Another possible addition to the list for client-side validation: * getdns library: http://getdnsapi.net/
This is a library that implements the getdns API. Its default mode of operation is a full validating resolver, but it can also operate as a validating stub. --Shumon. On Wed, Aug 20, 2014 at 9:36 AM, Marco Davids (SIDN) <marco.dav...@sidn.nl> wrote: > Hi, > > DNSmasq indeed works quite well: > > (in Dutch) > > https://www.sidnlabs.nl/laatste-berichten/nieuwsdetail/article/dnssec-validatie-op-de-client-met-behulp-van-dnsmasq/ > > Speaking of client-side validation, Bloodhound might also proof to be > worthwhile. I like it: > https://www.dnssec-tools.org/wiki/index.php/Bloodhound > > And then there is also DNSSEC-trigger: > http://www.nlnetlabs.nl/projects/dnssec-trigger/ > (personally not one of my favorites, but I haven't played with it > recently, so my experience is probably outdated). > > If you use Linux and like to try out things, you might be interested in > this: https://github.com/edmonds/nss-ubdns. Not sure if that qualifies > as 'production-quality' though. > > Regards, > > -- > Marco > > > On 11/08/14 18:45, David Conrad wrote: > > Hi, > > > > I’m trying to collect an exhaustive list of (production-quality) DNSSEC > validating resolvers. The ones I know of so far are: > > > > BIND > > Unbound > > Nominum Vantio > > Google Public DNS > > > > Any others? > > > > (From looking at the website, PowerDNS Recursor doesn’t appear to > validate but I might be missing the obvious…) > > > > Thanks, > > -drc > > > > >