DNSSEC support in c-ares-1.18.1

Anant anantkishorsharma at gmail.com
Thu Jan 13 18:44:57 CET 2022

Thanks Brad! appreciate the quick response.

Our query was in the context of a "Security-Aware Resolver" using C-ares.
We were wondering if something similar to what "bind" provides is there in
C-ares too.

I see that there are some relevant changes in ares_nameser.h but do not see
anything relevant while creating queries/parsing answers.

Is C-ares not intended to be used by "Security-Aware Resolvers"?


On Thu, 13 Jan 2022 at 22:07, Brad House via c-ares <c-ares at lists.haxx.se>

> DNSSEC verification is the responsibility of the DNS server, and not of
> the client side.  The DNS server the client connects to performs the actual
> recursive lookups and performs the DNSSEC validation, so yes, you need to
> make sure the DNS server you are using is trusted.
> On 1/13/22 8:11 AM, Anant via c-ares wrote:
> Hi,
> Do we have support for DNSSEC in 1.18.1?
> I am exploring the src and see that there are some relevant changes in
> header files but I do not see that in query and answer handling.
> Regards
> Anant
> --
> c-ares mailing list
> c-ares at lists.haxx.se
> https://lists.haxx.se/listinfo/c-ares
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.haxx.se/pipermail/c-ares/attachments/20220113/083832df/attachment.htm>

More information about the c-ares mailing list