[ldns-users] Configuring a trust anchor in ldns ?

Simon Vallet svallet at genoscope.cns.fr
Fri May 4 14:52:33 UTC 2007


Hi,

trying to implement a quick-and-dirty signature verification, I
stumbled on the issue of trust anchor configuration -- this is what I'm
doing :

-> fetch the RR I need
-> fetch the corresponding DNSKEY
-> call ldns_verify()

The key in question is a ZSK, which is signed by a domain-wide KSK. Now
since global DNSSEC deployment will probably take a while, I'd like to
configure this KSK as a trust anchor in ldns.

I see entries for TSIG keys in the ldns_struct_resolver struct, but not
any for trust anchors. Is there a reason for this ?

Thanks,
Simon



More information about the ldns-users mailing list