Problems with resolving a local tld
Vernon Schryver
vjs at rhyolite.com
Thu Feb 28 18:31:23 UTC 2013
> From: Tony Finch <dot at dotat.at>
> Another reason not to use made-up domain names: CAs are going to stop
> issuing X.509 certificates for them. (It baffles me why they ever did so.)
> http://ssl.entrust.net/blog/?p=1831
That's another reason to publish your own DANE records including
TLSA and SMIMEA.
Also consider this comment in that announcement:
This issue is particularly a problem with Microsoft Exchange
users where non-FQDN names are used frequently
I wish that would be enough to get Microsoft to teach Exchange to
use DANE.
Why am I not surprised to see that the "recommended solutions" of
https://www.cabforum.org/Guidance-Deprecated-Internal-Names.pdf linked
from that Entrust.net web page mentions DANE or DNSSEC not at all but
does include some less plausible "solutions"?
Vernon Schryver vjs at rhyolite.com
More information about the bind-users
mailing list