[dns-operations] TLSA records on MX
Doug Barton
dougb at dougbarton.us
Sat Jun 8 01:36:42 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 06/07/2013 09:34 AM, Phil Pennock wrote:
| Folks,
|
| As part of a push to get both Exim and Postfix supporting DANE with TLSA
| records, per current IETF drafts, I'm wondering if anyone here has
| deployed both DNSSEC signing for a zone and TLSA records within that
| zone for their MX hostnames?
|
| So far, I know of six domains, one mine.
|
| If folks can get back to me (off-list fine) and let me know of any they
| have, and if they'd be willing to let their MX server be occasionally
| probed during development for interop purposes, I'd appreciate it. The
| former (TLSA) without the latter (probe-okay) is fine.
|
| The probes would consist of DNS lookups and connections on port 25 which
| do an EHLO/STARTTLS/EHLO/QUIT sequence, no mail sending, and would be
| light (very low volume), being manually triggered during development
| testing to make sure that we interop with you.
|
| My domain with such records is "spodhuis.org", and I'm happy for its
| mail-server to be similarly probed for interop purposes.
I added the _25._tcp TLSA record, feel free to use my domain
(dougbarton.us) for such testing. My MX server is postfix 2.10.
hth,
Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAEBCAAGBQJRsoqqAAoJEFzGhvEaGryENqQH/1B+1/Uv8UHW20ojk8CYPZuE
B9HGpAJ6RbJSMxoxrNR22OxW8bY6SBsLNJKuxfAtIYxXFGsZ2X/88Gcir6E+hQRu
GmvvxNPOJcuWgBKAxuAVqhSCAuvh5y41t1mYYgMArk3Bnus30aErfhJdyaEK24s9
7kWJglenInzMMeG/x4d5bmxAdwC1ImcIFEy2fA8rnIRaVxwfV3bA6NvMHn860MrF
jBSCCbPwf0Bpfv+UzmnmxTMu7hYKKC2dtU0Ut6M0cNQaVR8k2SLY4rMxnVc8LKsc
RBrNnWv/dhcIF0v1P/s+SpCBBqqxkzh43d2b1TSdx1RYXXQfrch+7Ca/Jqij7ZU=
=mQDv
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list