I recently switched from external signing of my zone to use of BIND 9.9
inline signing. While things went fairly smoothly on the master server,
my slave ended up with a bunch of spurious DNSKEY records that came from
my previous keys (I generated new keys when I went to inline signing).
The extra
If alphazulu.com is sending email as foxtrot.com it would be best to
sign the message as foxtrot.com as well so that the signature is
"aligned" from a DMARC standpoint (matches the From domain).
The keys are always in the domain specified by the d= value in the
signature. The best approach is for
2 matches
Mail list logo
