14 Jan
2015
14 Jan
'15
1:02 p.m.
Hi,
First of all, thanks for the DANE validator, it’s a very useful too!
One thing I’ve noticed: I have a domain with two MX records, one of which is missing a TLSA record. That’s obviously a misconfiguration, and the validator points that out correctly, however, it seems to ignore the second MX record:
https://dane.sys4.de/smtp/lists.zombofant.net
% dig mx lists.zombofant.net +short 23 io.sotecware.net. 42 mail.sotecware.net.
Is that expected behaviour (stop at earliest error)? I think it’s confusing and there should at least be some hint that there may be further MX records. Ideally it would just print both MX records and test both of them.
-- Leon.