It has come to my attention that many udmedia.de hosted domains are now provisioned with DNSSEC and when email is also hosted, the associated udmedia.de MX hosts have DANE TLSA records.
This means that domains hosted for DNS and email by udmedia are automatically DANE-enabled. Out of the ~1600 DANE SMTP domains in my survey, somewhere between 50 and 100 are hosted by udmedia (a rescan of previously tested, but not recently re-tested domains is in progress and the final count is still an estimate).
Thanks udmedia.de, I hope to see more hosting providers follow their lead.
Am 28.07.2015 um 05:49 schrieb Viktor Dukhovni:
This means that domains hosted for DNS and email by udmedia are automatically DANE-enabled. Out of the ~1600 DANE SMTP domains in my survey, somewhere between 50 and 100 are hosted by udmedia
Can you give some more information about your survey, e. g. its targets, sources for the domain list etc. I didn't heard anything from udmedia until your post today although I'm German too...
THX Andreas
On Tue, Jul 28, 2015 at 12:04:22PM +0200, Andreas Pothe wrote:
Can you give some more information about your survey, e. g. its targets, sources for the domain list etc. I didn't heard anything from udmedia until your post today although I'm German too...
this heise article (sorry, German language only) might provide some background:
http://www.heise.de/netze/meldung/DNSSEC-Day-Kleine-Nachlese-2733115.html
-Peter
On Tue, Jul 28, 2015 at 12:04:22PM +0200, Andreas Pothe wrote:
Am 28.07.2015 um 05:49 schrieb Viktor Dukhovni:
This means that domains hosted for DNS and email by udmedia are automatically DANE-enabled. Out of the ~1600 DANE SMTP domains in my survey, somewhere between 50 and 100 are hosted by udmedia
Can you give some more information about your survey, e. g. its targets, sources for the domain list etc.
Around 75% of the domains are domaints that are tested at dane.sys4.de. The rest are from various additional sources such as the Alexa top 1.000.000 (web sites not email domains being tested for DANE, so the ratio of DANE to non-DANE is multiple orders of magnitude lower).
I didn't heard anything from udmedia until your post today although I'm German too...
At present I have 1648 domains that have passed SMTP DANE validation, 79 of them (final count) are hosted by UD Media. I know no more about them than is published on their website: https://udmedia.de.
I expect that the real number of DANE-enabled domains at UD Media is subtstantially larger than what my survey indicates, because domains that are DANE-enabled by a registrar (rather than the domain owner) are less likely to be tested at dane.sys4.de, and if they don't appear on Alexa, or another "compilation" of domains I'm using, then I won't find them.
Peter Koch (who also responded), is likely in position to do more comprehensive surveys of DNSSEC/DANE at .de domains. I hope he'll publish aggregate DNSSEC numbers for .de from time to time. I don't know whether he's in a position to also scan for associated TLSA records (at the domain's MX hosts).
Am 2015-07-28 17:19, schrieb Viktor Dukhovni:
On Tue, Jul 28, 2015 at 12:04:22PM +0200, Andreas Pothe wrote:
Am 28.07.2015 um 05:49 schrieb Viktor Dukhovni:
...
At present I have 1648 domains that have passed SMTP DANE validation, 79 of them (final count) are hosted by UD Media. I know no more about them than is published on their website: https://udmedia.de.
Hi Viktor,
after I have tested all our DANE-enabled domains this afternoon via dane.sys4.de, I've done the same with the DANE-domains we have sent emails in the last days. And I have another list of 500 subdomains of bayern.de (too much work to test them), if you are interested in them.
Regards, Michael
On Tue, Jul 28, 2015 at 09:06:16PM +0200, Michael Storz wrote:
After I have tested all our DANE-enabled domains this afternoon via dane.sys4.de, I've done the same with the DANE-domains we have sent emails in the last days. And I have another list of 500 subdomains of bayern.de (too much work to test them), if you are interested in them.
Thanks, yes I noticed all the new lrz domains this morning (45 on my list, right behind udmedia).
If you send me the domain list, I can bulk-test them and "keep an eye on them" in future tests. 500 new domains would significantly expand my curated dataset.
-- Viktor.
participants (4)
-
Andreas Pothe -
Michael Storz -
Peter Koch -
Viktor Dukhovni