Hi,
First of all, thanks for the DANE validator, it’s a very useful too!
One thing I’ve noticed: I have a domain with two MX records, one of which is missing a TLSA record. That’s obviously a misconfiguration, and the validator points that out correctly, however, it seems to ignore the second MX record:
https://dane.sys4.de/smtp/lists.zombofant.net
% dig mx lists.zombofant.net +short 23 io.sotecware.net. 42 mail.sotecware.net.
Is that expected behaviour (stop at earliest error)? I think it’s confusing and there should at least be some hint that there may be further MX records. Ideally it would just print both MX records and test both of them.
-- Leon.
Am 14.01.2015 um 13:02 schrieb Leon Weber:
Hi,
First of all, thanks for the DANE validator, it’s a very useful too!
Thanks!
One thing I’ve noticed: I have a domain with two MX records, one of which is missing a TLSA record. That’s obviously a misconfiguration, and the validator points that out correctly, however, it seems to ignore the second MX record:
https://dane.sys4.de/smtp/lists.zombofant.net
% dig mx lists.zombofant.net +short 23 io.sotecware.net. 42 mail.sotecware.net.
Is that expected behaviour (stop at earliest error)? I think it’s confusing and there should at least be some hint that there may be further MX records. Ideally it would just print both MX records and test both of them.
The behavior is expected if the ignored MX has a lower priority than the failed one.
But you're absolutely right, this should be displayed in the UI in some manner (in fact, we already have this on our to do list...).
Florian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi,
On 14.01.2015 13:02, Leon Weber wrote:
First of all, thanks for the DANE validator, it’s a very useful too!
I can only second that!
One thing I’ve noticed: I have a domain with two MX records, one of which is missing a TLSA record. That’s obviously a misconfiguration, and the validator points that out correctly, however, it seems to ignore the second MX record:
For anyone reading this post-fact and being confused, I fixed the missing record.
regards, jwi
participants (3)
-
Florian Fuchs -
Jonas Wielicki -
Leon Weber