Understand how enabling DNSSEC changes the way SMG interacts with DNS servers during email processing.

• Enhanced DNS Queries: SMG requests DNSSEC-specific records (RRSIG, DNSKEY) alongside standard ones.

• Validation Behavior: SMG attempts to validate responses if DNSSEC data is present.

  • Success ➝ Message is delivered.

  • Failure ➝ Message remain in the delivery queue with the SMTP response code "421 4.4.4 [internal] domain does not resolve".

• Non-DNSSEC Domains: If no DNSSEC data exists, SMG proceeds with standard DNS resolution.