[getdns-api] DANE with dnssec_return_only_secure extension
paul.hoffman at vpnc.org
Tue Jul 1 10:22:01 MST 2014
Whoops, my mistake. Yes, your original proposal is right. We already crossed the line with GETDNS_RESPSTATUS_NO_SECURE_ANSWERS (which I now think was a mistake, but oh well), so GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS seems OK. However, we need to be clear that this means all bogus answers *for the requested name*, not for other records that might have come back with them, such as glue records that might be OK.
More information about the getdns-api