Re: [exim] Failing for DNSSEC lookup

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Failing for DNSSEC lookup
On 20/03/2022 19:35, Christian Eyrich via Exim-users wrote:
> my exim installation is failing when I try forcing DNSSEC for DANE using "dnssec_require_domains" for any domain.


> --------> dnslookup_secure router <--------
> local_part=dnssectest1 domain=mailbox.org
> checking domains
> R: dnslookup_secure for dnssectest1@???
> calling dnslookup_secure router
> dnslookup_secure router called for dnssectest1@???
>   domain = mailbox.org
> DNS lookup of mailbox.org (MX) succeeded
> dnslookup_secure router: defer for dnssectest1@???
>   message: host lookup done insecurely
> added retry item for R:dnssectest1@???: errno=-1 more_errno=0 flags=0
> LOG: MAIN
>   == dnssectest1@??? R=dnslookup_secure defer (-1): host lookup done insecurely


The lookup was attempted, and DNSSEC verification of the result failed.
Either the target DNS record provider (or the chain back up to the DNS root)
do not support DNSSEC, or some bad actor is interfering with the lookup.
--
Cheers,
Jeremy