DNSSEC support in c-ares-1.18.1
Brad House
brad at brad-house.com
Thu Jan 13 22:37:07 CET 2022
C-ares does not have the capability to perform DNSSEC validation on its
own.
On 1/13/22 12:44 PM, Anant wrote:
> Thanks Brad! appreciate the quick response.
>
> Our query was in the context of a "Security-Aware Resolver" using
> C-ares. We were wondering if something similar to what "bind" provides
> is there in C-ares too.
>
> I see that there are some relevant changes in ares_nameser.h but do
> not see anything relevant while creating queries/parsing answers.
>
> Is C-ares not intended to be used by "Security-Aware Resolvers"?
>
> Regards
> Anant
>
>
> On Thu, 13 Jan 2022 at 22:07, Brad House via c-ares
> <c-ares at lists.haxx.se> wrote:
>
> DNSSEC verification is the responsibility of the DNS server, and
> not of the client side. The DNS server the client connects to
> performs the actual recursive lookups and performs the DNSSEC
> validation, so yes, you need to make sure the DNS server you are
> using is trusted.
>
> On 1/13/22 8:11 AM, Anant via c-ares wrote:
>> Hi,
>>
>> Do we have support for DNSSEC in 1.18.1?
>>
>> Iam exploring the src and see that there are some relevant
>> changes in header files but I do not see that in query and answer
>> handling.
>> Regards
>> Anant
>>
>
> --
> c-ares mailing list
> c-ares at lists.haxx.se
> https://lists.haxx.se/listinfo/c-ares
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.haxx.se/pipermail/c-ares/attachments/20220113/d484cca0/attachment.htm>
More information about the c-ares
mailing list