Robert Sander:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> Hi,
>
> we encounter an issue with DANE-enabled Postfix
> trying to deliver mail to a DNSSEC-enabled domain
> that has no specific TLSA records for its MX but
> obviously a wildcard CNAME entry:
>
> Sep 3 14:18:47 mailout1 postfix/smtp[30772]: warning: DANE TLSA lookup
> problem: Host or domain name not found. Name service error for
> name=_25._tcp.mail2.clarion-hotels.cz type=TLSA: Host not found, try again
Looks like the DNS client is losing some query flags while resolving
the CNAME record. I'll investigate further.
Wietse
