val_getaddrinfo() − get DNSSEC−validated network address and
service translation

  #include <validator/validator.h>

  int val_getaddrinfo(const struct val_context *ctx,
                      const char *nodename,
                      const char *servname,
                      const struct addrinfo *hints,
                      struct addrinfo **res,
                      val_status_t * val_status);

  int val_getnameinfo(val_context_t * ctx,
                      const struct sockaddr *sa,
                      socklen_t salen,
                      char *host,
                      size_t hostlen,
                      char *serv,
                      size_t servlen,
                      int flags,
                      val_status_t * val_status);

val_getaddrinfo() and val_getnameinfo perform DNSSEC
validation of DNS queries.  They are intended to be DNSSEC‐
aware replacements for getaddrinfo(3) and getnameinfo(3).

     val_getaddrinfo()  returns a network address value of
type struct addrinfo in the res parameter.  val_getnameinfo
is used to convert a sockaddr structure to a pair of host
name and service strings.

     val_status gives the combined validation status value
for all answers returned by the each of the functions.
val_istrusted() and val_isvalidated() can be used to
determine the trustworthiness of data and p_val_status() can
be used to display the status value to the user in ASCII
format (See libval(3) more for information).

     The ctx parameter specifies the validation context,
which can be set to NULL for default values (see libval(3)
and dnsval.conf for more details on validation contexts and
validation policy).

     The nodename, servname, and hints parameters have
similar syntax and semantics as the corresponding parameters
for the original getaddrinfo() function.  The res parameter
is similar to the res parameter for getaddrinfo().  Please
see the manual page for getaddrinfo(3) for more details
about these parameters.


The val_getaddrinfo() function returns 0 on success and a
non‐zero error code on failure.  *res will point to a
dynamically allocated linked list of addrinfo structures on
success and will be NULL if no answer was available.

     The val_status parameter gives an indication for
trustworthiness of data. If *res is NULL, this value gives
an indication of whether the non‐existence of data can be
trusted or not.

 #include <stdio.h>
 #include <stdlib.h>
 #include <validator.h>

 int main(int argc, char *argv[])
          struct addrinfo *ainfo = NULL;
          int retval;

          if (argc < 2) {
                  printf("Usage: %s <hostname>\n", argv[0]);

          retval = val_getaddrinfo(NULL, argv[1], NULL, NULL, &ainfo);

          if ((retval == 0) && (ainfo != NULL)) {

                  printf("Validation Status = %d [%s]\n",


          return 0;

Copyright 2004−2013 SPARTA, Inc.  All rights reserved.  See
the COPYING file included with the DNSSEC‐Tools package for

Abhijit Hayatnagarkar, Michael Baer


     val_gethostbyname(3), val_res_query(3)