Maintained by: NLnet Labs

[Unbound-users] libunbound validation

W.C.A. Wijngaards
Fri Aug 6 16:04:55 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ondřej,

The r->bogus is true.
    if(r->bogus) printf("bogus: %s\n", r->why_bogus);
that shows you why it was bogus.

(as an aside, r->secure is true when it is signed. Unsigned domains are
not secure and not bogus ...)

Best regards,
   Wouter

On 08/06/2010 03:44 PM, Ondřej Surý wrote:
> Hi Wouter,
> 
> I have a very simple code:
> 
> #include <string.h>
> #include <stdio.h>
> #include <unbound.h>
> #include <ldns.h>
> 
> int main(int argc, char **argv) {
> 
>   struct ub_ctx *ctx;
>   struct ub_result *r;
> 
>   ldns_pkt *pkt;
> 
>   ldns_rdf rdf;
> 
>   int x = 0;
> 
>   ctx = ub_ctx_create();
>   ub_ctx_add_ta(ctx, ". IN DS 19036 8 2
> 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5");
>   ub_ctx_hosts(ctx, NULL);
>   ub_ctx_resolvconf(ctx, NULL);
> 
>   ub_resolve(ctx, "www.rhybar.cz", LDNS_RR_TYPE_AAAA, LDNS_RR_CLASS_IN, &r);
> 
>   ldns_wire2pkt(&pkt, r->answer_packet, r->answer_len);
> 
>   printf("%s\n", ldns_pkt2str(pkt));
> 
>   ub_ctx_delete(ctx);
> 
>   return 0;
> }
> 
> And it resolvers www.rhybar.cz (which it shouldn't) without any problems.
> 
> What I am doing wrong?
> 
> Ondrej

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxcFocACgkQkDLqNwOhpPhNPgCfU2Cu1Ut728v2HwPsWigrKupf
hTIAoJZ8Puz+p5UKszx+cmiNTuiwQL54
=21pY
-----END PGP SIGNATURE-----