>> Yes, but what you really need is working TCP fallback, when the DNS >> response is truncated due to exceeding the UDP packet size limit (even >> happens with EDNS0, the default UDP buffer size could still be too small >> for some queries). Just EDNS0 is not the whole story, it just pushes >> out the problem to case with many more IP addresses that exceed even >> the ~1.2k–~4k EDNS0 buffers (vary by implementation). > > I guess that should be possible by setting up a local resolver with suitable > features and then configure options use-vc edns0 trust-ad as you suggested. > > Currently we are using our ISP's resolver.
As Viktor said, you should run a local resolver. # cat /etc/rocky-release Rocky Linux release 8.10 (Green Obsidian) # dnf install unbound # systemctl enable unbound # systemctl start unbound # cat /etc/resolv.conf nameserver 127.0.0.1 Without any configuration changes to unbound.conf and without any resolv.conf options, this works: [rpmbuild@centos8-dev name-addr-test]$ ./getaddrinfo smtpfra7.fortimailcloud.com | fmt Hostname: smtpfra7.fortimailcloud.com Addresses: 154.52.2.155 154.52.2.146 154.52.2.232 154.52.2.225 154.52.2.224 154.52.2.148 154.52.2.250 154.52.2.152 154.52.2.147 154.52.2.251 154.52.2.154 154.52.2.227 154.52.2.141 154.52.2.156 154.52.2.157 154.52.2.226 154.52.2.236 154.52.2.151 154.52.2.158 154.52.2.142 154.52.2.240 154.52.2.231 154.52.2.242 154.52.2.153 154.52.2.228 154.52.2.245 154.52.2.229 154.52.2.243 154.52.2.248 154.52.2.241 154.52.2.235 154.52.2.233 154.52.2.238 154.52.2.239 154.52.2.149 154.52.2.234 154.52.2.246 154.52.2.237 154.52.2.247 154.52.2.249 154.52.2.244 154.52.2.150 154.52.2.143 154.52.2.145 154.52.2.230 154.52.2.144 This is just to demonstrate it works out of the box, additional options can still be applied to resolv.conf. The idea with enterprise distributions is to upgrade the operating system when replacing the hardware. Fedora is great to explore new features, but it is unsuitable in this regard unless you're up to extra work: https://docs.fedoraproject.org/en-US/releases/lifecycle/ The Fedora Project releases a new version of Fedora Linux approximately every six months and provides updated packages (maintenance) to these releases for approximately 13 months. This allows users to "skip a release" while still being able to always have a system that is still receiving updates." RHEL and derivatives usually provide updates for 10 years: https://endoflife.date/rhel Best regards, Gerald _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
