On Wed, Dec 17, 2008 at 08:55:04PM +0100, klondike wrote:

> Bernhard Fischer escribi?:
> > I'd like to use DNSSEC with Postfix.
> > I did some research on the web but although DNSSEC is there nobody really 
> > cares about it.
> > The most recent patch for Postfix is for release 2.3 and is based on libs 
> > (libval, libsres) I didn't find any download page for.
> >
> > Is there any recent development going on?
> >   
> Although I don't know wether there is actual development or not in
> DNSSEC, you should bear on mind that there are still a lot of servers
> which don't support DNSSEC, either because it is disabled, due to
> problems with the proved denial of existence system used originaly, or
> because the admins haven't updated the machine as DNS is a fairly
> sensitive service.
> 
> Said that, if postfix developers want to add DNSSEC support, although
> that should be implemented on the name resolving libraries, I wouldn't
> mind sharing my, scarce, knowledge on it.

Postfix uses res_search(3). DNSSEC would have to be supported by the
C-library stub resolver code, not Postfix.

DNSSEC is very complex. I rather like DJB's DNSCurve, but it seems the
the political climate may be against this IMHO very sound proposal.

-- 
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Reply via email to