Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 21 Mar 2014, Lennart Poettering wrote:

As long as -lresolve (i.e. glibc and getaddrinfo()) can't do DNSSEC it's
just not there...

You are proposing changing the api of getaddrinfo()? Could luck with
that?

Yes, applications that want to see DNSSEC results will have to do a little bit
of extra work. It's not the end of the world. Applications that only
care about the DNS being protected should just continue their current
API, and hopefully resolv.conf points to localhost so the local DNS
server will return ServFail's to the applications for spoofed DNS.

Some progress is being made elsewhere to come up with an API that's
somewhere in the middle between blind AD bit trust and running a
full dnssec cache in the application, eg getdns api:

https://bugzilla.redhat.com/show_bug.cgi?id=1070510

Ah, yet another DNS API... Because we have so few... A library with an
API of getdns_list_create_with_extended_memory_functions() looks really
promising... not!

It's built on top of libunbound. You can use libunbound directly.

Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux