[DNSSEC-Transparency] Status 2016-04-08
14 Apr
2016
14 Apr
'16
2:16 p.m.
On Thu, 14 Apr 2016, Linus Nordberg wrote:
| There is already a flexible binary logging facility
implemented in
| multiple DNS resolvers: http://dnstap.info/. I think at least BIND,
| Unbound, and Knot Resolver already have support in their mainline
That's interesting for at least one of the cases. Thanks!
| It's not particularly well documented how to do these kinds of
| extensions to dnstap, but if you can pinpoint where exactly in e.g. the
| Unbound code you would want to capture the DS record data (and any
| needed metadata?) I can help with making the necessary modifications.
Thanks for the offer!
I will wait a bit in the hope that someone working on the client side
pick this up.
Note that during the last IETF hackathon, work was done to support
edns-query-chain, which would also give you the entire chain you
want in one dns packet. I would be really tempted to use that as
a client implementation.
Paul