I've not looked at the patches yet, but are you basing this off any RFC?
I know on the IETF list they talked about this, but I don't remember any
drafts unless they occured on the DNS mailinglist.
- Ben
On Mon, 9 Jul 2001, Wesley Griffin wrote:
> I've made some changes to the 2.9p2 release code to add support for
> using DNSSEC lookups to check host keys. I've also made the changes to
> the OPENBSD_2_9 tree. Both patches are available at
> ftp://ftp.tislabs.com/pub/fmeshd/ as
> openssh.[portable,openbsd].patch.20010709
>
> I'm really looking for testers at this time. Right now the lookups are
> done using a getrrsetbyname() function that is part of the BIND9 lwres
> API. I'm in the process of writing a similar standalone function for
the
> OpenBSD tree.
>
> There is a README.DNSSEC file in the directory that has more details.
>
> --
> Wesley Griffin NAI Labs
> wgriffin at tislabs.com 443.259.2388
>