nanog mailing list archives

Re: DANE of SMTP Survey

From: Mark Tinka <mark@tinka.africa>
Date: Wed, 2 Jun 2021 14:57:38 +0200



On 6/2/21 11:07, Jeroen Massar via NANOG wrote:

As for solutions: better education, more improvements to the tools & making it easier. CDS records already help a lot. But 
we might also need to improve recovery mechanisms, as f-ups are made, and you don't want to be off this Internet thing for 
too long.

I think DNSSEC implementation needs to be made less scary for folk whoare apprehensive, and broken down into two steps, where step 1 is mostemphasized:


 * Enable DNSSEC on your resolvers. Does not require you to sign your
   zones. Does not require you to read up on what it takes to sign and
   maintain your zones. Does not require you to worry and test for the
   next 60 days whether DNSSEC will break your e-mail delivery, e.t.c.:

             dnssec-enable yes;
             dnssec-validation auto;

        Done! Two lines (BIND, in this case), and off you go.

 * Step 2 - take your time cluing up on getting your zone signed, and
   being part of the solution toward a more secure Internet. No
   pressure, at your pace.

Mark.

Current thread:

DANE of SMTP Survey Moritz Müller via NANOG (Jun 01)
- Re: DANE of SMTP Survey Jeroen Massar via NANOG (Jun 02)
  - Re: DANE of SMTP Survey Mark Tinka (Jun 02)
    - Re: DANE of SMTP Survey babydr DBA James W. Laferriere (Jun 03)
    - Re: DANE of SMTP Survey Mark Tinka (Jun 02)
    - Re: DANE of SMTP Survey babydr DBA James W. Laferriere (Jun 04)
    - Re: DANE of SMTP Survey Mark Tinka (Jun 08)
    - Re: DANE of SMTP Survey Mark Andrews (Jun 03)
  - Re: DANE of SMTP Survey Bjørn Mork (Jun 02)
    - Re: DANE of SMTP Survey Jeroen Massar via NANOG (Jun 02)
    - Re: DANE of SMTP Survey Scott Morizot (Jun 02)
    - Re: DANE of SMTP Survey Jeroen Massar via NANOG (Jun 02)
    - Re: DANE of SMTP Survey Mark Tinka (Jun 02)

(Thread continues...)