Overview
Request 613097 accepted
Change file:
- enable DNSSEC support (requires unbound library)
ATTENTION: The file /var/lib/unbound/root.key must be readable by
user opendkim, which is not the fact for older unbound packages
Notes:
- Tested and works fine.
I submitted another patch to unbound (was accepted), which makes the anchor file readable. For versions before this patch the default I added will not be readable and thus the OpenDKIM start will fail. I don't know a good workaround for this. One solution would be to comment the Anchor parameter. In this case DNSSEC would run unvalidated. Actually I think failing to start is the better option as users notice that a configuration is missing.
Request History
dstoecker created request
Change file:
- enable DNSSEC support (requires unbound library)
ATTENTION: The file /var/lib/unbound/root.key must be readable by
user opendkim, which is not the fact for older unbound packages
Notes:
- Tested and works fine.
I submitted another patch to unbound (was accepted), which makes the anchor file readable. For versions before this patch the default I added will not be readable and thus the OpenDKIM start will fail. I don't know a good workaround for this. One solution would be to comment the Anchor parameter. In this case DNSSEC would run unvalidated. Actually I think failing to start is the better option as users notice that a configuration is missing.
susnux accepted request