Hi there,
I'm currently working on the network part of my appliation where I require a DNS response being validated using DNSSEC. I use DNSServiceQueryRecord for the query and
kDNSServiceFlagsValidate
as a flag parameter.However, I want to query for DNSServiceType 52, a type which isn't defined in the header.
The callback is called correctly, but the validation result does always contain:
kDNSServiceFlagsBogus.
The documentation says:
If the response cannot be verified to be secure due to expired signatures, missing signatures, and so on, then the results are considered to be bogus.
How can I find out more information about the error (RFC 4033 has some information for the "bogus" response)? How should I treat the 'bogus' response? The dnssd API describes the following four result codes:
- kDNSServiceFlagsSecure - The response has been validated by verifying all the signature …
- kDNSServiceFlagsInsecure - A chain of trust cannot be built …
- kDNSServiceFlagsBogus - If the response cannot be verified to be secure due …
- kDNSServiceFlagsIndeterminate - There is no valid trust anchor that can be used …
Regards,
Christian