Zitat von Viktor Dukhovni ietf-dane@dukhovni.org:
On Wed, Feb 04, 2015 at 09:12:03PM +0000, Viktor Dukhovni wrote:
As of today openprovider.eu seems to be resolved, leaving a top 10 list with:
121 citynetwork.se 10 grdns.cz 10 binero.se 7 metaregistrar.nl 6 swedenmail.com 5 dnscluster.nl 2 pretecno.it 2 papaki.gr 2 kniestdns.nl 2 forpsi.net
I am finally thrilled to announce that citynetwork.se are also done. A firewall was filtering out DNS queries with RRtypes it does not know about. Don't let your firewalls do this:
http://tools.ietf.org/html/draft-andrews-dns-no-response-issue-06#section-2....
The known broken domain count is now 87, and the top 9 list (47 domains total) is now:
10 registry@binero.se 10 admin@grdns.cz 7 beheer@metaregistrar.nl 6 alex@swedenmail.com 5 hostmaster@dnscluster.nl 3 hostmaster@papaki.gr 2 hostmaster@pretecno.it 2 hostmaster@kniestdns.nl 2 admin@forpsi.net
It is now reasonably "safe" to enable outbound DANE verification. While a few folks are still struggling to keep their DNSSEC zones signed correctly, and some others occasionally neglect to update TLSA records before installing new certificates, the problem volume is now rather low by comparison with the 1050+ domains that work.
Is there a list of some sort with the already known TLSA secured domains? Would be nice to see the pace of acceptance for different TLDs and so on.
Regards
Andreas