On 8/10/16 4:49 AM, Stuart Henderson wrote: > I think the best way will be to write a port for libunbound.
Getting a port out for libgetdns (http://getdnsapi.org/) has been on my to-do list for some time and it should probably be bumped up in priority. I had been waiting for the 1.1 release. The data structures are kind of a PITA but you may prefer it for dnssec validation, etc., plus it already has support for privacy- preserving queries (TLS transport options), roadblock avoidance, and so on. The validator is pretty flexible. Although it says "unbound security" we've removed the unbound dependency - at this point the only thing you'd need unbound for is to retrieve and install the dnssec trust anchor. Melinda
signature.asc
Description: OpenPGP digital signature