Rich Felker:
> > > > Do let us know when libc-musl provides an indication whether a DNS
> > > > lookup result is authentic (DNSSEC pass).
> > >
> > > It is now in master. I've also recommended the patch to Alpine.
> >
> > A pointer to how one would use the updated code would be welcome,
> > perhaps a pointer to the submit message.
>
> https://git.musl-libc.org/cgit/musl/commit/?id=fd7ec068efd590c0393a612599a4fab9bb0a8633
I understand that the AD (authentic data) bit now is 'true' if
DNSSEC validation was successful. Thanks for that.
Meanwhile I'll look into the possibility of a quick runtime check
whether AD is propagated. It may be missing for reasons that have
nothing to do with libc-musl.
That would harden the DANE implementation agains accidental
deployment in an environment that does no DNSSEC validation.
Wietse
