Hi Benny, El 2016-02-02 18:14:43, Benny Pedersen escribió: > >$ postconf smtp_tls_security_level > >smtp_tls_security_level = dane > > http://blog.weetech.co/2014/11/implementing-dnssec-and-dane-for-email.html > > postconf -e "smtp_dns_support_level = dnssec" > postconf -e "smtp_tls_security_level = dane"
The SERVFAIL is not generated by your postfix, these settings should not cause it. > >$ dig _25._tcp.mailrelay1.bonn.postbank.de tlsa > > > >... > >;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20811 > >;_25._tcp.mailrelay1.bonn.postbank.de. IN TLSA > > why serv fail here ? > > enable lame logs in bind9 > > i dont use unbound Interesting question. Tried it locally ... On the first two or three requests I got SERVFAIL as well. Some requests later (i.e. within the same minute) I could not reproduce these problems. It also did not matter which of the three published nameserver of postbank.de I was querying, all were fine after the first requests. Anyway to reproduce the queries postfix sends I normally would add the +dnssec option to the dig command. BTW: DNSsec resolving on this host is working without problems in general. Regards, Matthias -- Matthias Wimmer Contact details: http://matthias.wimmer.tel/
signature.asc
Description: PGP signature
