[exim] DANE TLSA records for exim.org?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-users
Sujet: [exim] DANE TLSA records for exim.org?
Until roughly today, at least the primary MX host for "exim.org" had
DANE TLSA records. Today, they're gone (I hope temporarily). And
ideally (subject to real world constraints, and all that), it would
even be could for the secondary MX to be signed and have TLSA RRs.

    ; NOERROR AD=1
    exim.org. IN MX 10 cumin.exim.org.
    exim.org. IN MX 15 mx2.wizmail.org.


    ; NOERROR AD=1
    cumin.exim.org. IN A 37.120.190.30
    ; NOERROR AD=1
    cumin.exim.org. IN AAAA 2a03:4000:6:b381::2
    ; NXDOMAIN AD=1
    _25._tcp.cumin.exim.org. IN TLSA ?


    ; NOERROR AD=0
    mx2.wizmail.org. IN A 85.158.153.59
    ; NOERROR AD=0
    mx2.wizmail.org. IN AAAA 2a00:1940:2:3::2:59


And of course, if DANE to be done, take your time, do it well
(monitoring, and a robust rollover process).

-- 
    Viktor.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/