Viktor Dukhovni:
> The solution is a more modern C/resolver library and associated
> header files. Postfix support for DNSSEC could be compiled out of
> this system by adding override macros that disable attempts to
> support DNSSEC even when RES_USE_DNSSEC is present. Apply the
> patch below and build with '-DDISABLE_DNSSEC'.
For consistency with other compile-time features, I renamed this
to '-DNO_DNSSEC', and documented it in makedefs and INSTALL.
Wietse
||_____________________________|______________________________________________|
||-DNO_DNSSEC |Do not build with DNSSEC support, even if the |
|| |resolver library appears to support it. |
||_____________________________|______________________________________________|
> index 2938ac3..dfc5686 100644
> --- a/src/dns/dns.h
> +++ b/src/dns/dns.h
> @@ -54,6 +54,14 @@
>
> #endif
>
> +
> +/*
> + * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
> + */
> +#ifdef DISABLE_DNSSEC
> +#undef RES_USE_DNSSEC
> +#endif
> +
> /*
> * Compatibility with systems that lack RES_USE_DNSSEC and RES_USE_EDNS0
> */
>
> --
> Viktor.
>
