Hi,
we encounter an issue with DANE-enabled Postfix
trying to deliver mail to a DNSSEC-enabled domain
that has no specific TLSA records for its MX but
obviously a wildcard CNAME entry:
Sep 3 14:18:47 mailout1 postfix/smtp[30772]: warning: DANE TLSA lookup
problem: Host or domain name not found.
Hello,
I am trying to interpret two different MX lookup errors.
1) In first case Postfix generated NDR immediately and error message as follows
dsn=5.4.4, status=bounced (Host or domain name not found. Name service
error for name=aaa-rus.ru type=A: Host found but no data record of
requested type
Robert Sander:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> Hi,
>
> we encounter an issue with DANE-enabled Postfix
> trying to deliver mail to a DNSSEC-enabled domain
> that has no specific TLSA records for its MX but
> obviously a wildcard CNAME entry:
>
> Sep
tejas sarade:
> 2) In the second case Postfix deferred the mail and retry to deliver mail.
>
> dsn=4.4.3, status=deferred (Host or domain name not found. Name
> service error for name=bb-logistic.ru type=MX: Host not found, try
> again)
The DNS server did not reply, or it replied with a "try
* tejas sarade :
> Hello,
>
> I am trying to interpret two different MX lookup errors.
>
> 1) In first case Postfix generated NDR immediately and error message as
> follows
>
> dsn=5.4.4, status=bounced (Host or domain name not found. Name service
> error for name=aaa-rus.ru type=A: Host found
On Wed, Sep 03, 2014 at 02:25:06PM +0200, Robert Sander wrote:
> Sep 3 14:18:47 mailout1 postfix/smtp[30772]: warning: DANE TLSA lookup
> problem: Host or domain name not found. Name service error for
> name=_25._tcp.mail2.clarion-hotels.cz type=TLSA: Host not found, try again
> $ host -t tlsa
Viktor Dukhovni:
> On Wed, Sep 03, 2014 at 02:25:06PM +0200, Robert Sander wrote:
>
> > Sep 3 14:18:47 mailout1 postfix/smtp[30772]: warning: DANE TLSA lookup
> > problem: Host or domain name not found. Name service error for
> > name=_25._tcp.mail2.clarion-hotels.cz type=TLSA: Host not found,
Wietse Venema:
> Robert Sander:
>
> Checking application/pgp-signature: FAILURE
> -- Start of PGP signed section.
> > Hi,
> >
> > we encounter an issue with DANE-enabled Postfix
> > trying to deliver mail to a DNSSEC-enabled domain
> > that has no specific TLSA records for its MX but
> > obviousl
On Wed, Sep 03, 2014 at 10:43:21AM -0400, Wietse Venema wrote:
> > I don't see a CNAME, I get SERVFAIL:
>
> Actually, this depends on your resolver. Search your favorite
> search engine for "DNSSEC wildcard".
Unbound is supposed to handle this correctly. It also SERVFAILs
at Google's 8.8.8.8 v
