Enable dns_zoneverify_dnssec() to check whether the zone was signed by a trust anchor
Extend check_dnskey_sigs() so that, if requested, it checks whether the DNSKEY RRset at zone apex is signed by at least one trust anchor. The trust anchor table is passed as an argument to dns_zoneverify_dnssec() and passed around in the verification context structure. Neither dnssec-signzone nor dnssec-verify are yet modified to make use of that feature, though.
Showing with 76 additions and 15 deletions