postbank.de / dslbank.de
m at tthias.eu
Tue Feb 2 18:37:27 CET 2016
El 2016-02-02 18:14:43, Benny Pedersen escribió:
> >$ postconf smtp_tls_security_level
> >smtp_tls_security_level = dane
> postconf -e "smtp_dns_support_level = dnssec"
> postconf -e "smtp_tls_security_level = dane"
The SERVFAIL is not generated by your postfix, these settings should not
> >$ dig _25._tcp.mailrelay1.bonn.postbank.de tlsa
> >;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20811
> >;_25._tcp.mailrelay1.bonn.postbank.de. IN TLSA
> why serv fail here ?
> enable lame logs in bind9
> i dont use unbound
Interesting question. Tried it locally ...
On the first two or three requests I got SERVFAIL as well. Some requests
later (i.e. within the same minute) I could not reproduce these
problems. It also did not matter which of the three published nameserver
of postbank.de I was querying, all were fine after the first requests.
Anyway to reproduce the queries postfix sends I normally would add the
+dnssec option to the dig command.
BTW: DNSsec resolving on this host is working without problems in
Contact details: http://matthias.wimmer.tel/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: not available
More information about the dane-users