2. Implementation resources

2.1 Documentation

2.1.1 Presentations

• Rafal Goslawski (MailerQ) on DANE, 7 Oct 2020, [slides, PDF]
• Viktor Dukhovni on "DANE/DNSSEC survey", 1 Nov 2019, [slides, PDF]
• SIDN webinar on DANE, 2 Sep 2019 (in Dutch) [video]
• Vittorio Bertola at Nordic Domain Days 2018, 20 Nov 2018 [slides, PDF]
• Viktor Dukhovni at NYLUG, 17 Oct 2018 [video]
• Wes Hardaker at ICANN63, Oct 2018 [slides, PDF]
• DANE session during One Conference, 2 Oct 2018 [slides Gerben Klein Baltink, Patrick Koetter and Jan-Pieter Cornet, PDF]
• Viktor Dukhovni at ICANN61, Mar 2018 [slides, PDF and audio, MP3]
• Webinar Men and Mice, Apr 2017 [slides and video]
• Anders Berggren at Netnod, December 2016 [slides, PDF]

2.1.2 Other materials

Factsheets, articles, blogs and posts

• "Response to the USG's proposal to use MTA-STS for securing E-Mail" by Viktor Dukhovni and Wes Hardaker (Sept 2021)
• "DANE in SMTP—the sky is not falling" by Viktor Dukhovni and Wes Hardaker (March 2020)
• "DANE & DNSSEC - ein schlagkräftiges Team" by Stefan Anders, Henry Kluge, Michael Röder (DFN-Verein)
• "Ask your email provider to secure your email connections with DANE" by Sanne Kamerling, NCSC-NL
• Blog "Better mail security with DANE for SMTP" by Dennis Baaten from Dutch Internet Standards Platform
• DANE for SMTP how-to by Dutch Internet Standards Platform
• Factsheet "DANE as Basis for Secure Data Transmission of Emails" (2019-08-14) by German CSA
• Factsheet "Email Transport Ecryption: STARTTLS vs. DANE vs. MTA-STS" (2020-01-31) by German CSA
• On key rotation, recommendation of 3 1 1 over 3 0 1
• "A sensible "3 1 1" + "3 1 1" key rotation approach"
• "Is it okay to publish a TLSA records for non-DNSSEC CNAME'ed services?"
• "TLSA record TTL values"
• Factsheet "Secure the connections of mail servers" by Dutch NCSC (also available in Dutch)
• "Please avoid “3 0 1” and “3 0 2” DANE TLSA records with LE certificates"
• "Let’s Encrypt certificates for mail servers and DANE" by Deploy360/ISOC
• "Testing DANE For Sending Secure Email at the Go6lab" by Deploy360/ISOC

Mistakes

• Common mistakes
• DANE fail list

2.2 Tooling

2.2.1 Deployment and monitoring

• danebot
• OpenSSL
• hash-slinger
• chaingen script (TAR download)
• Generate TLSA Record
• DANE SMTP checker
• check_ssl_cert (Nagios plugin to check the CA and validity of an X.509 certificate)
• SMTP DANE testing tool
• danectl, DANE implementation manager using certbot (also on GitHub)
• LetsDNS

2.2.2 Testing

Inbound

• DNSSEC and DANE data explore
• DANE SMTP Validator
• Check a DANE SMTP Service
• Email test on Internet.nl
• MECSA test tool by European Commission's Joint Research Centre (JRC)
• DANE server tester by NIST
• SSL-Tools
• DNSSEC and DANE validation test by Microsoft

Outbound

• Have DANE?
• Public Email & DNS Testbed
• Email Security Test (also inbound DANE test)