Pilot phase for DNSSEC/DANE for DFN with dfnsec.de in August 2020

Paul Menzel pmenzel+dane-users at molgen.mpg.de
Wed Jul 1 13:16:06 CEST 2020

Dear Viktor,

Am 01.07.20 um 08:27 schrieb Viktor Dukhovni:
>> On Jul 1, 2020, at 4:01 AM, Paul Menzel wrote:
>> I like to inform you, after several years of waiting, the Deutsche
>> Forschungsnetz will finally offer a solution for using their mail
>> support with DNSSEC/DANE [1]. For whatever reason, they do not want
>> to fiddle/test with dfn.de, and, therefore, are going to introduce
>> the new domain dfnsec.de first.
>> The pilot phase is going to be from August 3rd to 31st, and they
>> are introducing faulty entries on Tuesday and Thursday from 10:00
>> to 14:00.
> I take this to mean that dfn.de is planning to have DNSSEC signed MX
> hosts with TLSA RRs under a new dfnsec.de domain.  That's good news,
> thanks!

Yes, it is meant as opt-in.

> In terms of candidate DNSSEC-signed domains currently using dfn.de MX
> hosts, that could/should consider switching to dfnsec.de, I currently
> find the following 33 in the DNSSEC/DANE survey dataset:


A lot of the subdomains of mpg.de use the DFN-MailSupport separately, 
and from those, to my knowledge, only us – molgen.mpg.de – have set up 
DNSSEC. (The other few DNSSEC users do *not* use the DFN-MailSupport – 
for example mpifr-bonn.mpg.de.)

> It would be nice to see some of these join the pilot.

Yes, we will see. At least after the pilot phase, hopefully, the current 
DNSSEC users will set up DANE.

Kind regards,


More information about the dane-users mailing list