Hi, I'm looking for a good way to validate DNSSEC for a chain of records, offline. I mean: given a list of records including all RRSIGs, NSECs, etc.), verify that all the signatures match and the whole trust chain leads to a trust anchor.
I've seen a few libraries, but at least in golang, most packages either don't validate DNSSEC on their own (ex: stub resolvers) or the DNSSEC validation is tightly integrated with the recursor code that handles querying for any required records. Does anyone know of an existing library that only does DNSSEC validation without resolution? Preferably in go, but any other language will do at least as reference. Thanks, Rithvik Vibhu
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
