[Openswan dev] [ldns-users] DNSSEC (was Re: function call backs in ldns_resolver_send*?)

Paul Wouters paul at xelerance.com
Wed Dec 15 16:03:05 EST 2010


On Wed, 15 Dec 2010, Paul Wouters wrote:

>> use the local resolver
>> dont trust the local resolver
>> do the validation yourself
>
> If you do validation yourself, I guess you also have to cache yourself?

Additionally, you have to figure out where to put the trust anchors. If you
can't trust the local resolver to validate, you can't trust it for its
trust anchors either. Would openswan need an option to load trust anchors?

Not sure I like the way this is going :P

Paul


More information about the Dev mailing list