On 15/2/2025 7:37 μ.μ., Viktor Dukhovni via Postfix-users wrote:
Yes, but what you really need is working TCP fallback, when the DNS response is truncated due to exceeding the UDP packet size limit (even happens with EDNS0, the default UDP buffer size could still be too small for some queries). Just EDNS0 is not the whole story, it just pushes out the problem to case with many more IP addresses that exceed even the ~1.2k–~4k EDNS0 buffers (vary by implementation).
I guess that should be possible by setting up a local resolver with suitable features and then configure options use-vc edns0 trust-ad as you suggested.
Currently we are using our ISP's resolver.I tried the "use-vc edns0 trust-ad" or "use-vc edns0" options but it won't work. On our boxes, with our current setup, getaddrinfo only works with edns0 option alone.
Many thanks to both Wietse and you for your guidance and advice that was key in resolving a really obscure issue, which has caused us much sorrow...
All the best, Nick
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
