Comment 23 for bug 1868955
Revision history for this message
| Nick Tait (nick.t) wrote Re: after upgrade to 20.04: posttls cannot connect to private/tlsmgr | #23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I (by accident) discovered that glibc has introduced a new resolver option in resolv.h:
#define RES_TRUSTAD 0x04000000 /* Request AD bit, keep it in responses. */
I've done some testing with this, and it resolves the issue with the AD flag not being returned.
So based on this I think this bug needs to be changed back to postfix, and postfix needs to be updated to include this flag? Ideally the behaviour require should be:
* If RES_TRUSTAD is defined, then postfix should use that instead of RES_USE_DNSSEC and RES_USE_EDNS0.
* If RES_TRUSTAD is not defined, then postfix should maintain current behaviour of using RES_USE_DNSSEC and RES_USE_EDNS0.
If the above is implemented it would reduce the size of the DNS queries, because they won't include the RRSIG records that "come for free" when the DO bit is set (based on RES_USE_DNSSEC).
Thanks,
Nick.