Hardeninze is not able to detect DANE?

[wioxjk]

Despite having deployed dane, and getting successful check with other tools like: https://www.huque.com/bin/danecheck https://dane.sys4.de/

Hardenize is unable to recognize it. Why?

The domain that the problem occurs on is selea.se

[ivanr]

I think this is an issue with the DNS cache. I refreshed the assessment and the port 443 DANE showed up. Although we're treating your SMTP servers as sensitive, running a test from our development environment shows DANE there too. IIRC, our DNS cache is currently at 1 hour, which is probably the culprit. Could you please confirm?

[wioxjk]

Hi, I added TLSA for port 443, but I do also have it on port 25 on my MX and that does not show up.

I can only confirm that DANE under email still does not show up

[ivanr]

DANE not showing up is due to the fact that we're being blocked by some of the SMTP servers and are unable to fetch the certificates. We have #2 for that and it won't be long now before we make the next batch of improvements. I am closing this ticket as I don't think our DANE code is at fault. Thanks!

[wioxjk]

Even if the MX record for the other servers is removed - DANE and DNSSEC still does not show up. Please check again and reopen the ticket.

[ivanr]

It's not showing up because we're caching SMTP assessments, see below:

However, after manually clearing the cache, DANE shows up as expected.

It's all green: https://www.hardenize.com/report/selea.se/1521105680#email

[wioxjk]

Alright! I thought that pressing "Refresh report" would clean the cache. Thanks for the help and guidance!