Broken trust anchor files are silently ignored

getdnsapi / getdns

A modern asynchronous DNS API https://getdnsapi.net/

Other

461 stars 127 forks source link

Broken trust anchor files are silently ignored #536

Closed bortzmeyer closed 1 year ago

bortzmeyer commented 1 year ago

./getdns_query  @127.0.0.1:3553 +dnssec_return_status -f /etc/modules -s -D test SOA

(No error message displayed, despite the fact that /etc/modules has an unexpected syntax...)

bortzmeyer commented 1 year ago

Thanks. Now, if I may, what is the expected format of this file? I don't find it in the documentations.

wtoorop commented 1 year ago

Thanks. Now, if I may, what is the expected format of this file? I don't find it in the documentations.

It expects resource records in presentation format. DS and DNSKEY records will be used as trust anchors for their owner domain name. I suspect that missing DS and DNSKEY resource records will be ignored. The -f option to getdns_query is basically a combination of getdns_fp2rr_list() and getdns_context_set_dnssec_trust_anchors()