Setting up Dane again from start
Carsten Strotmann (sys4)
cs at sys4.de
Wed Feb 11 12:34:04 CET 2015
Hello Frank,
Frank Fiene wrote:
> 3.) Our DNS provider has added this to the domain and has signed it again (no idea why there is a blank!).
> _*._tcp.mail.veka.com. 3600 IN TLSA 3 0 1 04459A87D803EE5D2450114C09E8370DC51B27716431378CFA5560E1 53AED957
this is an incorrect use of an DNS wildcard.
See http://www.ietf.org/rfc/rfc4592
The asterisk must be the leftmost character in the domain name, an
asterisk inside a domain name is just that, an asterisk. The TLSA record
above does not match port 25.
The record
*._tcp.mail.veka.com. 3600 IN TLSA
would be valid, it would match all ports on the machine mail.veka.com,
but I'm not sure if that is useful.
Best regards
Carsten Strotmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150211/7490d0d5/attachment.pgp>
More information about the dane-users
mailing list