DANE error: tlsa lookup DEFER

[reddot]

I am getting quite a number of emails that cannot be sent since 26 Feb 2020. In exim_mainlog, the error is shown as "DANE error: tlsa lookup DEFER".

When I check the domain using DANE SMTP Validator, it says no TLSA records.

Even for a domain with TLSA record, my server still cannot send to it.

Please advise what could be wrong.

 

[cPanelLauren]

Hello,

This is a DNS record that you'd need to add, cPanel does not presently have support for these records to be added through the Zone Editor. There is a feature request here: https://features.cpanel.net/topic/dane-and-tlsa - within the feature request there is a link to a site that would allow you to create your own which may be helpful for you.

 

[chengkinhung]

Hi, reddot, did you solve this issue ? I have encounter this issue too.

I notice this issure only happen in one cPanel server, I have not idea why Exim try to check the DNSSEC, by default it should not.

 

[chengkinhung]

Hi, sorry, my mistake. Exim did not do this checking, but DNS resolver do this checking. In my case, I am using google DNS 8.8.4.4, and since from 20130506, google DNS enabled the DNSSEC. so for me, this issue solved, as my recipient domain indeed failed DNSSEC checking. Thanks.