XS4ALL stopped using DANE

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Dec 17 09:34:22 CET 2021

> On 17 Dec 2021, at 3:28 am, Jan-Pieter Cornet <johnpc at xs4all.net> wrote:
> I regret to inform you that XS4ALL stopped using DANE, both inbound for xs4all.nl and outbound.
> The reason is that the XS4ALL systems are being dismantled, and the customers are moving to KPN, who do not use nor publish DANE records.

Oh well, perhaps one of these days we can convince KPN to pick up the mantle...

> If anyone still has "xs4all.nl" in a "strict dane" list, please remove us. I saw a bounce from one.comindicating that possibly one of their systems still expects DANE records for xs4all.nl.

This is odd, because the whole of DANE is one generally does not
need to pin local DANE policy, it is enforced when the TLSA records
are published for the MX hosts, and not otherwise.

I can't rule out local policy enforcing DANE, but this should only
happen by prior coordination with and consent of the receiving
systems.  Otherwise, ... expect breakage.

Survey says, ... you're no longer doing DANE:



More information about the dane-users mailing list