Validating an SMTP server
simsong at acm.org
Mon Sep 7 22:59:38 CEST 2015
Thanks for the email.
According to the report, the CNAME lookup of _25._tcp.open.nlnetlabs.nl is bogus. However it is not, so there is a problem with my CNAME chaser.
I'll check it out.
> On Sep 7, 2015, at 4:46 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> On Mon, Sep 07, 2015 at 08:10:38PM +0000, Viktor Dukhovni wrote:
>> And yet the validator claims the TLSA RRset is "bogus",
>> reports failure:
>> BOGUS DNS CNAME lookup _25._tcp.mta.openssl.org. = wildcard._dane.openssl.org.
>> Something's not quite right here...
> The issue seems to be systemic:
> BOGUS DNS CNAME lookup _25._tcp.nlnetlabs.nl = 3.1.1._dane-both.nlnetlabs.nl.
> BOGUS DNS CNAME lookup _25._tcp.mx.spodhuis.org. = _globnix-tlsa.spodhuis.org.
> BOGUS DNS CNAME lookup _25._tcp.wizmail.org. = _cert301.wizmail.org.
> All three are in fact fine. So the handling of TLSA CNAMEs seems
> to be broken.
More information about the dane-users