On Thu, Apr 21, 2016 at 01:05:11PM +0200, Andreas Pothe wrote:
it seems that GMX will start publishing DANE TLSA records within the next few hours. DNSSec records were published yesterday. web.de had a delay of less than 48 hours between publishing DNSSec and TLSA, I think it will be the same at GMX (both are part of United Internet).
Yes:
https://www.ietf.org/mail-archive/web/uta/current/msg01511.html
So to the small number of domains with incorrect TLSA records, please fix or delete them, otherwise you're just losing email and causing grief to senders.
f2h.at hanisauland.at allispdv.com.br bebidaliberada.com.br conjur.com.br giantit.com.br idsys.com.br lojabrum.com.br netlig.com.br prodnsbr.com.br simplesestudio.com.br solucoesglobais.com.br ticketmt.com.br twsolutions.net.br reich-trade.ch 4nettech.com barbarassecret.com kkeane.com lastsip.com leatherfest.com missourivalleyambulance.com nctechcenter.com tntmonitoring.com bels.cz 101host.de 1post.de 3nw.de bieberium.de florian-lehner.de jenserat.de omni128.de dhautefeuille.eu chets.fr dinepont.fr planissimo.fr mailserver.guru nonoserver.info wetterstation-pliening.info peeters.io castleturing.net der-flo.net freeservices.net kuzenkova.net linlab.net steelyard.nl wm.net.nz acsemb.org auxio.org dotbsd-fr.org gazonk.org hlfh.space
If anyone knows the administrators of any of the above, please give them a not so gentle nudge.
On the DNSSEC front, still waiting on isphuset.no (nudged them again), and a few others to fix either non-response to TLSA queries, or incorrect "authenticated denial of existence":
Problem domains | DNS provider 41 isphuset.no 22 axc.nl 15 tse.jus.br 11 active24.cz 10 forpsi.net 8 netcup.net 5 shockmedia.nl
Note that for some of the above providers (like forpsi) the observed problems are edge-cases, with most domains working fine. Still, it would be great to have these issues resolved.