Provided by: libgetdns-dev_0.9.0-1_amd64 bug

NAME

       getdns_validate_dnssec -- DNSSEC validate a given getdns record

LIBRARY

       DNS Resolver library (libgetdns, -lgetdns)

SYNOPSIS

       #include <getdns.h>

       getdns_return_t
       getdns_validate_dnssec (getdns_list *record_to_validate,
          getdns_list *bundle_of_support_records,
          getdns_list *trust_anchor_records)

DESCRIPTION

       If an application wants the API to perform DNSSEC validation without using the extensions,
       it can use the getdns_validate_dnssec() helper function. The API  will  use  the  resource
       records  in  bundle_of_support_records to construct the validation chain and the DNSKEY or
       DS records in trust_anchor_records as trust anchors. The  default  list  of  trust  anchor
       records  that  is  used  by  the  library to validate DNSSEC can be retrieved by using the
       getdns_root_trust_anchor helper function.

       record_to_validate the resource record being validated

       bundle_of_support_records records used to construct the validation chain

       trust_anchor_records trust anchor records to use for the validation

RETURN VALUES

       GETDNS_DNSSEC_BOGUS the DNSSEC signature is bogus

       GETDNS_DNSSEC_INDETERMINATE validation could not be completed

       GETDNS_DNSSEC_INSECURE one or  more  pieces  of  the  validation  chain  are  demonstrably
       incorrect

       GETDNS_DNSSEC_SECURE validation succeeded

       GETDNS_RETURN_MEMORY_ERROR an attempt to allocate memory failed

EXAMPLES

       TBD

SEE ALSO

       getdns_root_trust_anchor(3) libgetdns(3)