This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: resolv.conf format for DNSSEC [was: DNSSEC support in stub-resolver]

From: Nikos Mavrogiannopoulos <nmav at redhat dot com>
To: Roland McGrath <roland at hack dot frob dot com>
Cc: libc-alpha at sourceware dot org
Date: Fri, 13 Jun 2014 13:32:10 +0200
Subject: Re: resolv.conf format for DNSSEC [was: DNSSEC support in stub-resolver]
Authentication-results: sourceware.org; auth=none
References: <535E41F5 dot 5020109 at redhat dot com> <loom dot 20140612T135904-448 at post dot gmane dot org> <20140612160823 dot E308B2C39C1 at topped-with-meat dot com>

On Thu, 2014-06-12 at 09:08 -0700, Roland McGrath wrote:
> Are there other systems with DNSSEC support built in?
> What syntax do they use for resolv.conf?

I'm not aware of any system with dnssec built-in on libc and the ones I
know I don't think they distinguish between trusted and non-trusted name
servers. As it is now applications use external libraries for the dnssec
operations (e.g., libunbound, or APIs like [0,1]), and these libraries
have their own configuration, rather than rely on resolv.conf.

regards,
Nikos

[0].
http://tools.ietf.org/html/draft-hayatnagarkar-dnsext-validator-api-09
[1]. http://www.vpnc.org/getdns-api/

Follow-Ups:
- Re: resolv.conf format for DNSSEC [was: DNSSEC support in stub-resolver]
  - From: Rich Felker
- Re: resolv.conf format for DNSSEC [was: DNSSEC support in stub-resolver]
  - From: Petr Spacek

References:
- resolv.conf format for DNSSEC [was: DNSSEC support in stub-resolver]
  - From: Nikos Mavrogiannopoulos
- Re: resolv.conf format for DNSSEC [was: DNSSEC support in stub-resolver]
  - From: Roland McGrath

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]