https://bugs.exim.org/show_bug.cgi?id=2704
--- Comment #6 from Simon Arlott <bugzilla.exim.si...@arlott.org> --- >> There doesn't appear to be a way to require DANE if there's a signed TLSA >> result without also refusing connections when the host lookup is not signed. > > You appear to be confused. DANE is *required* when there are signed > DANE TLSA records. I'm not confused. I am stating my understanding of the behaviour of Exim based on Jeremy's comment. There is a lack of information on when Exim sets the AD flag or how it interprets responses. What is "TLSA lookup was dnssec" supposed to mean? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##