Thanks Brad and Cristian for confirming. If I understand correctly, as of now there is no plan to add DNSSEC in C-ares in future too.
Regards Anant On Fri, 14 Jan 2022 at 03:26, Cristian RodrÃguez <crrodrig...@opensuse.org> wrote: > DNSSEC has abysmal adoption rate.. adding more and more code to deal > with it is not going to get it better, in fact will add more bugs and > quirks to be aware of. > > it is better that you let your dns server do the job for you. > > > On Thu, Jan 13, 2022 at 2:45 PM Anant via c-ares <c-ares@lists.haxx.se> > wrote: > > > > Thanks Brad! appreciate the quick response. > > > > Our query was in the context of a "Security-Aware Resolver" using > C-ares. We were wondering if something similar to what "bind" provides is > there in C-ares too. > > > > I see that there are some relevant changes in ares_nameser.h but do not > see anything relevant while creating queries/parsing answers. > > > > Is C-ares not intended to be used by "Security-Aware Resolvers"? > > > > Regards > > Anant > > > > > > On Thu, 13 Jan 2022 at 22:07, Brad House via c-ares < > c-ares@lists.haxx.se> wrote: > >> > >> DNSSEC verification is the responsibility of the DNS server, and not of > the client side. The DNS server the client connects to performs the actual > recursive lookups and performs the DNSSEC validation, so yes, you need to > make sure the DNS server you are using is trusted. > >> > >> On 1/13/22 8:11 AM, Anant via c-ares wrote: > >> > >> Hi, > >> > >> Do we have support for DNSSEC in 1.18.1? > >> > >> I am exploring the src and see that there are some relevant changes in > header files but I do not see that in query and answer handling. > >> Regards > >> Anant > >> > >> > >> -- > >> c-ares mailing list > >> c-ares@lists.haxx.se > >> https://lists.haxx.se/listinfo/c-ares > > > > -- > > c-ares mailing list > > c-ares@lists.haxx.se > > https://lists.haxx.se/listinfo/c-ares >
-- c-ares mailing list c-ares@lists.haxx.se https://lists.haxx.se/listinfo/c-ares