On 2016-12-06 17:14, Viktor Dukhovni wrote:
On Tue, Dec 06, 2016 at 04:56:58PM -0800, MRob wrote:
> To be fair to the good folks at PowerDNS, the software in question
> was an alpha version, that Ubuntu should probably not have shipped
> in a prod release. I don't know of any similar issues in actual
> releases of PowerDNS.
Thank you both for the help. Looks like the only recourse is to stop
using
PDNS or install it from source until Ubuntu can provide a non-alpha
product.
I'm shocked that they have done such a thing. I wonder if a post to
their
mailing list would get the attention of the right person.
I take it then that you too are using a PDNS resolver on (a suitably
recent) Ubuntu? In that case the problem is rather expected, and
matches exactly the same issue reported here a week or two back.
Search the list archives. You may find that the original poster
of that older message has already opened an Ubuntu ticket for this
issue.
In the mean-time, unbound works pretty well, and of course you can
insteall a more stable PDNS from the upstream source.
I expect we'll now be seeing repeated reports of this particular
issue from time to time. I might not always be inspired to come
forward with the standard answer, so if anyone else wants to help
out the next user with this problem, go for it.
You're correct. I had searched prior to posting, but maybe the last
thread is too recent to have made it into the right coffers. For the
record, here is the official bug (to which I am adding my voice) and the
original thread from this list:
https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538
http://postfix.1071664.n5.nabble.com/EDNS-DANE-trouble-with-Microsoft-mail-protection-outlook-com-td87331.html#a87353
I know it might irk you, but it does appear that changing this setting
will fix the problem for now. Hope Ubuntu can get this fixed quickly.
smtp_tls_dane_insecure_mx_policy=may