DANE of SMTP Survey
Mark Tinka
mark at tinka.africa
Wed Jun 2 12:57:38 UTC 2021
On 6/2/21 11:07, Jeroen Massar via NANOG wrote:
> As for solutions: better education, more improvements to the tools & making it easier. CDS records already help a lot. But we might also need to improve recovery mechanisms, as f-ups are made, and you don't want to be off this Internet thing for too long.
I think DNSSEC implementation needs to be made less scary for folk who
are apprehensive, and broken down into two steps, where step 1 is most
emphasized:
* Enable DNSSEC on your resolvers. Does not require you to sign your
zones. Does not require you to read up on what it takes to sign and
maintain your zones. Does not require you to worry and test for the
next 60 days whether DNSSEC will break your e-mail delivery, e.t.c.:
dnssec-enable yes;
dnssec-validation auto;
Done! Two lines (BIND, in this case), and off you go.
* Step 2 - take your time cluing up on getting your zone signed, and
being part of the solution toward a more secure Internet. No
pressure, at your pace.
Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210602/8cc3fba6/attachment.html>
More information about the NANOG
mailing list