Dan Mahoney wrote
>> Here's an SMTP DANE validator that I use when I make changes to my server.
>> https://dane.sys4.de/
>>
>> I'm not sure if it is just what you're looking for, though.
>
> No, I am looking for a server to which I can send mail to make sure DANE is
> being looked up and used
On Mon, Jan 03, 2022 at 09:47:44AM -0800, Dan Mahoney wrote:
> Also...the server I'm sending to has a legit signed cert that matches
> its hostname, so the message I get is:
>
> Trusted TLS connection established to prime.gushi.org[149.20.68.142]:25:
> TLSv1.2 with cipher ECDHE-RSA-AES256-G
On 2022-01-03 23:02, Dan Mahoney wrote:
On Jan 3, 2022, at 1:46 PM, Mike wrote:
On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote:
[snip]
One more question: Does anyone know of a "reflector" like service
that one
can use to test DANE validation, i.e. a site that one is allowed to
send
test me
> On Jan 3, 2022, at 1:46 PM, Mike wrote:
>
> On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote:
>> [snip]
>>
>> One more question: Does anyone know of a "reflector" like service that one
>> can use to test DANE validation, i.e. a site that one is allowed to send
>> test messages to, that *onl
On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote:
>[snip]
>
> One more question: Does anyone know of a "reflector" like service that one
> can use to test DANE validation, i.e. a site that one is allowed to send
> test messages to, that *only* has DANE as the trust mech (so, say, a
> self-signed
On Mon, 3 Jan 2022, Dan Mahoney wrote:
This is a problem when your local resolver is slaving the root zone, as a standard root
zone "type slave" will hand . NS out with the AA bit set, but will not set the
AD bit.
There's a feature in more recent versions of BIND (mirror zones) that may fix
Dan Mahoney:
> > If you enable DNSSEC lookups, Postfix will log a warning when the root
> > zone appears unsigned. See:
> >
> >http://www.postfix.org/postconf.5.html#dnssec_probe
> >
> >This feature is available in Postfix 3.6 and later. It was
> >backported to Postfix versions 3.5.9
> On Jan 3, 2022, at 6:22 AM, Viktor Dukhovni
> wrote:
>
> On Mon, Jan 03, 2022 at 05:49:05AM -0800, Dan Mahoney (Gushi) wrote:
>
>> We run validating resolvers at the day job, but by default not on the box
>> where postfix runs. (I.e. we rely on the AD bit).
>
> "Relying in the AD bit" i
On Mon, Jan 03, 2022 at 05:49:05AM -0800, Dan Mahoney (Gushi) wrote:
> We run validating resolvers at the day job, but by default not on the box
> where postfix runs. (I.e. we rely on the AD bit).
"Relying in the AD bit" is independent of whether the validating
resolver is local or remote. How
