On Sun, Oct 30, 2016 at 05:21:21PM -0400, Scott Kitterman wrote: > > Hello, > > > > I am using the debian package of opendkim on a machine on a > > private network with no direct internet access. DNS resolution is > > fine, but only via the nameserver defined is /etc/resolv.conf. > > These change once in while. > > > > The debian package is compiled --with-unbound. > > > > For me, it would be great to add on option that allows use of > > /etc/resolv.conf with unbound. The nameservers option exists, but > > I'd like to use exactly the same nameservers with opendkim as the > > system default resolvers. This would directly translate into a > > call of ub_ctx_resolvconf at about the same position as > > ub_ctx_set_fwd is called for the nameservers option. A name for > > this option could be Resolvconf. > > Unfortunately, the upstream developer is mostly busy on other projects and > really only found bug fixes for opendkim. I wouldn't want to add a new > option ahead of upstream.
:-( Sory to hear. > > I that perhaps, using the ResolverConfiguration option, you might be able to > pass information to unbound to use a Stub Zone (see Unbound documentation) to > achieve the goal you're after. To my understanding that would require running an unbound server process, and in it replicating the content of /etc/resolv.conf Basically: Name: . (the DNS root) stub-addr: <nameserver addresses identical to /etc/resolv.conf) This is a very likely cause of troubles whenever the nameserver config for the host changes. Is there a chance to build a debian package --without-unbound, using /etc/resolv then, which can point to a locally running unbound for those people wanting/needing a fast resolver only, even it is it slightly more overhead than an integreated library? In the current situation, I am the one with the corner case that has problems and needs workarounds, while IMHO the average user would not really care about the difference. Coomercial grade use of opendkim IMHO also implies a well-thought resolver setup, where I see full-blown unbound (i.e. including the daemon process) commonly. Bye, Joerg
signature.asc
Description: PGP signature
