On Sun, Aug 31, 2014 at 12:33:36PM +0200, Ralf Hildebrandt wrote:
> * Patrick Ben Koetter <postfix-users@postfix.org>:
>
> > If you don't see it, you resolver cannot authenticated DNSSEC enabled
> > domains.
> > Then you need to change that.
>
> One solution would be to install "unbound" as local caching resolver
> and then let resolv.conf point to 127.0.0.1
As documented, DANE support *requires* a DNSSEC validating recursive
resolver installed on the MTA (unbound or BIND) and /etc/resolv.conf
*must* list only 127.0.0.1.
--
Viktor.
