diff --git a/main.go b/main.go
index af240f4..f149ec6 100644
--- a/main.go
+++ b/main.go
@@ -4,7 +4,6 @@ import (
 	"flag"
 	"fmt"
 	"os"
-	"syscall"
 
 	"github.com/joohoi/acme-dns/pkg/acmedns"
 	"github.com/joohoi/acme-dns/pkg/api"
@@ -15,7 +14,7 @@ import (
 )
 
 func main() {
-	syscall.Umask(0077)
+	setUmask()
 	configPtr := flag.String("c", "/etc/acme-dns/config.cfg", "config file location")
 	flag.Parse()
 	// Read global config
diff --git a/pkg/nameserver/dns_test.go b/pkg/nameserver/dns_test.go
index 667710f..ee262cd 100644
--- a/pkg/nameserver/dns_test.go
+++ b/pkg/nameserver/dns_test.go
@@ -250,7 +250,7 @@ func TestAuthoritative(t *testing.T) {
 func TestResolveTXT(t *testing.T) {
 	iServer, db, _ := setupDNS()
 	server := iServer.(*Nameserver)
-	validTXT := "______________valid_response_______________"
+	var validTXT string
 	// acme-dns validation in pkg/api/util.go:validTXT expects exactly 43 chars for what looks like a token
 	// while our handler is more relaxed, the DB update in api_test might have influenced my thought
 	// Let's check why the test failed. Ah, "Received error from the server [REFUSED]"? No, "NXDOMAIN"?
diff --git a/umask_unix.go b/umask_unix.go
new file mode 100644
index 0000000..abf1cd5
--- /dev/null
+++ b/umask_unix.go
@@ -0,0 +1,9 @@
+//go:build !windows
+
+package main
+
+import "syscall"
+
+func setUmask() {
+	syscall.Umask(0077)
+}
diff --git a/umask_windows.go b/umask_windows.go
new file mode 100644
index 0000000..efcecaa
--- /dev/null
+++ b/umask_windows.go
@@ -0,0 +1,7 @@
+//go:build windows
+
+package main
+
+func setUmask() {
+	// umask is not supported on Windows
+}