Update on stats 2019-11
ietf-dane at dukhovni.org
Mon Dec 2 19:35:31 CET 2019
On Mon, Dec 02, 2019 at 08:01:27PM +0200, Mark Elkins wrote:
> I run a small ISP in South Africa - with about 2000 domains. About 200
> of these are DNSSEC signed.
Hello Mark, good to see you're on the dane-users list.
For 49 of the 200 domains, my DANE survey is chronically unable to
validate the TLSA RR of the secondary MX (secdns1.posix.co.za):
_25._tcp.secdns1.posix.co.za. IN TLSA 3 1 1 a82d33d63d9c4acea043007041c0c99839f1805e5755e54c9d32ced02cc790ea
secdns1.posix.co.za[18.104.22.168]: STARTTLS 454 TLS currently unavailable
secdns1.posix.co.za[2001:42a0::81]: STARTTLS 454 TLS currently unavailable
the MX host always declines STARTTLS. Is this deliberate? Or something
that should/could be fixed?
More information about the dane-users