Hi, > > Already here we see that "posttls-finger" did not report trouble looking > up the TLSA RRs, as it would with e.g. "assugo.be" (one of the 300+ > domains affected by broken denial of existence via axc.nl nameservers): > > $ posttls-finger assugo.be > posttls-finger: warning: DANE TLSA lookup problem: Host or domain name > not found. Name service error for name=_25._tcp.assugo.be type=TLSA: Host not > found, try again > posttls-finger: warning: DANE TLSA lookup problem: Host or domain name > not found. Name service error for name=_25._tcp.assugo.be type=TLSA: Host not > found, try again > posttls-finger: Failed to establish session to assugo.be via assugo.be: > TLSA lookup error for assugo.be:25 > posttls-finger: warning: DANE TLSA lookup problem: Host or domain name > not found. Name service error for name=_25._tcp.assugo.be type=TLSA: Host not > found, try again > posttls-finger: Failed to establish session to assugo.be via assugo.be: > TLSA lookup error for assugo.be:25
it seems neusta.de can be added to the list: posttls-finger neusta.de posttls-finger: warning: DANE TLSA lookup problem: Host or domain name not found. Name service error for name=_25._tcp.smtp-relay-in-s1.neusta.de type=TLSA: Host not found, try again posttls-finger: warning: DANE TLSA lookup problem: Host or domain name not found. Name service error for name=_25._tcp.smtp-relay-in-s1.neusta.de type=TLSA: Host not found, try again posttls-finger: Failed to establish session to neusta.de via smtp-relay-in-s1.neusta.de: TLSA lookup error for smtp-relay-in-s1.neusta.de:25 Postfix uses knot-resolver, knot-resolver disables QNAME-minimization automatically. Regards Bjoern
