PGNet Dev:
>       2022-10-05T17:30:13.277421-04:00 mx03 postfix/smtp-out-ext/smtp[8484]: 
> warning: DANE TLSA lookup problem: Host or domain name not found. Name 
> service error for name=_25._tcp.christopher-ew.state.gov type=TLSA: Host not 
> found, try again

The Postfix  SMTP client handles SERVFAIL as a TRY_AGAIN error,
because the reply is inconclusive about whether the record exists
or not.

> checking with my local resolver (unbound),
> 
>       dig +ad +noall +comment +ans +auth -t tlsa 
> _25._tcp.christopher-ew.state.gov
>               ;; Got answer:
>               ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 491
>               ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, 
> ADDITIONAL: 1

That is the SERVFAIL that Postfix handles as TRY_AGAIN.

My (BIND) resolver returns an NXDOMAIN response, as do 1.1.1.1

>       dig +ad +noall +comment +ans +auth -t tlsa 
> _25._tcp.christopher-ew.state.gov @1.1.1.1

and other public resolvers.

I suppose the problem is with your unbound.

        Wietse

Reply via email to