postbank.de / dslbank.de
Matthias Wimmer
m at tthias.eu
Tue Feb 2 18:37:27 CET 2016
Hi Benny,
El 2016-02-02 18:14:43, Benny Pedersen escribió:
> >$ postconf smtp_tls_security_level
> >smtp_tls_security_level = dane
>
> http://blog.weetech.co/2014/11/implementing-dnssec-and-dane-for-email.html
>
> postconf -e "smtp_dns_support_level = dnssec"
> postconf -e "smtp_tls_security_level = dane"
The SERVFAIL is not generated by your postfix, these settings should not
cause it.
> >$ dig _25._tcp.mailrelay1.bonn.postbank.de tlsa
> >
> >...
> >;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20811
> >;_25._tcp.mailrelay1.bonn.postbank.de. IN TLSA
>
> why serv fail here ?
>
> enable lame logs in bind9
>
> i dont use unbound
Interesting question. Tried it locally ...
On the first two or three requests I got SERVFAIL as well. Some requests
later (i.e. within the same minute) I could not reproduce these
problems. It also did not matter which of the three published nameserver
of postbank.de I was querying, all were fine after the first requests.
Anyway to reproduce the queries postfix sends I normally would add the
+dnssec option to the dig command.
BTW: DNSsec resolving on this host is working without problems in
general.
Regards,
Matthias
--
Matthias Wimmer
Contact details: http://matthias.wimmer.tel/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://mail.sys4.de/mailman/private/dane-users/attachments/20160202/c04fa7ab/attachment-0001.asc>
More information about the dane-users
mailing list