feature request: modify getrrsetbyname() to use libunbound
Peter Stuge
peter at stuge.se
Sat May 19 03:09:38 EST 2012
Luca Filipozzi wrote:
> > But before we invest more time in this effort, it would be helpful to
> > hear upstream's opinion regarding our request for anchored DNSSEC
> > validation to be built into openssh.
> >
> > We don't want to trust on an upstream resolver's AD bit and we don't
> > want to require that users install a local resolver. Do they concur?
>
> Alternately, would it be helpful to take Robert's suggestion of a
> StrictDnssecChecking configuration directive and apply it to the ldns
> implementation in 6.0p1? This would avoid introducing new dependencies
> (unbound, dnssec-tools) while achieving the suggested functionality.
I think this sounds like a good idea. I guess the patch will also be
quite small? Remember to also look at what is going on upstream, ie.
in OpenSSH within OpenBSD.
//Peter
More information about the openssh-unix-dev
mailing list