[getdns-users] getdns_validate_dnssec() Example?

Mankin, Allison amankin at verisign.com
Mon May 4 16:08:39 UTC 2015 

Scott,

I think this extension may not be complete in the C library. It is a more recent arrival to the API.

It's been on my TODO list to check details on this.

Allison



On May 4, 2015, at 11:52, Hollenbeck, Scott <shollenbeck at verisign.com> wrote:

>> -----Original Message-----
>> From: Users [mailto:users-bounces at getdnsapi.net] On Behalf Of
>> Hollenbeck, Scott
>> Sent: Friday, May 01, 2015 6:34 PM
>> To: users at getdnsapi.net
>> Subject: [getdns-users] getdns_validate_dnssec() Example?
>> 
>> Does anyone have some sample code that includes queries needed to
>> create the lists that can be used to test the getdns_validate_dnssec()
>> function?
> 
> Let me try this a different way. I've written some PHP code that runs, but my call to getdns_validate_dnssec() is returning either GETDNS_RETURN_NO_SUCH_DICT_NAME (305) or GETDNS_RETURN_WRONG_TYPE_REQUESTED (306) depending on the list I pull from the response dictionary in my callback function. Here's my code - can anyone tell me what I need to do to get the lists for the record(s) to be validated and the support records if I'm not accessing them correctly?
> 
> Scott
> ----------
> <?php
> 
> function php_callback($dict, $callbackType, $userArg, $transID)
> {
>    $status = 0;
>    $result = php_getdns_dict_get_int($dict, "status", $status);
>    var_dump($status);
>    if ($status != GETDNS_RESPSTATUS_GOOD) {
>        return;
>    }
> 
>    // Parse the response to get the records to be validated.
>    // "replies_tree" produces a 305 when I call php_getdns_validate_dnssec() below.
>    // "replies_full" produces a 306.
>    // I *think* I need to get deeper into the list, but what exactly do I need
>    // to retrieve?
>    $toVal = 0;
>    $result = php_getdns_dict_get_list($dict, "replies_tree", $toVal);
>    var_dump($result);
> 
>    // Get the support records.
>    $supRecs = 0;
>    $result = php_getdns_dict_get_list($dict, "validation_chain", $supRecs);
>    var_dump($result);
> 
>    // Get the trust anchor.
>    $anchorDate = 0;
>    $trustAnchor = php_getdns_root_trust_anchor($anchorDate);
>    var_dump($trustAnchor);
> 
>    // Validate!
>    $result = php_getdns_validate_dnssec($toVal, $supRecs, $trustAnchor);>    var_dump($result);
> 
>    php_getdns_dict_destroy($dict);
> }
> 
> $context = 0;
> $setFromOS = 1;
> $result = php_getdns_context_create($context, $setFromOS);
> var_dump($result);
> 
> $name = "http://www.getdnsapi.net";
> $reqType = GETDNS_RRTYPE_NS;
> 
> // Set extensions to return DNSSEC validation information.
> $extensions = php_getdns_dict_create();
> $result = php_getdns_dict_set_int($extensions, "dnssec_return_validation_chain", GETDNS_EXTENSION_TRUE);
> 
> $transID = "";
> $userArgs[0] = "php_callback";
> $userArgs[1] = "User args test 1";
> $result = php_getdns_general($context, $name, $reqType, $extensions, $userArgs, $transID);
> php_getdns_dict_destroy($extensions);
> var_dump($result, $transID);
> if ($result == GETDNS_RETURN_GOOD) {
>    php_getdns_context_run($context);
> }
> 
> php_getdns_context_destroy($context);
> 
> ?>
> 
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> http://getdnsapi.net/mailman/listinfo/users
>

More information about the Users mailing list