On Monday, April 27, 2015 07:54:50 PM Kurt Roeckx wrote:
> On Mon, Apr 27, 2015 at 08:47:21AM -0400, Scott Kitterman wrote:
> > On Monday, April 27, 2015 12:36:06 PM cl...@jhcloos.com wrote:
> > > > but I did add unbound to suggests and update the shipped config file
> > > > to include a commented out entry about this to make it easy to enable
> > > > for those that have DNSSEC.
> > > 
> > > That commented-out line is of no value; uncommenting it generates an
> > > unrecognized config error on restart.
> > > 
> > > OpenDKIM only supports that config line if it is compiled to link
> > > against libunbound.
> > 
> > The package is compiled with and linked against libunbound.  I don't have
> > DNSSEC, so I can't test this.  Reading the documentation, I think you
> > additionally have to install unbound (not just the lib) and configure it
> > with a trust anchor.
> 
> It does not make sense that you also need unbound itself.  You
> might need the trust anchor, and I'm unsure where it searches that
> currently.

unbound is what ships the configuration file that unbound reads.  That's why I 
believed that was necessary.  It might be possible to use TrustAnchorFile 
instead of ResolverConfiguration and not need it.

As I mentioned earlier in the bug, I don't currently have a way to test a 
DNSSEC enabled configuration, so I'd very much appreciate feedback on the best 
way to do it.

Scott K


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to