Am 15.09.2014 um 15:58 schrieb Kevin Chadwick: > On Mon, 15 Sep 2014 12:59:46 +0200 > Marco Prause wrote: > >> Does anyone already met some familiar issue and maybe have some >> workarounds ? Or can anyone verify / falsify my libc-theory ? > > I'd look into whether you still have an issue whilst using TCP for the > requests?
Well, I gave "options edns0 tcp" in resolv.conf a short try, but with the same result in the maillog: "non DNSSEC destination" for i.e. ietf.org. Concerning a DO-Bit I could only find a hint in the bind-sources, like i.e. /usr.sbin/bind/bin/named/query.c but nothing equivalent in ./libc/net/res_query.c or ./lib/libc/net/res_mkquery.c At the moment I have no idea to reproduce the postfix query manually through the libc-calls. While sniffing on the outside interface I can see, that queries that go through libc-stub-resolver don't have the DO bit set anymore. Regards, Marco
