klondike:
> Bernhard Fischer escribi?:
> > I'd like to use DNSSEC with Postfix.
> > I did some research on the web but although DNSSEC is there nobody really
> > cares about it.
> > The most recent patch for Postfix is for release 2.3 and is based on libs
> > (libval, libsres) I didn't find any download page for.
> >
> > Is there any recent development going on?
> >
> Although I don't know wether there is actual development or not in
> DNSSEC, you should bear on mind that there are still a lot of servers
> which don't support DNSSEC, either because it is disabled, due to
> problems with the proved denial of existence system used originaly, or
> because the admins haven't updated the machine as DNS is a fairly
> sensitive service.
>
> Said that, if postfix developers want to add DNSSEC support, although
> that should be implemented on the name resolving libraries, I wouldn't
> mind sharing my, scarce, knowledge on it.
What are the application-visible changes? If one relies on BIND
etc. for validation, where does DNSSEC affect the application?
Postfix uses the standard resolver library but these calls are
entirely encapsulated in a single module.
Wietse
