Am 14.01.2015 um 13:02 schrieb Leon Weber:
Hi,
First of all, thanks for the DANE validator, it’s a very useful too!
Thanks!
One thing I’ve noticed: I have a domain with two MX records, one of which is missing a TLSA record. That’s obviously a misconfiguration, and the validator points that out correctly, however, it seems to ignore the second MX record:
https://dane.sys4.de/smtp/lists.zombofant.net
% dig mx lists.zombofant.net +short 23 io.sotecware.net. 42 mail.sotecware.net.
Is that expected behaviour (stop at earliest error)? I think it’s confusing and there should at least be some hint that there may be further MX records. Ideally it would just print both MX records and test both of them.
The behavior is expected if the ignored MX has a lower priority than the failed one.
But you're absolutely right, this should be displayed in the UI in some manner (in fact, we already have this on our to do list...).
Florian