> On 17 Dec 2021, at 3:28 am, Jan-Pieter Cornet <[email protected]> wrote:
>
> I regret to inform you that XS4ALL stopped using DANE, both inbound for
> xs4all.nl and outbound.
>
> The reason is that the XS4ALL systems are being dismantled, and the customers
> are moving to KPN, who do not use nor publish DANE records.
Oh well, perhaps one of these days we can convince KPN to pick up the mantle...
> If anyone still has "xs4all.nl" in a "strict dane" list, please remove us. I
> saw a bounce from one.comindicating that possibly one of their systems still
> expects DANE records for xs4all.nl.
This is odd, because the whole of DANE is one generally does not
need to pin local DANE policy, it is enforced when the TLSA records
are published for the MX hosts, and not otherwise.
I can't rule out local policy enforcing DANE, but this should only
happen by prior coordination with and consent of the receiving
systems. Otherwise, ... expect breakage.
Survey says, ... you're no longer doing DANE:
https://stats.dnssec-tools.org/explore/?xs4all.nl
--
Viktor.
