[swinog] Re: Swiss Domain Security Report Q3 2022

2023-06-08 Diskussionsfäden Franco Hug via swinog
Hi swinog / init7 Thanks @adrian for the report and @daniel for pointing out the NXDOMAIN issue. Maybe this is well-known, but I would like to point out that this swinog list has a problem with DKIM and SPF. 1) DKIM: not valid ("message has been altered") because of the email forwarding

[swinog] Re: DNSSEC auto-disabled by SWITCH on some .ch domains?

2023-05-02 Diskussionsfäden Franco Hug via swinog
49765 8 1 73CD7B42648847E43C2CF6A1E4F2680F8C0C20A4 digilawyer.ch. 3600IN DS 13045 8 1 A5E02D7FF95BACE907F93197A23E45CB65DFF838 workforceag.ch. 3600IN DS 49996 8 1 98B42F52FE01CB6E593CB463C11E3C602C6F2BB1 On 01.05.23 17:33, Franco Hug wrote: > Tha

[swinog] DNSSEC auto-disabled by SWITCH on some .ch domains?

2023-05-01 Diskussionsfäden Franco Hug via swinog
Hey SWINOGgers, I noticed that DNSSEC was somehow auto-disabled at registry level for some .ch domains I am responsible for. For these domains, no DS records are published anymore in the .ch zone, dnsviz shows a broken chain of trust. However, registrar data still shows that DNSSEC is enabled,

[swinog] Re: DNSSEC auto-disabled by SWITCH on some .ch domains?

2023-05-01 Diskussionsfäden Franco Hug via swinog
Thanks Daniel for your helpful answers. Yes, CDS is also something I always wanted to try, but as usual: no hard pressure, no time... ;-) Benoît Panizzon wrote: > From their point of view, my 'algo 5' .ch domains have still DNSSEC active Basically the same behavior I had with my 'algo 7'

[swinog] Re: DNSSEC auto-disabled by SWITCH on some .ch domains?

2023-05-01 Diskussionsfäden Franco Hug via swinog
Hi all, Thanks for your replies, you basically backed my work assumption concerning deprecated algorithms, good to know. However, this raises some questions about the chosen proceeding of "just wiping" algo 5/7 and digest 1 DS records from the .ch zone... Affected domain holders should and

[swinog] DNSSEC auto-disabled by SWITCH on some .ch domains?

2023-04-30 Diskussionsfäden Franco Hug via swinog
Hey SWINOGgers, I noticed that DNSSEC was somehow auto-disabled at registry level for some .ch domains I am responsible for. For these domains, no DS records are published anymore in the .ch zone, dnsviz shows a broken chain of trust. However, registrar data still shows that DNSSEC is enabled,

Re: [swinog] What blacklists does @bluewin.ch use

2017-10-31 Diskussionsfäden Franco Hug
Hi Benoît, I don't know - but I do find this in their email headers: X-Bluewin-Spam: Cloudmark -> https://www.cloudmark.com At the bottom of that page you can even find the Swisscom logo. My 2 cents, hope they help! Gruass, Franco On 10/31/17 15:08, Benoit Panizzon wrote: Hello List A

Re: [swinog] Reject von hotmail.com

2016-03-19 Diskussionsfäden Franco Hug
Hoi zaema, Ich beobachte das gleiche Verhalten mit contabo.de, aus dem Netz 178.238.224.0/22, evtl. gar 178.238.224.0/20 ... > DE-GIGA-HOSTING-20100728 178.238.224.0 - 178.238.239.255 > CONTABO 178.238.224.0 - 178.238.227.255 Da scheint das

Re: [swinog] Has Bluewin a DNS Problem

2008-03-26 Diskussionsfäden Franco Hug
Hi Xaver, I had a similar problem when I set up the mail server on my virtual server and wanted to send mail to domains that are hosted by zoneedit.com. After searching a while, I think this is the way how it works: Step 1: == Bluewin does a reverse DNS lookup on your IP (195.141.232.78),