Making real use of DNSSEC: DANE

By now we can safely say that DNSSEC as a standard is here to stay. It may not be pretty or completely practical, but it is possible to implement it relatively easily. DNSSEC provides a little bit more assurance on the integrity of the DNS query results. This extra assurance does enable some other interesting applications, to increase the integrity of other systems. This is done through the standard called DANE: DNS-based Authentication of Named Entities. In this post I’ll walk through a couple of examples.

Update 23/7/2015:  Added email TLSA record instructions

Update 23/7/2015:  Corrected email TLSA record instructions

Continue reading