Validator strange behaviour/bug?

Florian Fuchs ff at
Wed Jan 14 13:13:51 CET 2015

Am 14.01.2015 um 13:02 schrieb Leon Weber:
> Hi,
> First of all, thanks for the DANE validator, it’s a very useful too!


> One thing I’ve noticed:  I have a domain with two MX records, one of
> which is missing a TLSA record.  That’s obviously a misconfiguration,
> and the validator points that out correctly, however, it seems to ignore
> the second MX record:
> <>
> % dig mx +short
> 23
> 42
> Is that expected behaviour (stop at earliest error)?  I think it’s
> confusing and there should at least be some hint that there may be
> further MX records.  Ideally it would just print both MX records and
> test both of them.

The behavior is expected if the ignored MX has a lower priority than the
failed one.

But you're absolutely right, this should be displayed in the UI in some
manner (in fact, we already have this on our to do list...).


More information about the dane-users mailing list