TXT v=spf1 +a +mx -all
uppercase TXT v=sPf1 +all
+passme.helo TXT v=spf1 +all
; Alias A record for the local host, under the name "server1"
-server1 A HOSTIPV4
+server1 A HOSTIPV4
+serverbadname A HOSTIPV4
+serverchain1 CNAME server1
+alternatename.server1 CNAME server1
; DANE testing
; a broken dane config where the name does not match in the cert, TA-mode, dane-requested
; NOTE: the server uses the example.net cert hence the mismatch
;
+; TLSA_AUTOGEN
; openssl x509 -in aux-fixed/exim-ca/example.net/CA/CA.pem -fingerprint -sha256 -noout \
; | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]'
;
;
DNSSEC danebroken7 A 127.0.0.1
-DNSSEC _1225._tcp.danebroken7 TLSA 2 0 1 3110db5e73708d6fc3ffed8dcd1eef2bcd3c35d8da86ed048a332cb9d9538a0f
+DNSSEC _1225._tcp.danebroken7 TLSA 2 0 1 68932e8eed228ff72a53c832aed4db07cecb099fe8bdf48952237f20724a1ab4
; the same, EE-mode
;
+; TLSA_AUTOGEN
; openssl x509 -in aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem -noout -pubkey \
; | openssl pkey -pubin -outform DER | openssl dgst -sha256 | awk '{print $2}'
;
DNSSEC danebroken8 A 127.0.0.1
-DNSSEC _1225._tcp.danebroken8 TLSA 3 1 1 5384398f502c423736dcc42295808f7a84769eb96d009816fa077e00bebc768e
+DNSSEC _1225._tcp.danebroken8 TLSA 3 1 1 61e0bb2042c975bc018a47b5961ac1ce8e84f162f2147e97f56736177bb8fc8e
; End