Hi,
I forked libopendkim, an abandonware library implementing DKIM signatures for
email messages. It has a QUERY_CACHE compile-time option which enables usage
of a Berkeley DB to store DKIM keys. If the option is enabled, the local cache
is looked up before querying the DNS, and keys are cached after retrieving them
from DNS. TTLs are also cached and checked. That happens on each received
email message.
I never used that option. I think a mail server deserves a dedicated caching
resolver. However, a user of mine succeeded, with some difficulty, to enable
that option, although he says he doesn't know whether it's actually useful.
Hence I thought to ask here about opinions: Is QUERY_CACHE a totally useless
code bloat that I should remove? Or is it possibly useful and I should
integrate it better?
DKIM keys typically use RSA, resulting in fatty keys, but usually within UDP
sizes. Albeit someone generates a new key for every message, most domains use
the same key for months if not years. Nevertheless, TTLs range from a few
minutes to a few hours.
What you think?
Best
Ale
--
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
