On Mon, Jul 14, 2025 at 12:31:27PM +0200, Benny Pedersen via Postfix-users
wrote:
> > Maybe your resolver is broken?
>
> no my bind respect too little time to live
>
> ;; ANSWER SECTION:
> postfix.charite.de. 300 IN A 141.42.206.35
A 5 minute TTL is not excessively low. It amortises the cost of
closely-spaced repeated look ups, after that the data may as well
be fresh. Yes, a longer TTL can ride out brief problems with the
authoritative servers, but if one has reliable auth servers a 5m
TTLs is just fine.
The DNS for the domain is fine:
https://dnsviz.net/d/postfix.charite.de/aHTnFQ/dnssec/
other than a technicality, because it does not adhere to the NSEC3
iteration count recommended in RFC 9276, co-authored by some pedantic
advocate for common sense cryptography:
https://datatracker.ietf.org/doc/html/rfc9276#name-authors-addresses
> dont shout the messenger btw
s/shout/shoot/, fwiw.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
