Thank you VERY much for the numerous responses, the missing AD bit in the dns reply indeed was the issue.
Setting in recursor.conf
Dnssec=validate
Solved the problem, using unbound also confirmed working!
--
Stefan Fasan
-----Ursprüngliche Nachricht-----
Von: Exim-users [
mailto:exim-users-bounces+sfasan=libertyglobal.com@exim.org] Im Auftrag von Jeremy Harris
Gesendet: Mittwoch, 08. Februar 2017 13:48
An: exim-users@???
Betreff: Re: [exim] recipient DNSSEC validation question for exim 4.88 with exp DANE support
On 08/02/17 12:04, Fasan, Stefan via Exim-users wrote:
> dig mx4.unitybox.de +dnssec +multi
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> mx4.unitybox.de
> +dnssec +multi ;; global options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13137 ;; flags: qr
> rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
^^^^^^^^
No AD bit in the reply.
--
Cheers,
Jeremy
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
Information gemäß § 14 Unternehmensgesetzbuch: UPC Austria GmbH, Firmensitz: Wolfganggasse 58-60, 1120 Wien, Firmenbuchnummer: FN 251865s, Handelsgericht Wien.
