As more TLDs are signed and more ISPs provide validation, a greater focus is being placed on DNSSEC at the client. Client activities include DNSSEC-aware applications, DNSSEC-aware resolution libraries, and validating local resolvers for times when either the ISP doesn’t provide DNSSEC validation or the last mile between the ISP’s resolver and the client can’t be trusted.

The Internet Societys’s Deploy360 Programme has recently put up a list of developer libraries and is soliciting additional input from the community on other libraries.

Members of the DNSSEC Deployment Initiative have been using NLnet Labs’ Dnssec-Trigger on Mac and Windows systems to provide local DNSSEC validation.