# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1395491999 -3600
# Node ID 7308cd1cd35441b02ab945b8b326bf821a218581
# Parent  80ce8d7f7f56748a9561fa9a114f3e47cefd5569
mod_s2s_auth_dane.wiki: Fix link title and more comments in example DNS stuff

diff -r 80ce8d7f7f56 -r 7308cd1cd354 mod_s2s_auth_dane.wiki
--- a/mod_s2s_auth_dane.wiki	Sat Mar 22 13:30:47 2014 +0100
+++ b/mod_s2s_auth_dane.wiki	Sat Mar 22 13:39:59 2014 +0100
@@ -32,18 +32,27 @@
 xmpp.example.com serving the domain example.com.
 
 {{{
-$ORIGIN example.com
-_xmpp-server._tcp IN SRV 0 0 5269 xmpp
-xmpp IN A 192.0.2.68
-xmpp IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341
-_5269._tcp.xmpp IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
+$ORIGIN example.com.
+; Your standard SRV record
+_xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com.
+; IPv4 and IPv6 addresses
+xmpp.example.com. IN A 192.0.2.68
+xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341
+
+; The DANE TLSA records.  These three are equivalent, you would use only one of them.
+; First, using symbolic names:
+_5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
+; Using numbers:
+_5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
+; Raw binary format, should work even with very old DNS tools:
+_5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
 }}}
 
 [http://www.internetsociety.org/deploy360/dnssec/tools/ List of DNSSEC and DANE tools]
 
 = Further reading =
 
-* [http://tools.ietf.org/html/draft-ietf-dane-ops TLSA implementation and operational guidance]
+* [http://tools.ietf.org/html/draft-ietf-dane-ops DANE TLSA implementation and operational guidance]
 
 = Compatibility =