XS4ALL stopped using DANE

Sidsel Jensen sje at one.com
Fri Dec 17 10:32:42 CET 2021

Hi Guys

> On 17 Dec 2021, at 09.34, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>> On 17 Dec 2021, at 3:28 am, Jan-Pieter Cornet <johnpc at xs4all.net> wrote:
>> I regret to inform you that XS4ALL stopped using DANE, both inbound for xs4all.nl and outbound.
>> The reason is that the XS4ALL systems are being dismantled, and the customers are moving to KPN, who do not use nor publish DANE records.


> Oh well, perhaps one of these days we can convince KPN to pick up the mantle...

KPN are using Halons as far as I recall, so it should be possible. Time for a little Viktor nudging?

>> If anyone still has "xs4all.nl" in a "strict dane" list, please remove us. I saw a bounce from one.comindicating that possibly one of their systems still expects DANE records for xs4all.nl.
> This is odd, because the whole of DANE is one generally does not
> need to pin local DANE policy, it is enforced when the TLSA records
> are published for the MX hosts, and not otherwise.

We do not have any such local strict dane list - I suspect it might be a case of DNS TTLs, when the TLSA records where removed,
but I asked Jan-Pieter for at logsnippet off-list in order to investigate.

> I can't rule out local policy enforcing DANE, but this should only
> happen by prior coordination with and consent of the receiving
> systems.  Otherwise, ... expect breakage.
> Survey says, ... you're no longer doing DANE:
> 	https://stats.dnssec-tools.org/explore/?xs4all.nl
> --
> 	Viktor.

Kind Regards,
Sidsel Jensen
Team manager Mail & Abuse, Systems Engineer @ One.com <http://one.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20211217/24db655d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20211217/24db655d/attachment.asc>

More information about the dane-users mailing list