[dns-operations] security-aware stub resolver

Suresh Krishnaswamy suresh at sparta.com
Thu May 22 21:27:34 UTC 2008


Hi Joe,

I don't believe anyone mentioned this yet, but draft-hayatnagarkar- 
dnsext-validator-api has been available for a while now. The libval  
library (part of the DNSSEC-Tools distribution) implements this API,  
and a number of applications (patches for which are also available  
from the DNSSEC-Tools website) are capable of performing local DNSSEC  
validation using this library.  libval will do validation at the end  
system, in the application's memory space. It does some caching of  
its own, but it will happily defer to a recursive name server for  
query resolution when provided with one (it can do recursion if  
required); so that qualifies it as a validating security-aware stub  
resolver, I believe.

I'm not sure how many people are currently using the library outside  
our "laboratory", but dnssec-tools is available on Fedora as a yum  


More information about the dns-operations mailing list