XS4ALL stopped using DANE
Sidsel Jensen
sje at one.com
Fri Dec 17 10:32:42 CET 2021
Hi Guys
> On 17 Dec 2021, at 09.34, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
>
>> On 17 Dec 2021, at 3:28 am, Jan-Pieter Cornet <johnpc at xs4all.net> wrote:
>>
>> I regret to inform you that XS4ALL stopped using DANE, both inbound for xs4all.nl and outbound.
>>
>> The reason is that the XS4ALL systems are being dismantled, and the customers are moving to KPN, who do not use nor publish DANE records.
>
:-(
> Oh well, perhaps one of these days we can convince KPN to pick up the mantle...
KPN are using Halons as far as I recall, so it should be possible. Time for a little Viktor nudging?
>
>> If anyone still has "xs4all.nl" in a "strict dane" list, please remove us. I saw a bounce from one.comindicating that possibly one of their systems still expects DANE records for xs4all.nl.
>
> This is odd, because the whole of DANE is one generally does not
> need to pin local DANE policy, it is enforced when the TLSA records
> are published for the MX hosts, and not otherwise.
>
We do not have any such local strict dane list - I suspect it might be a case of DNS TTLs, when the TLSA records where removed,
but I asked Jan-Pieter for at logsnippet off-list in order to investigate.
> I can't rule out local policy enforcing DANE, but this should only
> happen by prior coordination with and consent of the receiving
> systems. Otherwise, ... expect breakage.
>
> Survey says, ... you're no longer doing DANE:
>
> https://stats.dnssec-tools.org/explore/?xs4all.nl
>
> --
> Viktor.
>
Kind Regards,
Sidsel Jensen
Team manager Mail & Abuse, Systems Engineer @ One.com <http://one.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20211217/24db655d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20211217/24db655d/attachment.asc>
More information about the dane-users
mailing list