[Unbound-users] suggestion for ldan-dane
A. Schulze
sca at andreasschulze.de
Tue Sep 30 12:47:35 UTC 2014
Hello,
maybe it's a little bit off topic but I think its interesting anyway.
ldns-dane as part of http://nlnetlabs.nl/projects/ldns/
allow users to create TLSA records. By default the tool create 3-0-1 records
$ ldns-dane -c mail.example.org.pem create mail.example.org 25
_25._tcp.mail.example.org. 3600 IN TLSA 3 0 1 cafe...
Today I learned from Viktor Dukhovni it's strongly recommended to use
TLSA Records
type 3-1-1 ( Selector = SubjectPublicKeyInfo )
To generate recommended records I have to specify additional arguments:
$ ldns-dane -c mail.example.org.pem create mail.example.org 25 3 1 1
_25._tcp.mail.example.org. 3600 IN TLSA 3 1 1 beef...
Would it be possible to modify ldns-dane to simply create
the record in a recommended way?
Thanks,
Andreas
More information about the Unbound-users
mailing list