Deployment news (comcast.net publishes TLSA RRs)
Patrick Domack
patrickdk at patrickdk.com
Sat Nov 21 03:12:49 CET 2015
I have been attempting to push more people to use dane, but it is hard.
More and more server admins keep asking to not send email to their
domains without tls verification or certificate pinning, but none of
them have heard of dane. Most don't even have dnssec even.
Quoting Viktor Dukhovni <ietf-dane at dukhovni.org>:
> On Tue, Nov 03, 2015 at 08:10:19PM +0000, Viktor Dukhovni wrote:
>
>> #Domains Provider
>> -------- ----------
>> 33 binero.se (resolution in progress)
>> 28 isphuset.no (issue acknowledged)
>> 15 axc.nl (notified)
>> 5 forpsi.net (notified)
>
> DNS at binero.se is now resolved. With ongoing scans in the
> mean-time, the number of affected domains I managed to find was
> briefly more than eighty, but now it is zero.
>
> The solution was actually a software update at neustar.biz (also
> known as UltraDNS.net) so this also addresses the same issue for
> all other ultradns.net customers (only one such domain in my scans,
> but my surveys are far from comprehensive). Progress continues.
>
> --
> Viktor.
More information about the dane-users
mailing list