Postfix not accepting DANE secured peer
wolfgang.rosenauer at an-netz.de
Sat Jan 31 16:02:00 CET 2015
Am 31.01.2015 um 12:29 schrieb Markus Benning:
> Am 30.01.2015 um 09:10 schrieb Viktor Dukhovni:
>> * Your C library may not return the "AD" bit in DNSSEC replies
>> (OpenBSD seems to have this problem).
> This may also be the case if your resolver is also authorative for your
> domain. Then it wont do recursive validation and will not include the AD
Thanks for that hint. I guess this is exactly the issue.
The recursive resolver for the smtp client is actually indeed also the
authoritative dns for the target domain.
This special case came absolutely unexpected to me though.
More information about the dane-users