From cf2b569e3a2f8956b7045191e96bc5edfd366c78 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 10 Aug 2014 11:49:49 +0100
Subject: On a host lookup name->MX->A->ip sequence, require both stages to be
 dnssec before declaring the lookup was secure.

---
 test/confs/5850 | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'test')

diff --git a/test/confs/5850 b/test/confs/5850
index 53cb78ae1..0b132e29e 100644
--- a/test/confs/5850
+++ b/test/confs/5850
@@ -37,9 +37,11 @@ tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
 begin routers
 
 client:
-  driver = accept
+  driver = dnslookup
   condition = ${if eq {SERVER}{server}{no}{yes}}
-  retry_use_local_part
+#  retry_use_local_part
+  dnssec_request_domains = *
+  self = send
   transport = send_to_server
 
 server:
@@ -54,7 +56,7 @@ begin transports
 send_to_server:
   driver = smtp
   allow_localhost
-  hosts = 127.0.0.1
+#  hosts = 127.0.0.1
   port = PORT_D
 #  tls_certificate = DIR/aux-fixed/cert2
 #  tls_privatekey = DIR/aux-fixed/cert2
-- 
cgit v1.2.3