Re: verification error: empty key record; insecure key

From: Murray S. Kucherawy <>
Date: Fri, 17 Aug 2012 00:11:51 -0700 (PDT)

On Thu, 16 Aug 2012, Murray S. Kucherawy wrote:
> I've posted a question to the unbound-users list to see if there's any
> insight into this issue over there. If it's not a bug in their code or
> documentation, then there might be something we're doing wrong with how
> we're calling libunbound that needs fixing.

The reply on the unbound-users list came quickly. Yes indeed, libunbound
will use a hard-coded set of root nameservers to resolve queries unless it
is explicitly told to use what's in /etc/resolv.conf.

In version 2.6.3, a configuration option called ResolvConf was added that
provides this capability. Anyone that wants to tell a libunbound-aware
opendkim to do this will need to make use of that.

As of 2.6.7, tools like opendkim-testkey and opendkim-testadsp don't check
or apply ResolvConf; only opendkim itself does so. I've opened a feature
request (#3558818) to make sure that's added to those tools in the 2.7.0

Received on Fri Aug 17 2012 - 07:12:08 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:42 PST