-
From discussions with folks last year, and Michael today, I'm submitting a request for more support for Email-related record types:
TXT: DKIM, DMARC, SPF, TLSRPT, MTA-STS
TLSA
MX
MX should alr…
-
`ldns-dane` does not support starttls. Now we call it via Python as a subprocess and we provide the certificates through standard input. This leaves `ldns-dane` to query the local resolver (that needs…
-
The following are comments/questions from reviewing the [Verification Process](https://github.com/CIRALabs/high-assurance-dids-with-dns/blob/main/draft-ietf-high-assurance-dids-with-dns.md#verificatio…
-
I have a testing zone for multi-signer DNSSEC with three signers. One of the signers includes CDS/CDNSKEY records but other don't. DNSViz reports `EXISTING_TYPE_NOT_IN_BITMAP` error on the NSEC record…
-
How could I configure mail delivery to try with TLS, but if the receiving server doesn't support it, to fall back to unencrypted transmission?
: TLS is required, but was not offered by
host [m…
-
Great tool! Happy user. Would be even greater if you'd add a rollover-scheme to the cloudflare.
```
Such a scheme will be proven useful when there is a need to update your mail server certificate(s)…
jult updated
10 months ago
-
This allows servers which can’t obtain a valid certificate to prove they actually are legitimate, and shouldn’t be rejected as invalid as long as the DNSSEC chain isn’t broken and the DNS records for …
-
Greetings,
Whenever I add my TLSA record into my zone, I get the following message in log file;
`Oct 28 08:58:25 ns1 pdns[68717]: TCP Connection Thread died because of STL error, cycling backend…
-
References:
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
https://www.huque.com/bin/gen_tlsa
-
http://wiki.xmpp.org/web/Securing_DNS