Postfix and PDNS
michael at stroeder.com
Mon Jul 11 23:08:33 CEST 2016
Michael Ströder wrote:
> Wolfgang Rosenauer wrote:
>> I just switched to PowerDNS Recursor on my Postfix mailserver since
>> their latest version (4) now supports DNSSEC validation.
>> Unfortunately now Postfix seems to be unable to verify DANE anymore. I
>> always get only "Anonymous TLS connections" where I got "Verified" ones
>> when using bind.
>> Apparently and somewhat confirmed by tcpdump and the PowerDNS guys it
>> seems that Postfix relies on the +AD flag to signal a DNSSEC validated
>> response but doesn't request it. I can only find a set DO bit in the
>> query's dump.
> Sorry for maybe asking the obvious:
> Did you turn on DNSSEC validation in your recursor.conf?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
More information about the dane-users