On 17 Dec 2021, at 3:28 am, Jan-Pieter Cornet johnpc@xs4all.net wrote:
I regret to inform you that XS4ALL stopped using DANE, both inbound for xs4all.nl and outbound.
The reason is that the XS4ALL systems are being dismantled, and the customers are moving to KPN, who do not use nor publish DANE records.
Oh well, perhaps one of these days we can convince KPN to pick up the mantle...
If anyone still has "xs4all.nl" in a "strict dane" list, please remove us. I saw a bounce from one.comindicating that possibly one of their systems still expects DANE records for xs4all.nl.
This is odd, because the whole of DANE is one generally does not need to pin local DANE policy, it is enforced when the TLSA records are published for the MX hosts, and not otherwise.
I can't rule out local policy enforcing DANE, but this should only happen by prior coordination with and consent of the receiving systems. Otherwise, ... expect breakage.
Survey says, ... you're no longer doing DANE:
https://stats.dnssec-tools.org/explore/?xs4all.nl