Hi Börn, Am Freitag, dem 14.06.2024 um 00:00 +0200 schrieb Björn Jacke via dane- users: > On 13.06.24 23:16, Erwin Hoffmann wrote: > > could somebody pls check > > > > ns1.samba.org? (from list.samba.org) > > > > I get strange results here. > > > > smtp.samba.org > > > > is just fine. > > see https://en.wikipedia.org/wiki/Nolisting > > If you use "nolisting" and use DANE, you should make sure to have > syntactically correct TLSA records for the nolisting MX hosts, which > ideally don't match any other existing cert. This is what > ns1.samba.org has: > > # host -t TLSA _25._tcp.ns1.samba.org > _25._tcp.ns1.samba.org has TLSA record 3 0 1 > 00000000000000000000000000000000000000000000000000000000 00000000 >
could you point me to a RFC, where this is specified? I don't think that neither 'nolisting' nor publishing a 'nullified' TLSA recored is a good idea. And yes, I get: dnstlsa -v ns1.samba.org dnstlsa: info: checking for TLSA records: _25._tcp.ns1.samba.org Usage: [3], Selector: [0], Type: [1] 0000000000000000000000000000000000000000000000000000000000000000 Regards. --eh. > Björn -- Dr. Erwin Hoffmann | www.fehcom.de PGP key-id: 20FD6E671A94DC1E PGP key-fingerprint: 8C6B 155B 0FDA 64F1 BCCE A6B9 20FD 6E67 1A94 DC1E
