Solved DNSSEC DANE TLSA

Hello,

I've been configuring my DNS server to work with DNSSEC, and also saw that DANE would help certify my servers with TLSA records.

While my DNSSEC configuration is OK, see dnsviz :
http://dnsviz.net/d/iaelu.net/dnssec/

I seem though to encounter some delay for the TLSA records to be propagated and to be able to validate my configuration with this other site that can validate the DANE for STMP servers :
https://dane.sys4.de/smtp/iaelu.net

I can see that FreeBSD.org is checked as OK with that last site, so I am wondering if it is just a question of propagation time, or a cache time problem for the dane.sys4.de site, or if I misconfigured anything (though I don't think so, but I can't be so sure now).

Any advice please ? :)
 
Hello,

I've been configuring my DNS server to work with DNSSEC, and also saw that DANE would help certify my servers with TLSA records.

While my DNSSEC configuration is OK, see dnsviz :
http://dnsviz.net/d/iaelu.net/dnssec/

I seem though to encounter some delay for the TLSA records to be propagated and to be able to validate my configuration with this other site that can validate the DANE for STMP servers :
https://dane.sys4.de/smtp/iaelu.net

I can see that FreeBSD.org is checked as OK with that last site, so I am wondering if it is just a question of propagation time, or a cache time problem for the dane.sys4.de site, or if I misconfigured anything (though I don't think so, but I can't be so sure now).

Any advice please ? :)

This is a old thread but I wonder if anyone has a good tutorial for installing DANE DNSSEC TLSA. I have googled and read and it seems very rarely used. I notice sendmail lists that DANE support is in recent version but its surely not built by the default and I can't find the correct /etc/make.conf lines to add for this. I read about the .mc config lines but confDANE is not supported by default. It seems the freebsd.org server has all this installed.
 
Back
Top