Date: Mon, 13 Apr 2020 11:25:41 +0200 From: Christian <list-christian@....de> To: musl@...ts.openwall.com Subject: Resolver routines, Postfix DNSSEC troubles - how to check for incompatibilities? Hi there, I am having an issue in my alpine docker setup with Postfix. I activated DANE for my server and did some tests if E-Mails are handled correctly. In that I found the outgoing mails to fail using DANE. Investigating the issue with Viktor Dukhovni over at postfix-users, we figured, that Postfix has troubles recognising the DANE parameters of the target server I am sending my E-Mails to. If you are interested in the conversation: https://pastebin.com/1e3sR0Hq In the tcpdumps we could figure, that no DNSSEC flags are in the request by Postfix, hence not getting the information to properly do DANE. That explains the failure of DANE, however not why this is happening. I am no programmer, hence not sure about libc etc. but Viktors last thought: "When Postfix is configured with "smtp_dns_support_level = dnssec", the RES_USE_DNSSEC and RES_USE_EDNS0 flags are set around calls to the resolver routines. If your C-library (perhaps only inside docker) has an incopatible resolver API, then you'll need a more compatible resolver library and/or a different container technology." In comparison using dig to check for DNSSEC out of the same container based on alpine works. However I do not know if the request is constructed the same way. So the question is now on how we can go about this to figure if there is an incompatibility? Kind regards Christian
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.