On Monday, April 27, 2015 03:27:16 PM Scott Kitterman wrote: > On Monday, April 27, 2015 02:47:00 PM James Cloos wrote: > > opendkim could depend on dns-root-data and have: > > > > TrustAnchorFile /usr/share/dns/root.key > > > > in the default opendkim.conf. > > > > I've been using TrustAnchorFile /var/lib/unbound/root.key on my MXs for > > > > the longer of: > > as long as opendkim has supported TrustAnchorFile > > > > or > > > > as long as I've run opendkim > > > > (I cannot remember which came first.) > > > > But have had a local verifying unbound on them longer than that. > > > > dns-root-data's /usr/share/dns/root.key has the same data (less > > comments) as unbound-anchor's /var/lib/unbound/root.key. > > > > Passing an unbound.conf to opendkim could be used to modify how it > > resolves and verifies, but isn't required for dnssec support. > > > > It should be reasonable to expect the dns-root-data package to be > > updated whenever a new dnskey or ns records are published for . > > so depending on that package should be sufficient. > > > > [Had fully to wake up and think about it...] > > OK. Thanks for the input. I've reopened the bug and I'll take another > whack at it.
I've finally updated to try again. I added the dependency on dns-root-data and adjusted opendkim.conf. I'd appreciate it if people could give it a try once it's built. Scott K
signature.asc
Description: This is a digitally signed message part.
