ten rounds with tlsa dane records

I had an issue with tlsa [my blog] which at replacement four times a year is going to be thing eventually- having duplicate records and both ipv4 and ipv6 made it kind of hard since it was correct but wrong.

It was my fault but one of those really weird bugs to figure out.  I want my five hours back.

Quite how dns zone files with the duplicate line* make this a problem is worth thinking on  in conjunction with web servers so i am glad it is me and not them.

*quite legitimate if your rolling keys in dnssec etc

One response

