I am working currently on a project where I have to check for DNSSEC for specific zones, meaning I need to query for RRSIG records.
I tried to use inet_res.resolve/5, however if you look at the types it can operate on here, it is clear that it is missing this and many more new record types.
I was wondering if there is a way to make some kind of raw queries and parse them by myself? since for now I have to resort to use external clis like dig and I am not very keen to deal with leaking zombie processes.
If you are looking to handle DNSSEC, you may find some of the work I am doing for service discovery which involves SIG(0) helps:
I think you may need to do a canonical sort to get (RR)SIG working, but at least the ‘crypto sausage making machine’ you no longer have to figure out; or if you already have, its be a dual wasted effort of duplication…but at least (frustratingly) educational.
Do poke me off list if you want to collaborate on this if you think there is overlap.