[Openswan dev] [ldns-users] DNSSEC (was Re: function call backs in ldns_resolver_send*?)
Paul Wouters
paul at xelerance.com
Wed Dec 15 16:03:05 EST 2010
On Wed, 15 Dec 2010, Paul Wouters wrote:
>> use the local resolver
>> dont trust the local resolver
>> do the validation yourself
>
> If you do validation yourself, I guess you also have to cache yourself?
Additionally, you have to figure out where to put the trust anchors. If you
can't trust the local resolver to validate, you can't trust it for its
trust anchors either. Would openswan need an option to load trust anchors?
Not sure I like the way this is going :P
Paul
More information about the Dev
mailing list