Preview of data before security is established

Hello,

Is there any way for an asynchronous program to get a preview of DNS
data that is in the process of being validated?

For instance, we sometimes need to go over these three records in a
sequence...

_kerberos.arpa2.org. IN TXT "ARPA2.ORG"
_kerberos._udp.arpa2.org. IN SRV 10 10 88 ...
_88._udp.arpa2.org. IN TLSA ...

...and could imagine speeding up this enforced sequence by using the
insecure data as a hint, and later mop up all the security status of the
three components (before acting on it externally).

FWIW, I sent a similar question to the GetDNS users list, with more
elaborate information on this use case; we use this for Kerberos realm
crossover. The last two steps also need to be sequentially ordered for
DANE when we access a remote LDAP directory from our TLS Pool. The
_kerberos TXT record is described in draft-vanrein-dnstxt-krb1 which
currently sits in the RFC editor queue.

Cheers,
-Rick

Hi Rick,

Hello,

Is there any way for an asynchronous program to get a preview of DNS
data that is in the process of being validated?

No not really. Unbound actually validates queries via libunbound.
Actually internally, unbound can do queries without validation, and then
later resume validation 'from cache' at start. But it doesn't do that.

You could have two contexts, one with a trust anchor and one without;
but they would not share cache entries, and do duplicate work.

If you know the query name in advance, you can start the queries early,
with asyncronous lookups.

Best regards, Wouter