DANE error: tlsa lookup DEFER

Operating System & Version
CENTOS 6.10 virtuozzo
cPanel & WHM Version
v86.0.8

reddot

Member
Jan 14, 2008
7
0
51
I am getting quite a number of emails that cannot be sent since 26 Feb 2020. In exim_mainlog, the error is shown as "DANE error: tlsa lookup DEFER".

When I check the domain using DANE SMTP Validator, it says no TLSA records.

Even for a domain with TLSA record, my server still cannot send to it.

Please advise what could be wrong.
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
Hello,

This is a DNS record that you'd need to add, cPanel does not presently have support for these records to be added through the Zone Editor. There is a feature request here: https://features.cpanel.net/topic/dane-and-tlsa - within the feature request there is a link to a site that would allow you to create your own which may be helpful for you.
 

chengkinhung

Member
Jun 15, 2007
23
3
53
Hi, reddot, did you solve this issue ? I have encounter this issue too.

I notice this issure only happen in one cPanel server, I have not idea why Exim try to check the DNSSEC, by default it should not.
 

chengkinhung

Member
Jun 15, 2007
23
3
53
Hi, sorry, my mistake. Exim did not do this checking, but DNS resolver do this checking. In my case, I am using google DNS 8.8.4.4, and since from 20130506, google DNS enabled the DNSSEC. so for me, this issue solved, as my recipient domain indeed failed DNSSEC checking. Thanks.