Dear Viktor,
Am 01.07.20 um 08:27 schrieb Viktor Dukhovni:
On Jul 1, 2020, at 4:01 AM, Paul Menzel wrote:
I like to inform you, after several years of waiting, the Deutsche Forschungsnetz will finally offer a solution for using their mail support with DNSSEC/DANE [1]. For whatever reason, they do not want to fiddle/test with dfn.de, and, therefore, are going to introduce the new domain dfnsec.de first.
The pilot phase is going to be from August 3rd to 31st, and they are introducing faulty entries on Tuesday and Thursday from 10:00 to 14:00.
I take this to mean that dfn.de is planning to have DNSSEC signed MX hosts with TLSA RRs under a new dfnsec.de domain. That's good news, thanks!
Yes, it is meant as opt-in.
In terms of candidate DNSSEC-signed domains currently using dfn.de MX hosts, that could/should consider switching to dfnsec.de, I currently find the following 33 in the DNSSEC/DANE survey dataset:
[…]
A lot of the subdomains of mpg.de use the DFN-MailSupport separately, and from those, to my knowledge, only us – molgen.mpg.de – have set up DNSSEC. (The other few DNSSEC users do *not* use the DFN-MailSupport – for example mpifr-bonn.mpg.de.)
It would be nice to see some of these join the pilot.
Yes, we will see. At least after the pilot phase, hopefully, the current DNSSEC users will set up DANE.
Kind regards,
Paul