[dns-operations] security-aware stub resolver
Suresh Krishnaswamy
suresh at sparta.com
Thu May 22 21:27:34 UTC 2008
>
Hi Joe,
I don't believe anyone mentioned this yet, but draft-hayatnagarkar-
dnsext-validator-api has been available for a while now. The libval
library (part of the DNSSEC-Tools distribution) implements this API,
and a number of applications (patches for which are also available
from the DNSSEC-Tools website) are capable of performing local DNSSEC
validation using this library. libval will do validation at the end
system, in the application's memory space. It does some caching of
its own, but it will happily defer to a recursive name server for
query resolution when provided with one (it can do recursion if
required); so that qualifies it as a validating security-aware stub
resolver, I believe.
I'm not sure how many people are currently using the library outside
our "laboratory", but dnssec-tools is available on Fedora as a yum
update.
HTH,
Suresh
More information about the dns-operations
mailing list