On Wed, Dec 17, 2008 at 08:55:04PM +0100, klondike wrote: > Bernhard Fischer escribi?: > > I'd like to use DNSSEC with Postfix. > > I did some research on the web but although DNSSEC is there nobody really > > cares about it. > > The most recent patch for Postfix is for release 2.3 and is based on libs > > (libval, libsres) I didn't find any download page for. > > > > Is there any recent development going on? > > > Although I don't know wether there is actual development or not in > DNSSEC, you should bear on mind that there are still a lot of servers > which don't support DNSSEC, either because it is disabled, due to > problems with the proved denial of existence system used originaly, or > because the admins haven't updated the machine as DNS is a fairly > sensitive service. > > Said that, if postfix developers want to add DNSSEC support, although > that should be implemented on the name resolving libraries, I wouldn't > mind sharing my, scarce, knowledge on it.
Postfix uses res_search(3). DNSSEC would have to be supported by the C-library stub resolver code, not Postfix. DNSSEC is very complex. I rather like DJB's DNSCurve, but it seems the the political climate may be against this IMHO very sound proposal. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.