On Tue, May 04, 2021 at 10:02:49AM +0200, Bjoern Franke wrote:
> Do I miss something why postfix has the trouble with the reply?
>
> $ dig +dnssec -t TLSA _25._tcp.smtp-relay-in-s1.neusta.de
You're testing with "dig", which is *not* the same as the C library stub
DNS resolver.
> ;; Truncated, retrying in TCP mode.
The response is too large for UDP, given a conservative EDNS buffer
size...
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1232
Which "dig" uses, but the C library likely sets the historical default
of "4096" bytes, expecting that to work. I am not aware of any way to
configure the EDNS buffer size in the C library stub resolver, short of
recompiling the C library.
--
Viktor.
