Re: [exim-dev] Propose to Merge: 'dnssec' branch

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Jeremy Harris
CC: exim-dev
Subject: Re: [exim-dev] Propose to Merge: 'dnssec' branch
On 2013-03-24 at 20:45 +0000, Jeremy Harris wrote:
> On 03/24/2013 03:24 PM, Jeremy Harris wrote:
> > On 03/24/2013 11:42 AM, Phil Pennock wrote:
> >> Okay, I've dug out the partial work from several months ago for dnssec
> >> outbound from Exim, finished off the core of it, documented it, etc, and
> >> pushed as a "dnssec" branch.
> >>
> >> I'm likely to merge this later this weekend, unless someone shouts.
> >
> > Sounds good to me.
>
> Starting to play with this, admittedly on a system where the Bind
> isn't set up for dnssec:
>
> - The optionlist_config[] needs to  be sorted (my build couldn't find
>    the dns_dnssec_ok option!)


Oops, strange that it worked for me. Sorry, fallout from renaming.
Fixed.

> - My initial test put a need_dnssec on the transport, but the op arrives
>    at the transport with the lookup already having been done by the
>    router; at the very least we need some explanation in docs.


There's a new section of the Spec, immediately after the TLS section,
which goes into it.

Those who read the spec.xfpt file will even note the place-holder
comment for where DANE documentation will go. :)

-Phil