Diff

mod_s2s_auth_dane/README.markdown @ 2492:63fb612d6ec5

mod_s2s_auth_dane/README: Simplify zone file examlpe
author Kim Alvefur <zash@zash.se>
date Sun, 12 Feb 2017 17:05:28 +0100
parent 1965:3d8e2480fae0
child 2493:a6486881fe42
line wrap: on
line diff
--- a/mod_s2s_auth_dane/README.markdown	Sun Feb 12 19:27:50 2017 +0100
+++ b/mod_s2s_auth_dane/README.markdown	Sun Feb 12 17:05:28 2017 +0100
@@ -63,12 +63,10 @@
     xmpp.example.com. IN A 192.0.2.68
     xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341
 
-    ; The DANE TLSA records.  These three are equivalent, you would use only one of them.
-    ; First, using symbolic names:
-    _5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
-    ; Using numbers:
+    ; The DANE TLSA records.
     _5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
-    ; Raw binary format, should work even with very old DNS tools:
+
+    ; If your zone file tooling does not support TLSA records, you can try the raw binary format:
     _5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
 
 [List of DNSSEC and DANE