[ldns-users] Configuring a trust anchor in ldns ?
jelte at NLnetLabs.nl
Sun May 6 14:24:15 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Simon Vallet wrote:
> trying to implement a quick-and-dirty signature verification, I
> stumbled on the issue of trust anchor configuration -- this is what I'm
> doing :
> -> fetch the RR I need
> -> fetch the corresponding DNSKEY
> -> call ldns_verify()
> The key in question is a ZSK, which is signed by a domain-wide KSK. Now
> since global DNSSEC deployment will probably take a while, I'd like to
> configure this KSK as a trust anchor in ldns.
> I see entries for TSIG keys in the ldns_struct_resolver struct, but not
> any for trust anchors. Is there a reason for this ?
the functions in the main library only verify signatures and keys
directly. There is functionality to find the KSK but this is only in
drill, since this is part of chasing/tracing and 'complete' validation,
which hasn't made it back to the main library yet (the present code is
too specific and not really ready for that (yet)).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the ldns-users