From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: DANE-Record for www.ipfire.org missing Date: Sat, 11 Nov 2017 15:47:01 +0000 Message-ID: <49C6D947-AA40-4A3A-8DBE-9F74B0713194@ipfire.org> In-Reply-To: <20171111163605.1e18520e.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3096784670128396689==" List-Id: --===============3096784670128396689== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable We usually don=E2=80=99t have that long TTLs and I actually found it quite li= kely that I could have forgotten one... > On 11 Nov 2017, at 3:36 pm, Peter M=C3=BCller w= rote: >=20 > Hello Michael, >=20 >> Hi, >>=20 >> I get this: >>=20 >> [ms(a)hughes ~]$ dig TLSA _443._tcp.ipfire.org >>=20 >> ; <<>> DiG 9.11.1-P3-RedHat-9.11.1-2.P3.fc26 <<>> TLSA _443._tcp.ipfire.org >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4259 >> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 >>=20 >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;_443._tcp.ipfire.org. IN TLSA >>=20 >> ;; ANSWER SECTION: >> _443._tcp.ipfire.org. 21600 IN CNAME _letsencrypt.certs.ipfire= .org. >> _letsencrypt.certs.ipfire.org. 21600 IN TLSA 2 1 1 60B87575447DCBA2A= 36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18 >>=20 >> ;; Query time: 66 msec >> ;; SERVER: 192.168.191.1#53(192.168.191.1) >> ;; WHEN: Fri Nov 10 22:18:02 GMT 2017 >> ;; MSG SIZE rcvd: 129 >>=20 >> What is it you are getting? > The same now. Not sure what caused the delay here. Anyway, it works. :-) >=20 > Best regards, > Peter M=C3=BCller >>=20 >> If you want to avoid the caches, just query >> ns[123].lightningwirelabs.com. >>=20 >> -Michael >>=20 >>> On Fri, 2017-11-10 at 20:59 +0100, Peter M=C3=BCller wrote: >>> Hello Michael, >>>=20 >>> during some tests, I noticed that the DANE record for >>> www.ipfire.org is still missing. In the first place, I >>> thought this was because of some DNS reply caching, but >>> it isn't. >>>=20 >>> Just for the record, should be an easy change. >>>=20 >>> Apart from that all DANE records seem to be present. >>>=20 >>> I will deal with the Postfix configuration on IPFire's MX >>> next week (need to work at the weekend). >>>=20 >>> Best regards, >>> Peter M=C3=BCller =20 >=20 --===============3096784670128396689==--