[dnssec-deployment] Seeking early users for Unbound.

[Suresh Krishnaswamy]

> On Feb 14, 2008, at 8:37 AM, Olaf Kolkman wrote:
>>
>> Also we would be interested in seeing people use the library API  
>> of unbound that is specifically targeted to bring DNSSEC  to the  
>> application.
>>
>> More information can be found on http://unbound.net/ a mini  
>> tutorial on the library API and other documentation can be found  
>> at http://www.unbound.net/documentation/index.html. A users  
>> mailinglist is available at http://unbound.net/mailman/listinfo/ 
>> unbound-users.
>>

Hi Olaf,

I looked at this a bit, and the immediate question that came to my  
mind is why Unbound exports a different API than the one published in  
draft-hayatnagarkar-dnsext-validator-api-05.

 From a quick look at the Unbound tutorial, it seems that most  
unbound calls have an equivalent in the -05 draft (even the semantics  
for the validator context seem to be similar). I'm not sure how  
unbound exports details of the authentication chain, so those data  
structures may be different. Also, the asynchronous DNS resolution  
function is not defined in the current validator API, but that should  
not be difficult to add.

I think it will be good to have a single API specification at this  
time for two reasons: (1) it will allow applications that have  
already been instrumented with DNSSEC capability (using libval) to  
seamlessly support other libraries (2) application developers will  
have clear guidance on how to develop additional DNSSEC-capable  
applications without having to choose a validation library upfront.

Thoughts?

Suresh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20080214/9331782b/attachment.html