[getdns-api] DNSSEC as stub
Willem Toorop
willem at nlnetlabs.nl
Fri Oct 24 12:01:06 CEST 2014
Dear list,
We (developers of this getdns API implementation:
https://github.com/getdnsapi/getdns) consider the ability to do DNSSEC
validation as a stub, to be one of the most attractive and important
features of our library. Unfortunately the specification mentions in
the last paragraph of section 3.1:
"If a request is using a context in which stub resolution is set, and
that request also has any of the dnssec_return_status,
dnssec_return_only_secure, or dnssec_return_validation_chain extensions
specified, the API will not perform the request and will instead return
an error of GETDNS_RETURN_DNSSEC_WITH_STUB_DISALLOWED."
We would like to rephrase this as follows:
"Implementations not capable of performing DNSSEC in stub resolution
mode may indicate this by not performing a request and instead return an
error of GETDNS_RETURN_DNSSEC_WITH_STUB_DISALLOWED when using a context
in which stub resolution is set, and having any of the
dnssec_return_status, dnssec_return_only_secure, or
dnssec_return_validation_chain extensions specified"
OK? Comments appreciated.
-- Willem
_______________________________________________
getdns-api mailing list
getdns-api at vpnc.org
More information about the spec
mailing list