[ldns-users] Given a DS and a DNSKEY, how do I check if the DS signs the DNSKEY?
Miek Gieben
miek at miek.nl
Mon Nov 18 14:21:19 UTC 2013
[ Quoting <calle at init.se> in "[ldns-users] Given a DS and a DNSKE..." ]
> Hello.
>
> I’ve been trying to figure this out from the documentation and the source code, but I’m not getting anywhere, so I thought I’d ask here.
>
> Given two ldns_rr objects, one of type LDNS_RR_TYPE_DS and one of type
> LDNS_RR_TYPE_DNSKEY, what do I need to do to find out if the DS correctly signs
> the DNSKEY? Pointers to what documentation to read is just as welcome as plain
> answers.
"signs"? I think you mean: is the DS is derived from the DNSKEY?
So I would just do that: convert to the DNSKEY to a DS and compare that to
the DS record you're holding.
grtz Miek
More information about the ldns-users
mailing list