I (by accident) discovered that glibc has introduced a new resolver option in resolv.h:
#define RES_TRUSTAD 0x04000000 /* Request AD bit, keep it in responses. */ I've done some testing with this, and it resolves the issue with the AD flag not being returned. So based on this I think this bug needs to be changed back to postfix, and postfix needs to be updated to include this flag? Ideally the behaviour require should be: * If RES_TRUSTAD is defined, then postfix should use that instead of RES_USE_DNSSEC and RES_USE_EDNS0. * If RES_TRUSTAD is not defined, then postfix should maintain current behaviour of using RES_USE_DNSSEC and RES_USE_EDNS0. If the above is implemented it would reduce the size of the DNS queries, because they won't include the RRSIG records that "come for free" when the DO bit is set (based on RES_USE_DNSSEC). Thanks, Nick. ** Package changed: glibc (Ubuntu) => postfix (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868955 Title: after upgrade to 20.04: posttls cannot connect to private/tlsmgr To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1868955/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
