This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 13.6.2014 13:32, Nikos Mavrogiannopoulos wrote:
On Thu, 2014-06-12 at 09:08 -0700, Roland McGrath wrote:Are there other systems with DNSSEC support built in? What syntax do they use for resolv.conf?I'm not aware of any system with dnssec built-in on libc and the ones I know I don't think they distinguish between trusted and non-trusted name servers. As it is now applications use external libraries for the dnssec operations (e.g., libunbound, or APIs like [0,1]), and these libraries have their own configuration, rather than rely on resolv.conf. regards, Nikos [0]. http://tools.ietf.org/html/draft-hayatnagarkar-dnsext-validator-api-09 [1]. http://www.vpnc.org/getdns-api/
I looked into it a bit it seems that neither from latest versions of (FreeBSD, OpenBSD, NetBSD) has support for DNSSEC as described in this thread.
From those three, only OpenBSD supports RES_USE_DNSSEC flag but I didn't find any means for declaring name servers as trusted or untrusted.
It seems we are first so we can define a new configuration option/format for this purpose.
Also, Nikos found out [1] that sometimes VPNs and DHCP clients overwrite /etc/resolv.conf completely so any new option will be lost.
Is it a good enough reason to create new file, let's say /etc/resolv-sec.conf for the purpose of declaring name servers as trusted?
Obvious advantage is that we could re-use existing file-parsing code :-) You can see proof-of-concept implementation for c-ares resolver library on: https://github.com/bagder/c-ares/pull/16I would be really glad if we could cooperate with other libraries to prevent us from being mutually incompatible.
So the most important question - is a new file acceptable? Do you have some better for it?
Have a nice day! [1] http://c-ares.haxx.se/mail/c-ares-archive-2014-06/0006.shtml -- Petr Spacek @ Red Hat
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |