On Sat, Feb 25, 2017 at 11:17:37PM +0100, Peter J. Philipp wrote: > Hi, > > I'm not the best in reading patches, so I'm going to query you. Does > your patch check for the "AD" flag from the resolver? As basically a > DNSSEC able recursive nameserver should set this meaning it has > authenticated the data. I wrote a patch for DNSSEC (possibly erroneous > by comparing it to you) and posted it to #opensmtpd in hopes that eric > would see it. Much of that functionality is superfluous now but it does > have an "AD_MASK" check. > > Here is my patch from last year, which I gave up on, feel free to cherry > pick anything needed out of it. You'll see some similarities but they > are different enough to show two different peoples work.
Sorry for not getting back to you about this diff at that time. I'll have a look at it. > http://centroid.eu/private/dnssec.patch.txt > > Yours is a lot more complete of course. > > Cheers, > > -peter >
