>> There are 165 "postfix-users" subscriber domains that have MX >> records and MX hosts in DNSSEC signed zones. You've done the hard >> part of deploying DNSSEC, deploying DANE TLSA for email is >> comparatively simple. > >One would think so, but: I asked my main domain provider >domaindiscount24 >which introduced DNSSEC last year when they will offer TLSA, DS and >SSHFP >records also. Their answer: Currently the requested features aren't >available and we can make no statement if and when they will be >available. > >Actually I don't understand this. They did the major task of >implementing >DNSSEC and aren't able to offer the 3 most important DNS types to >actually >get a benefit from DNSSEC.
You could still just switch to a provider that offers what you need and tell them why. That takes some time and effort but it's worth it. Probably won't change much but you get the features you want. I did that some time ago, my former provider still hasn't changed anything but i don't cae anymore. -- Christian
