DNSSEC support in c-ares-1.18.1
anantkishorsharma at gmail.com
Mon Jan 17 05:46:20 CET 2022
Thanks Brad and Cristian for confirming. If I understand correctly, as of
now there is no plan to add DNSSEC in C-ares in future too.
On Fri, 14 Jan 2022 at 03:26, Cristian Rodríguez <crrodriguez at opensuse.org>
> DNSSEC has abysmal adoption rate.. adding more and more code to deal
> with it is not going to get it better, in fact will add more bugs and
> quirks to be aware of.
> it is better that you let your dns server do the job for you.
> On Thu, Jan 13, 2022 at 2:45 PM Anant via c-ares <c-ares at lists.haxx.se>
> > Thanks Brad! appreciate the quick response.
> > Our query was in the context of a "Security-Aware Resolver" using
> C-ares. We were wondering if something similar to what "bind" provides is
> there in C-ares too.
> > I see that there are some relevant changes in ares_nameser.h but do not
> see anything relevant while creating queries/parsing answers.
> > Is C-ares not intended to be used by "Security-Aware Resolvers"?
> > Regards
> > Anant
> > On Thu, 13 Jan 2022 at 22:07, Brad House via c-ares <
> c-ares at lists.haxx.se> wrote:
> >> DNSSEC verification is the responsibility of the DNS server, and not of
> the client side. The DNS server the client connects to performs the actual
> recursive lookups and performs the DNSSEC validation, so yes, you need to
> make sure the DNS server you are using is trusted.
> >> On 1/13/22 8:11 AM, Anant via c-ares wrote:
> >> Hi,
> >> Do we have support for DNSSEC in 1.18.1?
> >> I am exploring the src and see that there are some relevant changes in
> header files but I do not see that in query and answer handling.
> >> Regards
> >> Anant
> >> --
> >> c-ares mailing list
> >> c-ares at lists.haxx.se
> >> https://lists.haxx.se/listinfo/c-ares
> > --
> > c-ares mailing list
> > c-ares at lists.haxx.se
> > https://lists.haxx.se/listinfo/c-ares
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the c-ares