On 31.01.2014 02:22, Viktor Dukhovni wrote: >> You're a genius! Thank you so much, this is exactly what I wanted. >> >> If we ever meet in person, be sure to claim your well-deserved beer :-) > > Instead of buying me a beer, you can pay me back in kind and take > 5-10 minutes to read Section 1.2 (and its subsections 1.2.1, 1.2.2, > 1.2.3 and 1.2.4) of: > > > http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-05.html#rfc.section.1.2 > > then email me feedback about what could/should be more clear or > how the structure of the introduction could be improved.
I was at work until now but now I'm back and will read through it and provide feedback via mail. > Then, start planning to deploy DNSSEC for your domains. With care, > since one must not neglect to automate periodic re-signing of zone > files either daily or weekly, but in any case often enough to avoid > RRSIG expiration. Phew, that's a big one. I'm pretty much clueless on how DNSSEC works at all and already found configuring bind9/DNS relatively complicated to set up (admittedly with a non-trivial setup, but anyways). Why does DNS always have to be such a bitch to debug? Really frustrating. Oh well. Best regards, Johannes