[dns-operations] TLSA records on MX

Phil Pennock dnsop+phil at spodhuis.org
Fri Jun 7 16:34:28 UTC 2013


As part of a push to get both Exim and Postfix supporting DANE with TLSA
records, per current IETF drafts, I'm wondering if anyone here has
deployed both DNSSEC signing for a zone and TLSA records within that
zone for their MX hostnames?

So far, I know of six domains, one mine.

If folks can get back to me (off-list fine) and let me know of any they
have, and if they'd be willing to let their MX server be occasionally
probed during development for interop purposes, I'd appreciate it.  The
former (TLSA) without the latter (probe-okay) is fine.

The probes would consist of DNS lookups and connections on port 25 which
do an EHLO/STARTTLS/EHLO/QUIT sequence, no mail sending, and would be
light (very low volume), being manually triggered during development
testing to make sure that we interop with you.

My domain with such records is "spodhuis.org", and I'm happy for its
mail-server to be similarly probed for interop purposes.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130607/83e27dd7/attachment.sig>

More information about the dns-operations mailing list