ANN: DANE testing (sink at dane.sys4.de)
Benny Pedersen
me at junc.eu
Thu Apr 9 01:14:19 CEST 2015
Patrick Ben Koetter skrev den 2015-04-08 19:57:
> If you need a DNSSEC-enabled destination to test your DANE setup, send
> a
> message to sink at dane.sys4.de. It will accept your message and discard
> it.
+1
> Check your log for a line "to dane.sys4.de". If it reads "Verified TLS
> connection" (Postfix) your DANE setup works properly.
posttls-finger example.org
where example.org here is the dane test domain, much more simple test
if postfix already is configured as a dane client
> Here's a log example:
>
> Apr 8 19:52:31 mail postfix/smtp[28741]: Verified TLS connection
> established to dane.sys4.de[2001:1578:400:111::3:1]:25: TLSv1.2 with
> cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
yes
named.conf:
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
main.cf:
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
from then on just use posttls-finger without any options
posttls-finger dane.sys4.de
More information about the dane-users
mailing list