It looks like dnspython has DNSSEC, DoH, and DoQ support: test_dnssec.py: https://github.com/rthalley/dnspython/blob/main/tests/test_d... , dnssec.py: https://github.com/rthalley/dnspython/blob/main/dns/dnssec.p...

  man delv

▲ vvm2 7 months ago | parent [-]

thank you for linking this, i took a peek and i will look at the DNSSEC pieces in more detail. this is something i did not dare to touch when i saw the RFC jungle around DNS.

	▲	westurner 7 months ago \| parent [-]
		Why CT Certificate Transparency logs are not possible by logging DNS record types like CERT, OPENPGPKEY, SSHFP, CAA, RRSIG, NSEC3; ACMEv2 Proof of Domain Control; and why we need a different system for signing software package build artifacts built remotely (smart contracts, JWS, SLSA, TUF, W3C Verifiable Credentials, blockcerts and transaction fees,)