> -----Original Message----- > From: Viktor Dukhovni via Postfix-users <postfix-users@postfix.org> > Sent: 24. april 2024 09:19 > To: postfix-users@postfix.org > Subject: [pfx] Re: IMPORTANT, drop "resolve [!UNAVAIL=return]" from Linux > nsswitch.conf files > > On Wed, Apr 24, 2024 at 07:43:35AM +0200, Reto via Postfix-users wrote: > > On Mon, Apr 22, 2024 at 03:50:34PM GMT, Viktor Dukhovni via Postfix- > users wrote: > > > and this (specifically, !UNAVAIL=return) turns soft DNS failures > > > into hard errors. > > > > > > The solution, on any production mail server, is to remove (with > > > prejudice) > > > > > > resolve [!UNAVAIL=return] > > > > This doesn't sound right... > > All that says is once you've gotten a response from systemd-resolve > > that the lookup chain should end, which, if it's actually running, is what you > want. > > As the lookup via DNS already happened there after all, there's no reason to > repeat it. > > > > It doesn't have an impact whatsoever on soft vs hard fail, resolve > > either gives you the domain after the lookup or whatever response it got > from the upstream server (DNS or what have you). > > Whether or not it sounds right, it happens to to be true that "return" > yields a "hard" no such host, even when the last service used tempfailed. One > might reasonably consider this a glibc bug, but perhaps they have some use- > case to justify this behaviour. > > Regardless, as things stand, the default Fedora 39 nsswitch.conf makes Postfix > restrictions much too fragile, and needs to be avoided. > > -- > Viktor.
files dns is standard on my installation (Gentoo Linux/OpenRC) https://man.archlinux.org/man/nss-resolve.8.en seems to say that the order should be: mymachines resolve [!UNAVAIL=return] files myhostname when using/utilizing systemd-resolved - dunno if that changes anything really though. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
