Thank you VERY much for the numerous responses, the missing AD bit in the dns reply indeed was the issue.
Setting in recursor.conf Dnssec=validate Solved the problem, using unbound also confirmed working! -- Stefan Fasan -----Ursprüngliche Nachricht----- Von: Exim-users [mailto:[email protected]] Im Auftrag von Jeremy Harris Gesendet: Mittwoch, 08. Februar 2017 13:48 An: [email protected] Betreff: Re: [exim] recipient DNSSEC validation question for exim 4.88 with exp DANE support On 08/02/17 12:04, Fasan, Stefan via Exim-users wrote: > dig mx4.unitybox.de +dnssec +multi > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> mx4.unitybox.de > +dnssec +multi ;; global options: +cmd ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13137 ;; flags: qr > rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ^^^^^^^^ No AD bit in the reply. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ Information gemäß § 14 Unternehmensgesetzbuch: UPC Austria GmbH, Firmensitz: Wolfganggasse 58-60, 1120 Wien, Firmenbuchnummer: FN 251865s, Handelsgericht Wien. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
