[getdns-users] STUB mode, does it validate DNSSEC security?
Willem Toorop
willem at nlnetlabs.nl
Fri Feb 26 09:13:49 UTC 2016
Op 25-02-16 om 10:20 schreef Rick van Rein:
> Finally, if I was making an easy API to DNS then I would have
> created"DNS objects"that hold a path ("lookup SRV, take out port and
> protocol, lookup TLSA record") to a piece of data in DNS, to which they
> "subscribe" by holding it in memory and renewing it just before TTL
> expiration if not yet removed (deleted or GC'd). I would have the
> object send notifications to all listeners (such as "validated
> certificate" objects) if anything changed to the DNS data during a
> refresh, including to its validity in terms of DNSSEC. But that's just
> thinking out loud.
Hey Rick!
A subscription service for DNS information (or on a DNS cache even),
taking into account DNS redirects (by SRV, CNAME, MX, NS, or whatever).
I like that idea a lot! This would work perfectly well with the whole
eventloop approach that getdns embraces too.
It would also be in line with the "small cache for the sub resolver (for
DS/DNSKEY (or their denial of existence) only in first instance)"
feature that we have on our wishlist.
This would be a great hackathon project for the IETF95 too.
Too many fun & interesting things to do, too little time... :(
Maybe we could discuss API prototypes for such an API if your in the
neighbourhood sometime?
-- Willem
>
>
> Thanks,
> -Rick
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> http://getdnsapi.net/mailman/listinfo/users
>
More information about the Users
mailing list