (@​SvenssonWeb, #​359)
• TSIG algorithm names from RFC 8945
• Message.toWire can exceed MAXLENGTH (#​355)
• TCP query might fail if the shared buffer is full (#​357)
• Dynamic updates silently truncates records (#​356)
• Fix DoH initial request using recommended nanoTime calculation (@​LinZong, #​345)

v3.6.2

• Add new IANA Trust Anchor (@​technolord, #​337)
• Fix Zone handling with signed SOA (@​frankarinnet, #​335)

v3.6.1

• Properly fix LookupSession doesn't cache CNAMEs (#​316)
• Move JEP-418 SPI to Java 18 to support EOL workflows (#​329)

v3.6.0

• Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw)
  Lookup and LookupSession do not sanitize input properly, allowing to smuggle additional responses, even with DNSSEC. I would like to thank Thomas Bellebaum from Fraunhofer AISEC (@​bellebaum) and Martin Schanzenbach (@​schanzen) for reporting and assisting me with this issue.
• Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf)
  Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)
• Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr)
  NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)
• Fix running all DNSSEC on the specified executor
• Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12
• Add A/AAAA record constructor with IP address byte array
• Validate DS record digest lengths (#​250)
• Fix NPE in SimpleResolver on invalid responses (#​277)
• Add support for JEP 418: Internet-Address Resolution SPI (#​290)
• Full JPMS support (#​246)
• Pluggable I/O for SimpleResolver
  (@​chrisruffalo, #​253)
• UDP port leak in SimpleResolver (#​318)
• Fix clean shutdown in app containers when never used (#​319)
• Fix concurrency issue in I/O clients (#​315, #​323)
• LookupSession doesn't cache CNAMEs (#​316)
• SimpleResolver can fail with UPDATE response (#​322)
• Replace synchronization in Zone with locks
  (#​305, based on work from @​srijeet0406 in #​306)

v3.5.3

• Fix CNAME in LookupSession (#​279)
• Fix Name constructor failing with max length, relative name and root origin (#​289, @​MMauro94)
• Add config option for Resolver I/O timeout (#​273, @​vmarian2)
• Extend I/O logging
• Prevent exception during TCP I/O with missing or truncated length prefix
• Use internal base64 codec for Android compatibility (#​271)
• Fix multi-message TSIG stream verification for pre-RFC8945 servers (#​295, @​frankarinnet and @​nguichon)
• Add StreamGenerator for generating RFC8945 compliant multi-message streams (related to #​295)

v3.5.2

• Correctly render empty TXT records (#​254)
• More validation on TLSA data input (#​257)

v3.5.1

• Fix validation of TSIG signed responses (#​249)
• DS rdata digest validation hexadecimal digits (#​252)

v3.5.0

• Add full built-in support for DNSSEC based on dnssecjava (#​209)
• Make Record classes serializable again (#​242)
• Allow SVCB ServiceMode records without params (#​244, @​adam-stoler)
• Fix TCPClient receive timeouts (#​218 @​nguydavi, #​219)

Note that the license changed! Previous versions were BSD-2-Clause licensed, while from this release on it is BSD-3-Clause.

v3.4.3

• Fix handling of buffers in DNSInput (#​224, #​225 @​nresare)
• Clear existing nameservers on config refresh (#​226)
• Fix exception when calling ResolverConfig.refresh (#​234)

v3.4.2

• Document behavior of ExtendedResolver.setTimeout (#​206)
• Add overloads to use an Executor when sending queries in resolvers (#​211)
• Remove synchronous locks in DoH Resolver (related to #​211)
• Fix broken CNAME handling in LookupSession (#​212)
• "WireParseException: bad label type" when parsing Message from ByteBuffer (#​213)
• Remove unnecessary synchronization in org.xbill.DNS.Header::getID (#​215, @​maltalex)
• Add examples for the LookupSession and direct Resolver usage

v3.4.1

• Allow signing with ED25519 and ED448 algorithms
  (#​200, Klaus Malorny)
• Rename echconfig to ech in SVCB/HTTPS records
  (#​202, @​adam-stoler)
• Fix bug in Name.compareTo with byte-values >= 128
  (#​205, @​adam-stoler)

v3.4.0

• UnknownHostException provides details in message (#​154)
• Limit length of relative Name to 254 (#​165)
• Fix wildcard lookups in Zone (#​169)
• Properly close UDP channel upon error
  (#​177, @​li-wjohnson)
• Fix load balancing in ExtendedResolver
  (#​179, @​paulo-raca)
• Add method to shutdown NIO threads (#​180)
• Fix restoring active position on byte buffers
  (#​184, @​ryru)
• Add support for extended DNS errors (RFC8914, #​187)
• Fix TTL for SOA record to minimum of TTL and minimum field
  (#​191, @​amitknx)
• Add support for hosts file in lookups (#​195)

v3.3.1

• Fix value of getAlias in C/DNameRecord (#​136)
• Fix bug with SVCB/HTTPS parsing of master file format
  (#​135, @​adam-stoler)

v3.3.0

• Add support for SVCB and HTTPS records (PR #​116, @​adam-stoler)
• Fix an issue with ndots in Lookup (#​118)
• Support IPv4 mapped IPv6 address in AAAA record (PR #​120, @​spwei)
• Validate range in Type
• Improve DOH Resolver (#​123, #​127)
  Note that this resolver is more a proof of concept and not
  production ready. See Javadoc and issue #​123.

v3.2.2

• Fix JNA access violation in WindowsResolverConfigProvider on 32bit JVMs

v3.2.1

• Add Javadoc @since tags for APIs introduced since 3.0
• Fix requiring JNA in certain classloaders (#​112)
• Add property to skip initializing builtin resolver config (#​112)
• Make ResolverConfig and Resolver API public (#​111)
• Add properties for a fallback resolver config provider (#​111)
• Close UDP socket on failures (#​110)
• Refactor TSIG code and add trace logging (#​109)

(Note: this release is identical to v3.2.0 except for the version number, which missed -javadoc and -sources on Maven Central)

v3.1.0

• Fix order of OPT and TSIG records in messages (#​108)
• Fix RRset.cycle() short overflows (#​102)
• Fix race condition in resolver I/O (#​104)
• Add support for custom record types
  (#​94, Klaus Malorny Klaus.Malorny@knipp.de)

v3.0.2

Fix an issue with the new NIO TCP resolver (see #​96)

v3.0.1

• Parse RRsig records with epoch time format
• Add support for EdDSA DNSSEC signatures if BouncyCastle is available
  (Ed25519 and Ed448, RFC 8080)
• Add missing RCode, OpCode and RR type mnemonics

v3.0.0

• Requires Java 8 and slf4j-api
• Adds support for Java 9+ and Android O+ via a new server config
  lookup system (#​6, #​9)
• Resolving is now fully asynchronous, no new thread per query anymore
• Message provides information about the resolver that produced it (#​41)
• Add support for Host Identity Protocol (HIP) records (RFC 8005, #​47)
• Adds a DNS over HTTP (DoH) resolver (#​66)
• Fixes some issues with the OSGi manifest (#​70)
• Add support for the RES_OPTIONS environment variable (#​57)
• Add support for relative $INCLUDE paths in master files (#​75)
• Add support for custom DNS server port in config properties (#​80)
• Adds new EDNS(0) options
• Parse RRsig records with epoch time format
• Add support for EdDSA DNSSEC signatures if BouncyCastle is available
  (Ed25519 and Ed448, RFC 8080)
• Add missing RCode, OpCode and RR type mnemonics
• See the README for hints on migrating from v2.1.x to v3