Hi Benny,
El 2016-02-02 18:14:43, Benny Pedersen escribió:
$ postconf smtp_tls_security_level smtp_tls_security_level = dane
http://blog.weetech.co/2014/11/implementing-dnssec-and-dane-for-email.html
postconf -e "smtp_dns_support_level = dnssec" postconf -e "smtp_tls_security_level = dane"
The SERVFAIL is not generated by your postfix, these settings should not cause it.
$ dig _25._tcp.mailrelay1.bonn.postbank.de tlsa
... ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20811 ;_25._tcp.mailrelay1.bonn.postbank.de. IN TLSA
why serv fail here ?
enable lame logs in bind9
i dont use unbound
Interesting question. Tried it locally ...
On the first two or three requests I got SERVFAIL as well. Some requests later (i.e. within the same minute) I could not reproduce these problems. It also did not matter which of the three published nameserver of postbank.de I was querying, all were fine after the first requests.
Anyway to reproduce the queries postfix sends I normally would add the +dnssec option to the dig command.
BTW: DNSsec resolving on this host is working without problems in general.
Regards, Matthias