On Wed, Sep 03, 2014 at 02:40:09PM +, Viktor Dukhovni wrote:
> $ dig +cd +dnssec +noall +comment +ans +auth -t tlsa
> fail.mail2.clarion-hotels.cz
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63426
> ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 2, AUTHORI
On Wed, Sep 03, 2014 at 10:43:21AM -0400, Wietse Venema wrote:
> > I don't see a CNAME, I get SERVFAIL:
>
> Actually, this depends on your resolver. Search your favorite
> search engine for "DNSSEC wildcard".
Unbound is supposed to handle this correctly. It also SERVFAILs
at Google's 8.8.8.8 v
Wietse Venema:
> Robert Sander:
>
> Checking application/pgp-signature: FAILURE
> -- Start of PGP signed section.
> > Hi,
> >
> > we encounter an issue with DANE-enabled Postfix
> > trying to deliver mail to a DNSSEC-enabled domain
> > that has no specific TLSA records for its MX but
> > obviousl
Viktor Dukhovni:
> On Wed, Sep 03, 2014 at 02:25:06PM +0200, Robert Sander wrote:
>
> > Sep 3 14:18:47 mailout1 postfix/smtp[30772]: warning: DANE TLSA lookup
> > problem: Host or domain name not found. Name service error for
> > name=_25._tcp.mail2.clarion-hotels.cz type=TLSA: Host not found,
On Wed, Sep 03, 2014 at 02:25:06PM +0200, Robert Sander wrote:
> Sep 3 14:18:47 mailout1 postfix/smtp[30772]: warning: DANE TLSA lookup
> problem: Host or domain name not found. Name service error for
> name=_25._tcp.mail2.clarion-hotels.cz type=TLSA: Host not found, try again
> $ host -t tlsa
Robert Sander:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> Hi,
>
> we encounter an issue with DANE-enabled Postfix
> trying to deliver mail to a DNSSEC-enabled domain
> that has no specific TLSA records for its MX but
> obviously a wildcard CNAME entry:
>
> Sep
