On Tue, Feb 13, 2018 at 12:42:26PM -0800, SIMON BABY wrote: > My requirement is to implement only the recursive resolve and validation > part of the DNSSEC in my client application. Our CPU and memory are very > limited. So I am not sure I can go and use BIND 9.
But why do you need your application to contain a recursive resolver? I can understand why you'd want a built-in validator, but you don't need to do full recursive resolution for that; you can send queries to an external resolver and then validate the responses. > With BIND 9, can I integrate the library in my application to send queries > and validate the answer in my client code itself. Can you please point if > any sample code. If you're content to do as I suggested above - send queries to an external resolver, validate the responses - then see the command 'delv' in the BIND 9 source tree; it does that. Implementing a full resolver with a library is possible in BIND 9.12, in which we spun off a lot of the name server code into a new libns library. I can't point you to any sample code other than named itself, though. Given what you said about limited CPU and memory, I can't really recommand either solution. I'd probably just use dnsmasq and turn on its DNSSEC validation option. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list firstname.lastname@example.org https://lists.isc.org/mailman/listinfo/bind-users