opendkim could depend on dns-root-data and have: TrustAnchorFile /usr/share/dns/root.key
in the default opendkim.conf. I've been using TrustAnchorFile /var/lib/unbound/root.key on my MXs for the longer of: as long as opendkim has supported TrustAnchorFile or as long as I've run opendkim (I cannot remember which came first.) But have had a local verifying unbound on them longer than that. dns-root-data's /usr/share/dns/root.key has the same data (less comments) as unbound-anchor's /var/lib/unbound/root.key. Passing an unbound.conf to opendkim could be used to modify how it resolves and verifies, but isn't required for dnssec support. It should be reasonable to expect the dns-root-data package to be updated whenever a new dnskey or ns records are published for . so depending on that package should be sufficient. [Had fully to wake up and think about it...] -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
