Hi, while playing around with DANE-enabled postfix, I've been running in some problems (maybe) concerning with postfix's usage of libc / res_query.c
At the moment it seems to me, libc (or something around) is cutting off the necessary DO-Bit in the dns-queries. While asking the local dnssec-aware unbound with dig or drill, I'm getting the correct answer and the AD-flag set in the answer. Running OpenBSD 5.5-release postfix-2.11.0 unbound-1.4.21p0 etc/resolv.conf says: nameserver 127.0.0.1 options edns0 Looking at lib/libc/net/res_query.c, I can see the usage of RES_DNSSEC and RES_EDNS0, but I can't see anything specific concerning to DO-bit. But to be honest, I'm far from being a C-programmer :) Does anyone already met some familiar issue and maybe have some workarounds ? Or can anyone verify / falsify my libc-theory ? Kind regards, Marco
