PGNet Dev:
> 2022-10-05T17:30:13.277421-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
> warning: DANE TLSA lookup problem: Host or domain name not found. Name
> service error for name=_25._tcp.christopher-ew.state.gov type=TLSA: Host not
> found, try again
The Postfix SMTP client handles SERVFAIL as a TRY_AGAIN error,
because the reply is inconclusive about whether the record exists
or not.
> checking with my local resolver (unbound),
>
> dig +ad +noall +comment +ans +auth -t tlsa
> _25._tcp.christopher-ew.state.gov
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 491
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
> ADDITIONAL: 1
That is the SERVFAIL that Postfix handles as TRY_AGAIN.
My (BIND) resolver returns an NXDOMAIN response, as do 1.1.1.1
> dig +ad +noall +comment +ans +auth -t tlsa
> _25._tcp.christopher-ew.state.gov @1.1.1.1
and other public resolvers.
I suppose the problem is with your unbound.
Wietse
