Mercurial > prosody-wiki
changeset 442:7308cd1cd354
mod_s2s_auth_dane.wiki: Fix link title and more comments in example DNS stuff
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 22 Mar 2014 13:39:59 +0100 |
| parents | 80ce8d7f7f56 |
| children | aed976928537 |
| files | mod_s2s_auth_dane.wiki |
| diffstat | 1 files changed, 15 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2s_auth_dane.wiki Sat Mar 22 13:30:47 2014 +0100 +++ b/mod_s2s_auth_dane.wiki Sat Mar 22 13:39:59 2014 +0100 @@ -32,18 +32,27 @@ xmpp.example.com serving the domain example.com. {{{ -$ORIGIN example.com -_xmpp-server._tcp IN SRV 0 0 5269 xmpp -xmpp IN A 192.0.2.68 -xmpp IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341 -_5269._tcp.xmpp IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +$ORIGIN example.com. +; Your standard SRV record +_xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com. +; IPv4 and IPv6 addresses +xmpp.example.com. IN A 192.0.2.68 +xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341 + +; The DANE TLSA records. These three are equivalent, you would use only one of them. +; First, using symbolic names: +_5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +; Using numbers: +_5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +; Raw binary format, should work even with very old DNS tools: +_5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 }}} [http://www.internetsociety.org/deploy360/dnssec/tools/ List of DNSSEC and DANE tools] = Further reading = -* [http://tools.ietf.org/html/draft-ietf-dane-ops TLSA implementation and operational guidance] +* [http://tools.ietf.org/html/draft-ietf-dane-ops DANE TLSA implementation and operational guidance] = Compatibility =