Mercurial > prosody-wiki
comparison mod_s2s_auth_dane.wiki @ 442:7308cd1cd354
mod_s2s_auth_dane.wiki: Fix link title and more comments in example DNS stuff
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 22 Mar 2014 13:39:59 +0100 |
| parents | 80ce8d7f7f56 |
| children | 5f111a4e13fb |
comparison
equal
deleted
inserted
replaced
| 441:80ce8d7f7f56 | 442:7308cd1cd354 |
|---|---|
| 30 you need to publish TLSA records (and they need to have this plugin). | 30 you need to publish TLSA records (and they need to have this plugin). |
| 31 Here's an example using "DANE-EE Cert SHA2-256" for a host named | 31 Here's an example using "DANE-EE Cert SHA2-256" for a host named |
| 32 xmpp.example.com serving the domain example.com. | 32 xmpp.example.com serving the domain example.com. |
| 33 | 33 |
| 34 {{{ | 34 {{{ |
| 35 $ORIGIN example.com | 35 $ORIGIN example.com. |
| 36 _xmpp-server._tcp IN SRV 0 0 5269 xmpp | 36 ; Your standard SRV record |
| 37 xmpp IN A 192.0.2.68 | 37 _xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com. |
| 38 xmpp IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341 | 38 ; IPv4 and IPv6 addresses |
| 39 _5269._tcp.xmpp IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 | 39 xmpp.example.com. IN A 192.0.2.68 |
| 40 xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341 | |
| 41 | |
| 42 ; The DANE TLSA records. These three are equivalent, you would use only one of them. | |
| 43 ; First, using symbolic names: | |
| 44 _5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 | |
| 45 ; Using numbers: | |
| 46 _5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 | |
| 47 ; Raw binary format, should work even with very old DNS tools: | |
| 48 _5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 | |
| 40 }}} | 49 }}} |
| 41 | 50 |
| 42 [http://www.internetsociety.org/deploy360/dnssec/tools/ List of DNSSEC and DANE tools] | 51 [http://www.internetsociety.org/deploy360/dnssec/tools/ List of DNSSEC and DANE tools] |
| 43 | 52 |
| 44 = Further reading = | 53 = Further reading = |
| 45 | 54 |
| 46 * [http://tools.ietf.org/html/draft-ietf-dane-ops TLSA implementation and operational guidance] | 55 * [http://tools.ietf.org/html/draft-ietf-dane-ops DANE TLSA implementation and operational guidance] |
| 47 | 56 |
| 48 = Compatibility = | 57 = Compatibility = |
| 49 | 58 |
| 50 Requires 0.9 or above. | 59 Requires 0.9 or above. |