On 19/07/2019 08:12, Viktor Dukhovni via Exim-users wrote: > On Fri, Jul 19, 2019 at 09:15:26AM +0300, Evgeniy Berdnikov via Exim-users > wrote: >>> Might there be a dnssec-related difference? >> >> Definitely NO, because this difference is in client's initial packets. > > Actually, the "tcpdump" documentation is misleading. In the attached > PCAP file (single outbound query), "tcpdump" reports "[1au]", but the > query has no authority records, rather it has an EDNS(0) OPT record:
> If there were a simple way to get the stub resolver to set only > the AD bit, Exim could use that, and you'd not run into this > particular obstacle, but the fault is wither whatever device > is filtering your DNS queries. It is b0rked, and it would > be good to find a way to get it to stop doing that. Thanks for the analysis, Viktor. David: try adding a main-config option: dns_use_edns0 = 0 Note that dnssec will be disabled as a side-effect. And really, get access to a decent resolver for preference. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/