PGNet Dev: > 2022-10-05T17:30:13.277421-04:00 mx03 postfix/smtp-out-ext/smtp[8484]: > warning: DANE TLSA lookup problem: Host or domain name not found. Name > service error for name=_25._tcp.christopher-ew.state.gov type=TLSA: Host not > found, try again
The Postfix SMTP client handles SERVFAIL as a TRY_AGAIN error, because the reply is inconclusive about whether the record exists or not. > checking with my local resolver (unbound), > > dig +ad +noall +comment +ans +auth -t tlsa > _25._tcp.christopher-ew.state.gov > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 491 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, > ADDITIONAL: 1 That is the SERVFAIL that Postfix handles as TRY_AGAIN. My (BIND) resolver returns an NXDOMAIN response, as do 1.1.1.1 > dig +ad +noall +comment +ans +auth -t tlsa > _25._tcp.christopher-ew.state.gov @1.1.1.1 and other public resolvers. I suppose the problem is with your unbound. Wietse