[dnssec-deployment] Seeking early users for Unbound.
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Thu Feb 14 10:52:15 EST 2008
the unbound validator, historically, predated nearly all the
subsuqent work that Sparta did on API development, so its not
unsurpriseing that the API's differ.
--bill
On Thu, Feb 14, 2008 at 10:28:34AM -0500, Suresh Krishnaswamy wrote:
>
> >On Feb 14, 2008, at 8:37 AM, Olaf Kolkman wrote:
> >>
> >>Also we would be interested in seeing people use the library API
> >>of unbound that is specifically targeted to bring DNSSEC to the
> >>application.
> >>
> >>More information can be found on http://unbound.net/ a mini
> >>tutorial on the library API and other documentation can be found
> >>at http://www.unbound.net/documentation/index.html. A users
> >>mailinglist is available at http://unbound.net/mailman/listinfo/
> >>unbound-users.
> >>
>
> Hi Olaf,
>
> I looked at this a bit, and the immediate question that came to my
> mind is why Unbound exports a different API than the one published in
> draft-hayatnagarkar-dnsext-validator-api-05.
>
> From a quick look at the Unbound tutorial, it seems that most
> unbound calls have an equivalent in the -05 draft (even the semantics
> for the validator context seem to be similar). I'm not sure how
> unbound exports details of the authentication chain, so those data
> structures may be different. Also, the asynchronous DNS resolution
> function is not defined in the current validator API, but that should
> not be difficult to add.
>
> I think it will be good to have a single API specification at this
> time for two reasons: (1) it will allow applications that have
> already been instrumented with DNSSEC capability (using libval) to
> seamlessly support other libraries (2) application developers will
> have clear guidance on how to develop additional DNSSEC-capable
> applications without having to choose a validation library upfront.
>
> Thoughts?
>
> Suresh
More information about the Dnssec-deployment
mailing list