Am 25.02.2014 17:41, schrieb Dirk Stöcker: > On Tue, 25 Feb 2014, Viktor Dukhovni wrote: >>> smtp_dns_support_level = dnssec >>> >>> was enough to fix this. I'll see how many servers will have a >>> "Verified" connection in the future. >> >> I hope you read the note about the importance of having 127.0.0.1 >> and/or ::1 as the only nameservers listed in /etc/resolv.conf, and > > No, did not read it, but this was obvious :-)
why and how should this work for real networks where you have two DNS servers for failover in the LAN and typically no one on the mailserver? if 192.168.196.1 and 192.168.196.2 support DNSSEC it has to work if both of them in resolv.conf, otherwise DANE will not happen in the real world
