2 Dec
2019
2 Dec
'19
7:35 p.m.
On Mon, Dec 02, 2019 at 08:01:27PM +0200, Mark Elkins wrote:
I run a small ISP in South Africa - with about 2000 domains. About 200 of these are DNSSEC signed.
Hello Mark, good to see you're on the dane-users list.
For 49 of the 200 domains, my DANE survey is chronically unable to validate the TLSA RR of the secondary MX (secdns1.posix.co.za):
_25._tcp.secdns1.posix.co.za. IN TLSA 3 1 1 a82d33d63d9c4acea043007041c0c99839f1805e5755e54c9d32ced02cc790ea secdns1.posix.co.za[192.96.24.81]: STARTTLS 454 TLS currently unavailable secdns1.posix.co.za[2001:42a0::81]: STARTTLS 454 TLS currently unavailable
the MX host always declines STARTTLS. Is this deliberate? Or something that should/could be fixed?
--
Viktor.