# HG changeset patch # User Kim Alvefur # Date 1395491999 -3600 # Node ID 7308cd1cd35441b02ab945b8b326bf821a218581 # Parent 80ce8d7f7f56748a9561fa9a114f3e47cefd5569 mod_s2s_auth_dane.wiki: Fix link title and more comments in example DNS stuff diff -r 80ce8d7f7f56 -r 7308cd1cd354 mod_s2s_auth_dane.wiki --- a/mod_s2s_auth_dane.wiki Sat Mar 22 13:30:47 2014 +0100 +++ b/mod_s2s_auth_dane.wiki Sat Mar 22 13:39:59 2014 +0100 @@ -32,18 +32,27 @@ xmpp.example.com serving the domain example.com. {{{ -$ORIGIN example.com -_xmpp-server._tcp IN SRV 0 0 5269 xmpp -xmpp IN A 192.0.2.68 -xmpp IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341 -_5269._tcp.xmpp IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +$ORIGIN example.com. +; Your standard SRV record +_xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com. +; IPv4 and IPv6 addresses +xmpp.example.com. IN A 192.0.2.68 +xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341 + +; The DANE TLSA records. These three are equivalent, you would use only one of them. +; First, using symbolic names: +_5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +; Using numbers: +_5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +; Raw binary format, should work even with very old DNS tools: +_5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 }}} [http://www.internetsociety.org/deploy360/dnssec/tools/ List of DNSSEC and DANE tools] = Further reading = -* [http://tools.ietf.org/html/draft-ietf-dane-ops TLSA implementation and operational guidance] +* [http://tools.ietf.org/html/draft-ietf-dane-ops DANE TLSA implementation and operational guidance] = Compatibility =