[getdns-api] DANE with dnssec_return_only_secure extension
Willem Toorop
willem at nlnetlabs.nl
Tue Jul 1 07:33:15 MST 2014
op 01-07-14 16:24, Shumon Huque schreef:
> Right.
>
> Can't we use the "dnssec_status" component of the response dictionary
> (set if the "dnssec_return_status" extension is specified) to examine
> this? I assume it will have GETDNS_DNSSEC_BOGUS in this case.
It doesn't have that because the dnssec_return_status does validation
and will not include BOGUS answers. You have to also enable
dnssec_return_validation_chain to include BOGUS packets too.
More information about the getdns-api
mailing list