[dns-operations] DNSSEC validation using DS records as trust anchors

Emil Natan e at foowatch.com
Tue Jan 3 17:21:48 UTC 2017

Nope. What I need is to perform DNSSEC validation on DNSKEY RRset and DNSKEY RRSIG using a trust anchor in DS format.
Thank you.


-------- Original Message --------
Subject: Re: [dns-operations] DNSSEC validation using DS records as trust anchors
Local Time: January 3, 2017 7:12 PM
UTC Time: January 3, 2017 5:12 PM
From: rlegene at gmail.com
To: Emil Natan <e at foowatch.com>, dns-operations at dns-oarc.net <dns-operations at dns-oarc.net>

BIND and libdns both have tools to take a DNSKEY as input and output a DS. Then you can compare if that DS matches.

I think that is almost what you asked for?

On Tue, 3 Jan 2017 14:00 Emil Natan, <e at foowatch.com> wrote:


I'm looking for DNSSEC validation tool/library (ideally PHP/Python/shell) which can perform validation on a DNSKEY record using trust anchor provided as DS record.
The use case is Registry receives request for DS delegation data update, then it uses this data and the DNSKEY RRSet from the authoritative servers to validate the DNSKEY RRSIG.
Any recommendations will be much appreciated. Thank you in advance.


dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-operations mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170103/1df7be53/attachment.html>

More information about the dns-operations mailing list