Re: DNSSEC, Resolvers and Authentication-Results: "unprotected key"

From: Jim Seymour <>
Date: Wed, 14 Oct 2015 08:45:56 -0400

Following-up to myself...

On Wed, 14 Oct 2015 08:22:00 -0400
Jim Seymour <> wrote:

> So is there any reason why, instead of that static config, one could
> not do a somewhat "less static-y":
> /etc/unbound/unbound.conf:
> server:
> trust-anchor-file: /etc/unbound/root.key
> And run:
> unbound-anchor -a /etc/unbound/root.key
> as a cron job (daily or whatever), instead?

Asked and answered: That works. I'm now seeing...

    Authentication-Results: ...; dkim=pass
     reason="1024-bit key; secure key"


Your comment noted. See above.

Now the only question remaining (for me): When unbound-anchor actually
changes the root key, does opendkim need to be poked?

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <>.
Received on Wed Oct 14 2015 - 12:46:04 PST

This archive was generated by hypermail 2.3.0 : Wed Oct 14 2015 - 12:54:01 PST