On Monday, April 27, 2015 07:54:50 PM Kurt Roeckx wrote: > On Mon, Apr 27, 2015 at 08:47:21AM -0400, Scott Kitterman wrote: > > On Monday, April 27, 2015 12:36:06 PM cl...@jhcloos.com wrote: > > > > but I did add unbound to suggests and update the shipped config file > > > > to include a commented out entry about this to make it easy to enable > > > > for those that have DNSSEC. > > > > > > That commented-out line is of no value; uncommenting it generates an > > > unrecognized config error on restart. > > > > > > OpenDKIM only supports that config line if it is compiled to link > > > against libunbound. > > > > The package is compiled with and linked against libunbound. I don't have > > DNSSEC, so I can't test this. Reading the documentation, I think you > > additionally have to install unbound (not just the lib) and configure it > > with a trust anchor. > > It does not make sense that you also need unbound itself. You > might need the trust anchor, and I'm unsure where it searches that > currently.
unbound is what ships the configuration file that unbound reads. That's why I believed that was necessary. It might be possible to use TrustAnchorFile instead of ResolverConfiguration and not need it. As I mentioned earlier in the bug, I don't currently have a way to test a DNSSEC enabled configuration, so I'd very much appreciate feedback on the best way to do it. Scott K -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org