[getdns-users] Example using the "dnssec_return_validation_chain" extension
Linus Nordberg
linus at nordberg.se
Thu Feb 11 11:13:01 UTC 2016
Willem Toorop <willem at nlnetlabs.nl> wrote
Thu, 11 Feb 2016 10:15:28 +0100:
| The dnssec_return_validation_chain extension currently works perfectly
| inn all possible circumstances. The chain will also contain proofs for
| insecure zones.
|
| The record_to_validate parameter to getdns_validate_dnssec() may now
| also contain a list of reply dicts to validate actual DNS packets. This
| allows to also validate proof of denial of existence or insecure
| NXDOMAINs etc.
Thanks for the update!
| The getdns_query program (did you compile the binary with
| --with-getdns_query ?) contains example usage of getdns_validate_dnssec
| and will revalidate the answer with getdns_validate_dnssec() when the
| dnssec_return_validation_chain was used. This happens in function
| validate_chain on line 537 of getdns_query.c.
I had failed to notice the src/test directory. This is very useful.
More information about the Users
mailing list