C-ares does not have the capability to perform DNSSEC validation on its
own.
On 1/13/22 12:44 PM, Anant wrote:
Thanks Brad! appreciate the quick response.
Our query was in the context of a "Security-Aware Resolver" using
C-ares. We were wondering if something similar to what "bind" provides
is there in C-ares too.
I see that there are some relevant changes in ares_nameser.h but do
not see anything relevant while creating queries/parsing answers.
Is C-ares not intended to be used by "Security-Aware Resolvers"?
Regards
Anant
On Thu, 13 Jan 2022 at 22:07, Brad House via c-ares
<c-ares@lists.haxx.se> wrote:
DNSSEC verification is the responsibility of the DNS server, and
not of the client side. The DNS server the client connects to
performs the actual recursive lookups and performs the DNSSEC
validation, so yes, you need to make sure the DNS server you are
using is trusted.
On 1/13/22 8:11 AM, Anant via c-ares wrote:
Hi,
Do we have support for DNSSEC in 1.18.1?
Iam exploring the src and see that there are some relevant
changes in header files but I do not see that in query and answer
handling.
Regards
Anant
--
c-ares mailing list
c-ares@lists.haxx.se
https://lists.haxx.se/listinfo/c-ares
--
c-ares mailing list
c-ares@lists.haxx.se
https://lists.haxx.se/listinfo/c-ares