Am 20.01.2015 um 13:51 schrieb Benny Pedersen <me@junc.eu>:Andreas Schulze skrev den 2015-01-20 13:08:Am 20.01.2015 11:48 schrieb Frank Fiene:dig gives me the ad flag so my resolving chain should be fine.smtp_dns_support_level = dnssec ?
But if i send an email to the list, i still get no „Verified“ in my postfix log.
smtp_tls_security_level = dane ?
and in named.conf
dnssec-enable yes;
dnssec-lookaside auto;
dnssec-validation auto;
2 last options must not be yes, this will disable dane, with auto dane works
in resolv.conf only have nameserver 127.0.0.1
and bind9 must not have any forwarders !