On 2013-03-24 at 20:45 +0000, Jeremy Harris wrote:
> On 03/24/2013 03:24 PM, Jeremy Harris wrote:
> > On 03/24/2013 11:42 AM, Phil Pennock wrote:
> >> Okay, I've dug out the partial work from several months ago for dnssec
> >> outbound from Exim, finished off the core of it, documented it, etc, and
> >> pushed as a "dnssec" branch.
> >>
> >> I'm likely to merge this later this weekend, unless someone shouts.
> >
> > Sounds good to me.
>
> Starting to play with this, admittedly on a system where the Bind
> isn't set up for dnssec:
>
> - The optionlist_config[] needs to be sorted (my build couldn't find
> the dns_dnssec_ok option!)
Oops, strange that it worked for me. Sorry, fallout from renaming.
Fixed.
> - My initial test put a need_dnssec on the transport, but the op arrives
> at the transport with the lookup already having been done by the
> router; at the very least we need some explanation in docs.
There's a new section of the Spec, immediately after the TLS section,
which goes into it.
Those who read the spec.xfpt file will even note the place-holder
comment for where DANE documentation will go. :)
-Phil
