Problems with resolving a local tld

Robert Moskowitz rgm at htt-consult.com
Thu Feb 28 18:46:51 UTC 2013


On 02/28/2013 01:31 PM, Vernon Schryver wrote:
>> From: Tony Finch <dot at dotat.at>
>> Another reason not to use made-up domain names: CAs are going to stop
>> issuing X.509 certificates for them. (It baffles me why they ever did so.)
>> http://ssl.entrust.net/blog/?p=1831
> That's another reason to publish your own DANE records including
> TLSA and SMIMEA.

I have been on a thread over on the postfix list where DANE support and 
such is being discussed. Will get there eventually.

> Also consider this comment in that announcement:
>      This issue is particularly a problem with Microsoft Exchange
>      users where non-FQDN names are used frequently
> I wish that would be enough to get Microsoft to teach Exchange to
> use DANE.
>
> Why am I not surprised to see that the "recommended solutions" of
> https://www.cabforum.org/Guidance-Deprecated-Internal-Names.pdf linked
> from that Entrust.net web page mentions DANE or DNSSEC not at all but
> does include some less plausible "solutions"?





More information about the bind-users mailing list