libsresolv

About

libsresolv is a library built with the BIND toolkit. It comes as a patch over the BIND 9.3 sources. It contains a DNSSEC resolver and validator. The goal is to show anything that can be proved from a DNSSEC answer. The validator proves positive and negative anwsers(it can prove that a domain doesn't exist), it can also prove that some domain are empty non-terminal ones. libsresolv performs bottom-up validation, it is signature oriented.

Compiling and installing

Once the patch is applied you must configure your BIND with OpenSSL(for DNSSEC support --with-openssl) and with libbind enabled(--enable-libbind). Just compile BIND and you should have libsresolv.

The patch contains a "proof of concept" program of that library: the bin/dnssec/dnssec-check program, it is a kind of dig with DNSSEC validation. It is the equivalent of the dnssec-check program in the DNSsecToolkit package.

Downloads

Things can be downloaded from here:

      ftp://idsa.irisa.fr/local/idsa/code/patch-bind/sresolv/