DANE TLSA lookup problem: Host or domain name not found. Name service error for name

Discussion in 'General' started by muekno, Jun 2, 2021.

  1. muekno

    muekno Member HowtoForge Supporter

    I have two nearly equal configured ISPConfig mail systems. Mine and one at a custumers site.
    If my customer try to send a mail tosomebody it is not sent. Postfix log shows
    [postfix/smtp[53376]: warning: DANE TLSA lookup problem: Host or domain name not found. Name service error for name=_25._tcp.server.domain.tld type=TLSA: Host not found, try again]
    If i send a mail to the same recipiant the mail goes through.
    Why does postfix look for this record. I compared all for me relevant parts in main.cf from both systems, no difference.
    Both system Debian 10 latest patches, lastest ISPConfig.
    Thanks for help or hint
    Rainer
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you share the real hostname?
     
  3. muekno

    muekno Member HowtoForge Supporter

    target mail1.fanucc.eu and mail2.fanuc.eu
    source working is smtp1.gerdakloos.de
    source sending denied mail.max-eckstein.de
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    What is the setting of smtp_tls_security_level in /etc/postfix/main.cf on the host that malfunctions?
     
  5. muekno

    muekno Member HowtoForge Supporter

    smtp_tls_security_level = dane
    but on my server it is the same
    smtpd_tls_security_level on bth servers is may
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Because your smtp_tls_security_level is set to, which is generally not a problem, except:
    The difference is in your dns resolver, the TLSA lookups are failing from one site and not the other. Do you use the localhost as the dns resolver? (FWIW, you almost always should on a mail server.) Is the same software answering there? (Eg. both running bind, or both unbound, etc.)? What is the domain you are trying to email to?
     

Share This Page