11 Feb
2015
11 Feb
'15
6:25 p.m.
On Wed, Feb 11, 2015 at 06:20:32PM +0100, Frank Fiene wrote:
That DNS setup looks better, thx.
For a shared key for multiple services that use distinct protocols:
_dane.mail.example.com. IN TLSA 3 1 1 <sha256 SPKI digest> _25._tcp.mail.example.com. IN CNAME _dane.mail.example.com. _110._tcp.mail.example.com. IN CNAME _dane.mail.example.com. _143._tcp.mail.example.com. IN CNAME _dane.mail.example.com. _587._tcp.mail.example.com. IN CNAME _dane.mail.example.com. _993._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
Note, I am not aware of any IMAP, POP or SMTP submission client software that uses DANE, so the records for ports other than 25 are largely pointless at present.
--
Viktor.