-
References:
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
https://www.huque.com/bin/gen_tlsa
-
Hi @MollyMcEvilley ,
Under #1060 [HHFleeingDV] in Sample Code was updated as:
![image](https://github.com/HMIS/LSASampleCode/assets/28144855/2bdf3a92-ac9b-4515-82ad-24cf047a485c)
Spec has next …
-
Does passivedns support fragmented IP packets? Or what else fishy is going on here?
It seems they don't get handled too wel, eg
dig -t tlsa _443._tcp.www.dougbarton.us +dnssec @8.26.56.26
doesn't ge…
-
I have a testing zone for multi-signer DNSSEC with three signers. One of the signers includes CDS/CDNSKEY records but other don't. DNSViz reports `EXISTING_TYPE_NOT_IN_BITMAP` error on the NSEC record…
-
Great tool! Happy user. Would be even greater if you'd add a rollover-scheme to the cloudflare.
```
Such a scheme will be proven useful when there is a need to update your mail server certificate(s)…
jult updated
10 months ago
-
See https://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html and https://mail.sys4.de/pipermail/dane-users/2020-September/000579.html about including the `TLSA 2 1 1` for Let's Encrypt emergency backup E…
-
Issues to explore/resolve. Some of these might require an "ask" from IETF and/or W3C
1. DNS record types to support high assurance DIDs
DID (_did) type for specifying did:methods to invoke oth…
-
Clone and build:
```
git clone https://github.com/handshake-org/libhns
cd libhns
./buildconf
./configure
make
```
Output of interest:
```
CC hdig-hdig.o
hdig.c:150:17: error: …
-
It would be nice allow manual configuration of additional records for each host. Examples would be MX, multiple SRV records, TLSA (for DANE).
-
From mail GT (13th of June, 2022):
> V. points out that although the zone is signed and replies are
> secure, in the case of these NXDOMAIN responses (and for NODATA answers;
> so negative answ…
baknu updated
2 years ago