<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
C-ares does not have the capability to perform DNSSEC validation on
its own.<br>
<br>
<div class="moz-cite-prefix">On 1/13/22 12:44 PM, Anant wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAKkFw4vBYdDgUQ5YKbYMqzbTt_XWPf6tS_fHCizpLbd13hozfg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_default" style="font-family:courier
new,monospace">Thanks Brad! appreciate the quick response.<br>
</div>
<div class="gmail_default" style="font-family:courier
new,monospace"><br>
</div>
<div class="gmail_default" style="font-family:courier
new,monospace">Our query was in the context of a
"Security-Aware Resolver" using C-ares. We were wondering if
something similar to what "bind" provides is there in C-ares
too. <br>
</div>
<div class="gmail_default" style="font-family:courier
new,monospace"><br>
</div>
<div class="gmail_default" style="font-family:courier
new,monospace">I see that there are some relevant changes in
ares_nameser.h but do not see anything relevant while creating
queries/parsing answers.</div>
<div class="gmail_default" style="font-family:courier
new,monospace"><br>
</div>
<div class="gmail_default" style="font-family:courier
new,monospace">Is C-ares not intended to be used by
"Security-Aware Resolvers"?</div>
<div class="gmail_default" style="font-family:courier
new,monospace"><br>
</div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr"><span style="font-family:courier
new,monospace">Regards</span><br
style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">Anant</span><br>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, 13 Jan 2022 at 22:07,
Brad House via c-ares <<a
href="mailto:c-ares@lists.haxx.se" moz-do-not-send="true"
class="moz-txt-link-freetext">c-ares@lists.haxx.se</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div> DNSSEC verification is the responsibility of the DNS
server, and not of the client side. The DNS server the
client connects to performs the actual recursive lookups and
performs the DNSSEC validation, so yes, you need to make
sure the DNS server you are using is trusted.<br>
<br>
<div>On 1/13/22 8:11 AM, Anant via c-ares wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:courier
new,monospace">Hi,</div>
<div class="gmail_default" style="font-family:courier
new,monospace"><br>
</div>
<div class="gmail_default" style="font-family:courier
new,monospace">Do we have support for DNSSEC in
1.18.1?</div>
<div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><span class="gmail_default"
style="font-family:courier new,monospace">I</span><span
class="gmail_default" style="font-family:courier
new,monospace"> am exploring the src and see that
there are some relevant changes in header files
but I do not see that in query and answer
handling.</span></div>
<div dir="ltr"><span class="gmail_default"
style="font-family:courier new,monospace"></span>
<div dir="ltr"><span style="font-family:courier
new,monospace">Regards</span><br
style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">Anant</span><br>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
</blockquote>
<br>
</div>
-- <br>
c-ares mailing list<br>
<a href="mailto:c-ares@lists.haxx.se" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">c-ares@lists.haxx.se</a><br>
<a href="https://lists.haxx.se/listinfo/c-ares"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.haxx.se/listinfo/c-ares</a><br>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>