> On May 1, 2017, at 10:33 AM, Jeremy Harris <jgh@???> wrote:
>
> Having looked again at the coding I do not see that behaviour.
> Have you verified this by experiment?
Yes, with Phil Pennock doing the test. Example domains that
should fail, but I believe don't with Exim are:
truman.edu
techtrack.gov
mof.gov.tw
http://dnsviz.net/d/_25._tcp.barracuda.truman.edu/dnssec/
http://dnsviz.net/d/_25._tcp.mx1.techtrack.gov/dnssec/
http://dnsviz.net/d/_25._tcp.mail.mof.gov.tw/dnssec/
$ dig +noall +comment -t tlsa _25._tcp.barracuda.truman.edu
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4694
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
--
Viktor.
