Hello, Is there any way for an asynchronous program to get a preview of DNS data that is in the process of being validated?
For instance, we sometimes need to go over these three records in a sequence... _kerberos.arpa2.org. IN TXT "ARPA2.ORG" _kerberos._udp.arpa2.org. IN SRV 10 10 88 ... _88._udp.arpa2.org. IN TLSA ... ...and could imagine speeding up this enforced sequence by using the insecure data as a hint, and later mop up all the security status of the three components (before acting on it externally). FWIW, I sent a similar question to the GetDNS users list, with more elaborate information on this use case; we use this for Kerberos realm crossover. The last two steps also need to be sequentially ordered for DANE when we access a remote LDAP directory from our TLS Pool. The _kerberos TXT record is described in draft-vanrein-dnstxt-krb1 which currently sits in the RFC editor queue. Cheers, -Rick
