Archive for April, 2015

Enabling DNSSEC Support For OpenDKIM

If you are using DNSSEC you can now use it to verify DKIM keys with opendkim.

This does require a bit of configuration.

Opendkim uses unbound for DNSSEC support.

You have to:

  • Install the unbound package (not just the library, which is already pulled in as an opendkim dependency)
  • Configure the DNSSEC trust anchor for unbound ( either in /etc/unbound/unbound.conf or by adding a configuration snippet to /etc/unbound/unbound.conf.d – the latter makes it much less likely you’ll have to resolve conflicts in the configuration file if the default file is changed on later package upgrades)
  • Update /etc/opendkim.conf and add:

ResolverConfiguration     /etc/unbound/unbound.conf

Once that’s done, restart opendkim and your DKIM key queries are DNSSEC protected (you can verify this in your mail logs since opendkim annotates unprotected keys when it logs).

Note:  This should also apply to Ubuntu 14.04, 14.10, and 15.04.

Update: In Wheezy (and Squeeze, at least the version in backports, I didn’t check the release version) and Ubuntu 10.04 (similarly with backports) this was possible too.  The opendkim.conf parameter was called UnboundConfigFile.  You may have to update your local configuration to use the new name when you upgrade.

Advertisements

Where’s the Ubuntu (the Linux distribution) in Ubuntu Online Summit?

I was surprised to find that in the UOS announcement there was no mention of work on defining the development of an actual Linux distribution.  Here’s the tracks:

  • App & scope development: the SDK and developer platform roadmaps, phone core apps planning, developer workshops
  • Cloud: Ubuntu Core on clouds, Juju, Cloud DevOps discussions, charm tutorials, the Charm, OpenStack
  • Community: governance discussions, community event planning, Q+As, how to get involved in Ubuntu
  • Convergence: the road to convergence, the Ubuntu desktop roadmap, requirements and use cases to bring the desktop and phone together
  • Core: snappy Ubuntu Core, snappy post-vivid plans, snappy demos and Q+As
  • Show & Tell: presentations, demos, lightning talks (read: things that break and explode) on a varied range of topic
  • App & scope development: Supporting upstream development
  • Cloud: Tools for using Ubuntu in a cloud environment
  • Community: Important, but not distribution development
  • Convergence: Unity upstream development
  • Core: Development of an alternative to Ubuntu
  • Show & Tell: Interesting, but still not development

I’ve been involved in Ubuntu development for over 8 years now.  Except for Community, none of that looks anything like the Ubuntu I knew.

The last few UOS there has been a session to coordination Qt5 planning between Kubuntu and Canonical’s developers that use Qt5 (I’ve lost track of what they’re called and I also know they don’t all work for Canonical, but close enough).  I have no idea what track that would even be a part of now.  Kubuntu has never really used UOS.  It’s simpler for us just to schedule our own online meeting (in addition to in person meetings at Akademy for some of us), but it’s been a useful coordination point with other teams in the Ubuntu ecosystem.  I’m not sure how that’ll even work now.