According to Rithvik Vibhu <[email protected]>: >Does anyone know of an existing library that only does DNSSEC validation >without resolution? Preferably in go, but any other language will do at >least as reference.
The dnspython library has a validation routine that takes an rrset, a signature, and a set of dnskeys and tells you whether the signature is good. If you want to follow the DS chain you'll have to do that yourself but having just written a stunt DNSSEC signing server, I can say that the code to do the chaining would not be hard. R's, John -- Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
