31 Jan
2015
31 Jan
'15
4:02 p.m.
Am 31.01.2015 um 12:29 schrieb Markus Benning:
Am 30.01.2015 um 09:10 schrieb Viktor Dukhovni:
- Your C library may not return the "AD" bit in DNSSEC replies
(OpenBSD seems to have this problem).
This may also be the case if your resolver is also authorative for your domain. Then it wont do recursive validation and will not include the AD flag.
Thanks for that hint. I guess this is exactly the issue. The recursive resolver for the smtp client is actually indeed also the authoritative dns for the target domain. This special case came absolutely unexpected to me though.
Wolfgang