Re: [exim] Failing for DNSSEC lookup

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMChristian Eyrich at <-
MViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Failing for DNSSEC lookup
On 20/03/2022 19:35, Christian Eyrich via Exim-users wrote:
> my exim installation is failing when I try forcing DNSSEC for DANE using "dnssec_require_domains" for any domain.

> --------> dnslookup_secure router <--------
> local_part=dnssectest1 domain=mailbox.org
> checking domains
> R: dnslookup_secure for dnssectest1@???
> calling dnslookup_secure router
> dnslookup_secure router called for dnssectest1@???
>   domain = mailbox.org
> DNS lookup of mailbox.org (MX) succeeded
> dnslookup_secure router: defer for dnssectest1@???
>   message: host lookup done insecurely
> added retry item for R:dnssectest1@???: errno=-1 more_errno=0 flags=0
> LOG: MAIN
>   == dnssectest1@??? R=dnslookup_secure defer (-1): host lookup done insecurely

The lookup was attempted, and DNSSEC verification of the result failed.
Either the target DNS record provider (or the chain back up to the DNS root)
do not support DNSSEC, or some bad actor is interfering with the lookup.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Failing for DNSSEC lookupRe: [exim] Failing for DNSSEC lookup->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)