At 10:46 AM 9/19/2010, you wrote: >On Sun, 2010-09-19 at 10:16:48 -0500, Len Conrad wrote: > >[ .. ] > >> so you're both saying that a dns query to the system resolver by >> unprivileged postscreen gets different results than a query from >> privileged dig? > >That is your straw man and misses the point. > >True or false: your command line tests on the Postfix machine did not >replicate how Postfix actually conducts DNS queries?
True. A useless question, and answer. dig @zen.rbldnsd.domain.net <ip>.zen.rbldnsd.domain.net The system resolver returned the IP of (NS) zen.rbldnsd.domain.net, and dig sent the query there, and got the desired answer. postscreen queried (the system resolver) for <ip>.zen.rbldnsd.domain.net. The system resolver queried for the NS for zen.rbldnsd.domain.net and sent the query to that IP, and got always a negative answer. with: dig @127.0.0.1 <ip>.zen.rbldnsd.domain.net ... matches postscreen's query, and gets the same always-negative answers. privileges had nothing to do with the above. Len
