libval_shim - Man Page

The Validator Shim Library


The validator shim library ( is a shared library designed to be dynamically loaded using the 'LD_PRELOAD' mechanism ( supported on linux and various other unix-like platforms. The shim library implements wrappers for a number of DNS related functions and in turn calls equivalent DNSSEC-aware validating functions from libval(3), mapping the results to return codes recognized by the original functions. In this way a wide variety of applications can be made DNSSEC aware without code changes and recompilation.

The method of mapping return codes assumes that any 'untrusted' or failure result from the libval(3) function is reflected as a failure to the original calling function.


To load the library set LD_PRELOAD variable within the environment of the the target application prior to execution:

Validation Policy

The validator shim library will create a policy context and cache it for all subsequent libval(3) calls. A NULL policy label will be passed to create the context. The policy is chosen according to rules defined for libval(3).

See dnsval.conf(1) for information on policy labels and definition.


Logging for the libval(3) functions may be enabled in the shim library by setting an environment variable.

See dt-validate(1) for specifics.


setuid/setgid programs

setuid and setgid root programs (e.g., ping(8)) do not honor the LD_PRELOAD setting. These application may still use the LD_PRELOAD mechanism when run directly from a root shell.


G. S. Marzot

See Also

libsres(3), libval(3), dnsval.conf(1), gethostbyname(3)

gethostbyaddr(3), getnameinfo(3), getaddrinfo(3), res_query(3)


2015-04-27 perl v5.18.4 Programmer's Manual