DANE / DNSSEC and MTA-STS is no problem with Citadel to setup. 

I have running it. The only problem for DANE is, not all DNS offer TLSA as own entry. A "fake" entry over TXT doesnt work anymore. 

If youre using Cloudflare, you are fine to get all things running. 

Cheers

Mike

Mi Mai 22 2024 11:15:20 UTC von Nurb432

Moving people to ' centralized DNS' a goal perhaps?  To better control, block, and monitor...and of course: 'profit!'

 

"sorry, you are not in the club, your DNS infrastructure does not count, so piss-off"

Wed May 22 2024 07:10:08 EDT from darknetuser

I was reading at ADMIN Magazine that there is a bit of a push to get DANE set up for your smtp. I have never noticed it being enforced, but just as with DMARC and company, if it reaches a certain mass it will be, which SUCKS, because in order to have DANE work in sync with your certificates you either need a DNS provider with an API you can use to rekey, or you need to run your own DNS infrastructure, or you need to do rekey manually. Which SUCKS.