Dear Viktor,
Am 01.07.20 um 08:27 schrieb Viktor Dukhovni:
On Jul 1, 2020, at 4:01 AM, Paul Menzel wrote:
I like to inform you, after several years of waiting, the Deutsche
Forschungsnetz will finally offer a solution for using their mail
support with DNSSEC/DANE [1]. For whatever reason, they do not want
to fiddle/test with dfn.de, and, therefore, are going to introduce
the new domain dfnsec.de first.
The pilot phase is going to be from August 3rd to 31st, and they
are introducing faulty entries on Tuesday and Thursday from 10:00
to 14:00.
I take this to mean that dfn.de is planning to have DNSSEC signed MX
hosts with TLSA RRs under a new dfnsec.de domain. That's good news,
thanks!
Yes, it is meant as opt-in.
In terms of candidate DNSSEC-signed domains currently using dfn.de MX
hosts, that could/should consider switching to dfnsec.de, I currently
find the following 33 in the DNSSEC/DANE survey dataset:
[…]
A lot of the subdomains of mpg.de use the DFN-MailSupport separately,
and from those, to my knowledge, only us – molgen.mpg.de – have set up
DNSSEC. (The other few DNSSEC users do *not* use the DFN-MailSupport –
for example mpifr-bonn.mpg.de.)
It would be nice to see some of these join the pilot.
Yes, we will see. At least after the pilot phase, hopefully, the current
DNSSEC users will set up DANE.
Kind regards,
Paul
