dns icon indicating copy to clipboard operation
dns copied to clipboard

Published 20 hours ago verified publisher icon qdm12

feat(dnssec): new `pkg/dnssec` package

Open qdm12 opened this issue 3 years ago • 0 comments

  • [x] Iterative DNSSEC validation
  • [ ] Metrics: secure, insecure, bogus
  • [x] Validate root zone with hardcoded DS record from IANA
  • [ ] Auto-update root zone DS record
  • [ ] Caching?
    • [ ] Use custom caching or DNS request/response existing cache interface?
    • [ ] Can DoT/DoH handlers only add to cache if DNSSEC validated (to check depending on strict mode)
  • [x] Handle NSEC and/or NSEC3
  • [ ] Strict mode to reject insecure responses

qdm12 avatar Dec 30 '21 17:12 qdm12