[dns-operations] DNSSEC validation using DS records as trust anchors
Robert Martin-Legene
rlegene at gmail.com
Tue Jan 3 17:12:00 UTC 2017
BIND and libdns both have tools to take a DNSKEY as input and output a DS.
Then you can compare if that DS matches.
I think that is almost what you asked for?
On Tue, 3 Jan 2017 14:00 Emil Natan, <e at foowatch.com> wrote:
> Hello,
>
> I'm looking for DNSSEC validation tool/library (ideally PHP/Python/shell)
> which can perform validation on a DNSKEY record using trust anchor provided
> as DS record.
> The use case is Registry receives request for DS delegation data update,
> then it uses this data and the DNSKEY RRSet from the authoritative servers
> to validate the DNSKEY RRSIG.
> Any recommendations will be much appreciated. Thank you in advance.
>
> Emil
>
>
>
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170103/4370e17d/attachment.html>
More information about the dns-operations
mailing list