I’m trying to make SSHFP work. With these fingerprints in DNSSEC it
should be possible to verify a host through DNSSEC.
It seems I’m not the only one having problems. Take a look at Jan-Piet Mens blog.
At the moment I’m trying to link libbind9 with OpenSSH to use the
Bind resolver instead of the standard libresolv. This is suggested
in this bug report,
but I do not have that working, yet.