On 11-02-2025 08:28, Viktor Dukhovni via Postfix-users wrote:
On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-users
wrote:
I have decided to give it a shot.
When you say "give it a shot", do you mean enabling DANE*outbound* in
your Postfix SMTP client, i.e. verify the DANE TLSA records of remote
domains that have implemented it?
If so, that's pretty simple, you need a local DNSSEC validating resolver
(BIND, unbound, knot, not systemd-resolved or dns-masq).
Then just:
/etc/resolv.conf
nameserver 127.0.0.1
# Glibc-specific
options trust-ad
In short, what does this do?
(the options part....)
I have in-house bind running and put the ip's at the nameserver part.
Been working for some weeks now.
A quick google show me a warning that the options part only works with
127.0.0.1, is this correct?
My bind is running on another machine.
:-)
Danjel
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
