On Monday, April 27, 2015 02:47:00 PM James Cloos wrote: > opendkim could depend on dns-root-data and have: > > TrustAnchorFile /usr/share/dns/root.key > > in the default opendkim.conf. > > I've been using TrustAnchorFile /var/lib/unbound/root.key on my MXs for > the longer of: > > as long as opendkim has supported TrustAnchorFile > or > as long as I've run opendkim > > (I cannot remember which came first.) > > But have had a local verifying unbound on them longer than that. > > dns-root-data's /usr/share/dns/root.key has the same data (less > comments) as unbound-anchor's /var/lib/unbound/root.key. > > Passing an unbound.conf to opendkim could be used to modify how it > resolves and verifies, but isn't required for dnssec support. > > It should be reasonable to expect the dns-root-data package to be > updated whenever a new dnskey or ns records are published for . > so depending on that package should be sufficient. > > [Had fully to wake up and think about it...]
OK. Thanks for the input. I've reopened the bug and I'll take another whack at it. Scott K -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
