Ticket #5450 enhancement new
Update twisted.names to be a security-aware non-validating client
|Reported by:||BobNovas||Owned by:|
|Component:||names||Keywords:||DNSSEC, twisted.names, security aware, EDNS0|
|Author:||Bob Novas||Launchpad Bug:|
Application of this patch to Twisted-11.1.0 updates twisted.names to be EDNS0 capable and security-aware. The client supports all DNSSEC record types and allows operation of the client Resolver as a security-aware non-validating stub resolver. Coupled with a local validating resolver, such as that provided by dnssec-trigger ( http://nlnetlabs.nl/projects/dnssec-trigger/) or used with a Comcast validating resolver, this allows a Python client to request EDNS operation, specify DNSSEC OK, request DNS validation, obtain the AD bit in a DNS response, obtain DNSKEY, RRSIG, NSEC, DS and NSEC3 and validate DNS name resolution.
This update also serves as the basis for further DNSSEC upgrades to twisted. The intention is to minimally add a validation to the stub resolver client, and perhaps to upgrade the server.