[getdns-users] Example using the "dnssec_return_validation_chain" extension
Linus Nordberg
linus at nordberg.se
Wed Feb 10 19:44:28 UTC 2016
Hi list,
I've been trying to use the "dnssec_return_validation_chain" extension,
so far without luck. I define luck as seeing a "validation_chain"
section in a reply. I have verified that my context has proper trust
anchor(s).
It'd be great to be able to run some example code, C or Python, to rule
out local problems at my end.
My ultimate goal with this exercise is to understand what to pass in the
support_records argument to getdns_validate_dnssec(). The rationale
behind this is
https://getdnsapi.net/pipermail/users/2015-May/000032.html which says
--8<---------------cut here---------------start------------->8---
- bundle_of_support_records must be a list of DS's RR-dicts and DNSKEY
RR-dicts with companion RRSIG-RR-dicts that lead up from one of the
trust_anchors to the RR-dicts to validate.
...
If you would do a query with the "dnssec_return_validation_chain"
extension, you can use the "validation_chain" key in the response dict
as the bundle_of_support_records parameter ro getdns_validate_dnssec.
--8<---------------cut here---------------end--------------->8---
Thanks,
Linus
More information about the Users
mailing list