1
2getdns_validate_dnssec(3) getdns getdns_validate_dnssec(3)
3
4
5
7 getdns_validate_dnssec -- DNSSEC validate a given getdns record
8
9
11 DNS Resolver library (libgetdns, -lgetdns)
12
13
15 #include <getdns.h>
16
17 getdns_return_t
18 getdns_validate_dnssec (getdns_list *record_to_validate,
19 getdns_list *bundle_of_support_records,
20 getdns_list *trust_anchor_records)
21
22
24 If an application wants the API to perform DNSSEC validation without
25 using the extensions, it can use the getdns_validate_dnssec() helper
26 function. The API will use the resource records in bundle_of_sup‐
27 port_records to construct the validation chain and the DNSKEY or DS
28 records in trust_anchor_records as trust anchors. The default list of
29 trust anchor records that is used by the library to validate DNSSEC can
30 be retrieved by using the getdns_root_trust_anchor helper function.
31
32
33 record_to_validate the resource record being validated
34
35
36 bundle_of_support_records records used to construct the validation
37 chain
38
39
40 trust_anchor_records trust anchor records to use for the validation
41
42
43
44
46 GETDNS_DNSSEC_BOGUS the DNSSEC signature is bogus
47
48 GETDNS_DNSSEC_INDETERMINATE validation could not be completed
49
50 GETDNS_DNSSEC_INSECURE one or more pieces of the validation chain are
51 demonstrably incorrect
52
53 GETDNS_DNSSEC_SECURE validation succeeded
54
55 GETDNS_RETURN_MEMORY_ERROR an attempt to allocate memory failed
56
57
59 TBD
60
61
63 getdns_root_trust_anchor(3) libgetdns(3)
64
65
66
67
68getdns 1.5.2 December 2015 getdns_validate_dnssec(3)