Setting up Dane again from start

Carsten Strotmann (sys4) cs at
Wed Feb 11 12:34:04 CET 2015

Hello Frank,

Frank Fiene wrote:
> 3.) Our DNS provider has added this to the domain and has signed it again (no idea why there is a blank!).
> 	_*	3600	IN	TLSA	3 0 1 04459A87D803EE5D2450114C09E8370DC51B27716431378CFA5560E1 53AED957

this is an incorrect use of an DNS wildcard.


The asterisk must be the leftmost character in the domain name, an
asterisk inside a domain name is just that, an asterisk. The TLSA record
above does not match port 25.

The record
*	3600	IN	TLSA	
would be valid, it would match all ports on the machine,
but I'm not sure if that is useful.

Best regards

Carsten Strotmann

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the dane-users mailing list