[ldns-users] Configuring a trust anchor in ldns ?
Simon Vallet
svallet at genoscope.cns.fr
Fri May 4 14:52:33 UTC 2007
Hi,
trying to implement a quick-and-dirty signature verification, I
stumbled on the issue of trust anchor configuration -- this is what I'm
doing :
-> fetch the RR I need
-> fetch the corresponding DNSKEY
-> call ldns_verify()
The key in question is a ZSK, which is signed by a domain-wide KSK. Now
since global DNSSEC deployment will probably take a while, I'd like to
configure this KSK as a trust anchor in ldns.
I see entries for TSIG keys in the ldns_struct_resolver struct, but not
any for trust anchors. Is there a reason for this ?
Thanks,
Simon
More information about the ldns-users
mailing list