Rich Felker: > > > > Do let us know when libc-musl provides an indication whether a DNS > > > > lookup result is authentic (DNSSEC pass). > > > > > > It is now in master. I've also recommended the patch to Alpine. > > > > A pointer to how one would use the updated code would be welcome, > > perhaps a pointer to the submit message. > > https://git.musl-libc.org/cgit/musl/commit/?id=fd7ec068efd590c0393a612599a4fab9bb0a8633
I understand that the AD (authentic data) bit now is 'true' if DNSSEC validation was successful. Thanks for that. Meanwhile I'll look into the possibility of a quick runtime check whether AD is propagated. It may be missing for reasons that have nothing to do with libc-musl. That would harden the DANE implementation agains accidental deployment in an environment that does no DNSSEC validation. Wietse