RE: unbound-1.4.9 from Murray S. Kucherawy on 2011-03-24 (OpenDKIM Developers mailing list)

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Thu, 24 Mar 2011 13:15:30 -0700

> -----Original Message-----
> From: opendkim-dev-bounce_at_lists.opendkim.org [mailto:opendkim-dev-bounce_at_lists.opendkim.org] On Behalf Of Steve Jenkins
> Sent: Thursday, March 24, 2011 12:53 PM
> To: Todd Lyons
> Cc: Andreas Schulze; opendkim-dev_at_lists.opendkim.org
> Subject: Re: unbound-1.4.9
>
> Interesting - I just installed unbound earlier this morning for the
> first time! Although I did it with yum, so I'm running an older
> version. What does building OpenDKIM "against" it do?

It has two main benefits:

1) It is an asynchronous resolver, useful on systems that don't have one of those installed by default. (libar also provides the same service.)

2) It can do DNSSEC resolution, which OpenDKIM uses to determine whether or not a key or policy record retrieved from DNS was secured using DNSSEC. There are knobs in the configuration for deciding how strict you want to be about using a key or policy that wasn't protected by DNSSEC, or appears to have been forged. (libar can't currently do this.)
Received on Thu Mar 24 2011 - 20:15:38 PST