Hey there,
We run validating resolvers at the day job, but by default not on the box
where postfix runs. (I.e. we rely on the AD bit).
In reading over what's required to enable DANE support in postfix, I see
that there's a compile-time requirement for the DNS lib in the OS to
support it, which our OS does according to resolv.h. I don't see any
options in the port to enable/disable this feature.
Is there a -V command or something I can have postfix log to see if this
is the case? Also, is there a way to add a header implying the status of
a DANE lookup to outbound mail?
If you've set smtp_tls_security_level=dane, but haven't set
smtp_dns_support_level=dnssec, is a warning logged?
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
FB: fb.com/DanielMahoneyIV
LI: linkedin.com/in/gushi
Site: http://www.gushi.org
---------------------------
