DNSSEC support in c-ares-1.18.1

Cristian Rodríguez crrodriguez at opensuse.org
Thu Jan 13 22:56:22 CET 2022


DNSSEC has abysmal adoption rate.. adding more and more code to deal
with it is not going to get it better, in fact will add more bugs and
quirks to be aware of.

it is better that you let your dns server do the job for you.


On Thu, Jan 13, 2022 at 2:45 PM Anant via c-ares <c-ares at lists.haxx.se> wrote:
>
> Thanks Brad! appreciate the quick response.
>
> Our query was in the context of a "Security-Aware Resolver" using C-ares. We were wondering if something similar to what "bind" provides is there in C-ares too.
>
> I see that there are some relevant changes in ares_nameser.h but do not see anything relevant while creating queries/parsing answers.
>
> Is C-ares not intended to be used by "Security-Aware Resolvers"?
>
> Regards
> Anant
>
>
> On Thu, 13 Jan 2022 at 22:07, Brad House via c-ares <c-ares at lists.haxx.se> wrote:
>>
>> DNSSEC verification is the responsibility of the DNS server, and not of the client side.  The DNS server the client connects to performs the actual recursive lookups and performs the DNSSEC validation, so yes, you need to make sure the DNS server you are using is trusted.
>>
>> On 1/13/22 8:11 AM, Anant via c-ares wrote:
>>
>> Hi,
>>
>> Do we have support for DNSSEC in 1.18.1?
>>
>> I am exploring the src and see that there are some relevant changes in header files but I do not see that in query and answer handling.
>> Regards
>> Anant
>>
>>
>> --
>> c-ares mailing list
>> c-ares at lists.haxx.se
>> https://lists.haxx.se/listinfo/c-ares
>
> --
> c-ares mailing list
> c-ares at lists.haxx.se
> https://lists.haxx.se/listinfo/c-ares


More information about the c-ares mailing list