[dns-operations] Offline DNSSEC Validation

[John Levine]

According to Rithvik Vibhu <rithvikvibhu at gmail.com>:
>Does anyone know of an existing library that only does DNSSEC validation
>without resolution? Preferably in go, but any other language will do at
>least as reference.

The dnspython library has a validation routine that takes an rrset, a
signature, and a set of dnskeys and tells you whether the signature is
good. If you want to follow the DS chain you'll have to do that
yourself but having just written a stunt DNSSEC signing server, I can
say that the code to do the chaining would not be hard.

R's,
John
-- 
Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly