Bug #224

dnssec-tools would be a good package to make

Added by Dave Täht on Aug 4, 2011. Updated on Apr 21, 2012.
Closed Normal Evan Hunt

Description

It looks like dnssec can be made much more manageable with a port of the dnssec-tools,
available here:

http://www.dnssec-tools.org/

History

Updated by Dave Täht on Aug 11, 2011.
steve got dnssec-tools ported and they are in the rc5 build. Yea! What are they good for, again?
Updated by Evan Hunt on Aug 14, 2011.
There’s a bunch of stuff in dnssec-tools (some of which, AIUI, duplicates functionality already available in BIND 9).

The only bit I was interested in was libval, which has DNSSEC-validating versions of the get*by*() and get*info() functions. https://www.dnssec-tools.org/wiki/index.php/Libval_and_libsres

Updated by Dave Täht on Aug 16, 2011.
what I want is the NON dnssec validating versions of those functions! Not in there?
Updated by Evan Hunt on Aug 16, 2011.
Dave Täht wrote:
> what I want is the NON dnssec validating versions of those functions! Not in there?

No, what you want is the validating version.

The standard getaddrinfo() simply asks the resolver for an address. The resolver attempts to validate the data, fails, and returns SERVFAIL; you get nothing.

The validating version (I believe it’s called val_getaddrinfo()) takes responsibility for validation by itself. It asks the resolver to provide the address data and associated DNSSEC data, warts and all, without validating it. (In other words it sets the CD bit on the query.) Then it does its own validation. What you get is the data requested, plus information about its validity, so you can decide for yourself whether to use the information or not.

Honestly, what you really want is a simple flag to getaddrinfo() to set the CD bit. But val_getaddrinfo() is one way to get there without having to muck with glibc or whatever library getaddrinfo() lives in.

Updated by Dave Täht on Aug 16, 2011.
Well, getting this right is on my list for RC6 or RC7. But I’m buried at a conference all week.
Updated by Dave Täht on Sep 17, 2011.
Updated by Dave Täht on Apr 21, 2012.

This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.
RSS feed

Recent News & Articles

Mar 21, 2019 Wiki page
Dave Taht's Take on TCP
Mar 17, 2019 Wiki page
Jake Holland's Stance on ECN
Sep 6, 2018 Wiki page
Pete Heist's Thoughts on ECN
Sep 5, 2018 Wiki page
Dave Taht's Stance on ECN
Sep 4, 2018 Wiki page
Jonathan Morton's Take on ECN

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine

Sponsors

Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation
GoFundMe

Bufferbloat Related Projects

Congestion Control Blog
Lede Project (OpenWrt)
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG

Network Performance Related Resources


Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".