[ldns-users] DNSSEC (was Re: function call backs in ldns_resolver_send*?)
Paul Wouters
paul at xelerance.com
Wed Dec 15 21:00:57 UTC 2010
On Wed, 15 Dec 2010, Miek Gieben wrote:
> No, I mean: do an insecure lookup
Eww. I hope we can move away from that completely :P
>> In short, should openswan link a secure resolver library and cache, or trust the AD bit
>> on localhost? (or other last mile solution IETF comes up with)
>
> use the local resolver
> dont trust the local resolver
> do the validation yourself
If you do validation yourself, I guess you also have to cache yourself?
So then I guess stubunbound should be used? or just libunbound and take
the hit from talking repeatedly to the local resolver cache?
Would implementing either be very different? Can we do libunbound first and
stubunbound later? Wouter? :)
Paul
More information about the ldns-users
mailing list