[dns-operations] DNSSEC validation using DS records as trust anchors
Tony Finch
dot at dotat.at
Tue Jan 3 20:52:46 UTC 2017
Emil Natan <e at foowatch.com> wrote:
>
> I'm looking for DNSSEC validation tool/library (ideally
> PHP/Python/shell)
> which can perform validation on a DNSKEY record using trust anchor
> provided as DS record.
This probably doesn't solve enough of your problem, but you can use
BIND's dnssec-dsfromkey or ldns's key2ds programs. Convert each KSK to a
DS using either of these programs, and check that one matches the DS
from the parent zone.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--
zr8h punycode
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170103/16d42a60/attachment.html>
More information about the dns-operations
mailing list