On Sun, Jan 23, 2022 at 10:06:38PM +0100, Maurizio Caloro wrote:
> In the mean time installed DANE on local machine, but my DNS-Provider
> dont Support this feature?
If your domain is hosted by a "managed DNS" provider, with some
sort of web API for adding records, and there is no interface
for adding TLSA records, you're out of luck unless they support
the "unknown" DNS record format:
https://datatracker.ietf.org/doc/html/rfc3597
For TLSA records that would be, for example:
_25._tcp.smtp.example.com. IN TYPE52 \# 35 (
03 01 01
931ae3524f5dcf103b4c50eaf6db5ec1
4f5e209c3ec44f14141f4dcad20beed7 )
which is a generic encoding of:
_25._tcp.smtp.example.com. IN TLSA 3 1 1
931ae3524f5dcf103b4c50eaf6db5ec14f5e209c3ec44f14141f4dcad20beed7
If your provider supports neither "TLSA" records, nor the generic
(unknown type) encoding, switch to a more competent DNS provider.
--
Viktor.
