Postfix-Frage
Frank Fiene
ffiene at veka.com
Tue Jan 20 14:23:42 CET 2015
OK, i just have these two:
dnssec-enable yes;
dnssec-validation auto;
And i cannot configure this by hand!
Huh!!! No forwarder? So for any DNS query my Resolver must ask the Root-DNS-Servers?
Regards!
Frank
> Am 20.01.2015 um 13:51 schrieb Benny Pedersen <me at junc.eu>:
>
> Andreas Schulze skrev den 2015-01-20 13:08:
>> Am 20.01.2015 11:48 schrieb Frank Fiene:
>>> dig gives me the ad flag so my resolving chain should be fine.
>>> But if i send an email to the list, i still get no „Verified“ in my postfix log.
>> smtp_dns_support_level = dnssec ?
>> smtp_tls_security_level = dane ?
>
> and in named.conf
>
> dnssec-enable yes;
> dnssec-lookaside auto;
> dnssec-validation auto;
>
> 2 last options must not be yes, this will disable dane, with auto dane works
>
> in resolv.conf only have nameserver 127.0.0.1
>
> and bind9 must not have any forwarders !
Viele Grüße!
i.A. Frank Fiene
--
Frank Fiene
IT-Security Manager VEKA Group
Fon: +49 2526 29-6200
Fax: +49 2526 29-16-6200
mailto: ffiene at veka.com
http://www.veka.com
PGP-ID: 62112A51
PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51
Threema: VZK5NDWW
VEKA AG
Dieselstr. 8
48324 Sendenhorst
Deutschland/Germany
Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),
Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr. Werner Schuler,
Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich Weimer
HRB 8282 AG Münster/District Court of Münster
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150120/091ccf8e/attachment.html>
More information about the dane-users
mailing list