On 2021-07-13 Simon Josefsson <si...@josefsson.org> wrote: > Package: exim4 > Version: 4.92-8+deb10u6
> I got bounces due to delivery failures when mailing someone from my > exim4-based mail server. The log file contains: > 2021-07-13 06:20:20.720 [13321] 1m1lRa-0002RD-DO H=mailcluster.loopia.se > [2a02:250:0:48::13]:25: DANE error: tlsa lookup DEFER [...] > 2021-07-13 06:20:20.726 [13320] 1m1lRa-0002RD-DO == x...@vetiveradv.se > R=dnslookup T=remote_smtp defer (-36): DANE error: tlsa lookup DEFER > After a couple of days, it times out and I get a bounce back. > Before I could try the 'hosts_try_dane' option, I changed the > /etc/resolv.conf DNS servers from my ISP's to my own 127.0.0.1 unbound > instance, thinking it may be a DNS server problem. Indeed, that > resolved my problem, and delivery worked again. > While the domain might contain buggy DANE records (it passes some checks > [2] though?), it seems like a exim4 problem that things works fine with > one DNS server and not another. I'm guessing the problem was not with > the DANE records, but with the responses received from the DNS server? > How can I debug the DNS problem further? > This is the first case this happened, and I'm emailing many domains with > DANE records, so I'm a bit puzzled what went wrong here. Hello Simon, looks indeed like the provider DNS server was broken. Does host -t TLSA _25._tcp.mailcluster.loopia.se work? exim's debug facilities might have helped,e.g. exim -M message-id -d+dns+host_lookup+resolver cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
