Re: "unprotected key" with DNSSEC

From: Benny Pedersen <>
Date: Thu, 01 Sep 2016 00:10:19 +0200

On 2016-08-31 22:48, SM wrote:

> I haven't read that part of the code recently. It is not optimal to
> do a check as the file contents rarely change.

postfix does not need a anchor file to send to dane_only domains, so why
does opendkim need one ?

design fails imho

but i think its still good that opendkim can have its own if dnsservers
does not support dnssec, then opendkim can do its job on its own, in
that case the anchor is needed in opendkim, else its waste of resources,
and possible one runs with outdated anchor

i will not make that fail here
Received on Wed Aug 31 2016 - 22:10:33 PST

This archive was generated by hypermail 2.3.0 : Wed Aug 31 2016 - 22:18:01 PST