[dns-operations] TLSA records on MX

Vernon Schryver vjs at rhyolite.com
Sat Jun 8 00:59:29 UTC 2013

> Jeroen Massar jeroen at massar.ch
> > As part of a push to get both Exim and Postfix supporting DANE with TLSA
> > records, per current IETF drafts, I'm wondering if anyone here has

> Do you have a guide/howto for doing the whole setup?

If you have x.509 certficates, then current versions of BIND have a
shell script in contrib/dane that uses openssl to generate any of the
TLSA record types.  Well, given the certificate in the RFC, it produces
the same ASCII text that is in the RFC.

Either the RFCs are tolerably clear about which domain names to give
records generated by that script, or I'm confused.  There's precious
little available for testing DANE.

Vernon Schryver    vjs at rhyolite.com

More information about the dns-operations mailing list