Comments on: Exchange Online Introduces DANE and DNSSEC for Outbound Email https://practical365.com/exchange-online-dnssec-dane/ Practical Office 365 News, Tips, and Tutorials Fri, 19 May 2023 07:58:10 +0000 hourly 1 https://wordpress.org/?v=6.3.2 By: Jan https://practical365.com/exchange-online-dnssec-dane/#comment-263533 Fri, 19 May 2023 07:58:10 +0000 https://practical365.com/?p=54649#comment-263533 David S, you can use Windows Server DNS.
DNSSEC has been supported and working since 2012 🙂

]]>
By: Adrian https://practical365.com/exchange-online-dnssec-dane/#comment-255643 Fri, 03 Mar 2023 20:51:41 +0000 https://practical365.com/?p=54649#comment-255643 In your example for the register put your domain practical365.com (_25.tcp.practical365.com. IN TLSA) but the SMTP was practical365-com.mail.protection.outlook.com this works? The DNS record for SMTP would be the record domain and the value for the certificate? You know if this will work with *.domain ??

]]>
By: David S. https://practical365.com/exchange-online-dnssec-dane/#comment-243301 Tue, 20 Sep 2022 20:08:52 +0000 https://practical365.com/?p=54649#comment-243301 In reply to David S..

I don’t know why 6 years and over 6500 votes isn’t enough to get DNSSEC in Azure DNS, but if someone here hasn’t voted (like it appears to do much good), they can vote on the Microsoft request to add DNSSEC to Azure DNS here: https://feedback.azure.com/d365community/idea/d403899e-8526-ec11-b6e6-000d3a4f0789

]]>
By: David S. https://practical365.com/exchange-online-dnssec-dane/#comment-243300 Tue, 20 Sep 2022 20:05:15 +0000 https://practical365.com/?p=54649#comment-243300 In reply to Tony Redmond.

Pretty crappy for this new feature to be completely locked out from people using Microsoft’s OWN DNS infrastructure since they can’t be bothered to enable it after several years of people demanding support. I thought when they finally announced DNSSEC/DANE support was coming that it would be contingent up on their own offering being able to support it on the DNS side. Sad to see their shortsightedness on the issue and inability to prioritize.

]]>
By: Tony Redmond https://practical365.com/exchange-online-dnssec-dane/#comment-238127 Wed, 30 Mar 2022 10:20:09 +0000 https://practical365.com/?p=54649#comment-238127 In reply to Siebe.

That depends on your partner. If their mail systems are configured to insist on communicating with servers that support DANE/DNSSEC and your system does not, email mightfail.

]]>
By: Siebe https://practical365.com/exchange-online-dnssec-dane/#comment-238124 Wed, 30 Mar 2022 09:36:48 +0000 https://practical365.com/?p=54649#comment-238124 We have several partners who require us to use DANE/DNSSEC for our Inbound email solution. We are moving away from our third party solution to Exchange Online for our inbound email in a few months. Can we expect issues with organizations unable to send messages to us.

]]>
By: Tony Redmond https://practical365.com/exchange-online-dnssec-dane/#comment-237615 Thu, 27 Jan 2022 00:09:56 +0000 https://practical365.com/?p=54649#comment-237615 In reply to Per Søderlind.

No. This is an Exchange Online implementation of DNSSEC and DANE.

]]>
By: Per Søderlind https://practical365.com/exchange-online-dnssec-dane/#comment-237614 Wed, 26 Jan 2022 23:55:35 +0000 https://practical365.com/?p=54649#comment-237614 Does this mean DNSSEC for Azure DNS is available “soon”?

]]>
By: Tony Redmond https://practical365.com/exchange-online-dnssec-dane/#comment-237577 Wed, 19 Jan 2022 17:07:28 +0000 https://practical365.com/?p=54649#comment-237577 In reply to Eric Sherman.

My reading is that Exchange will route everything as normal to the third-party service and leave it to that service to decide if the target destination domain is OK.

]]>
By: Eric Sherman https://practical365.com/exchange-online-dnssec-dane/#comment-237576 Wed, 19 Jan 2022 17:03:27 +0000 https://practical365.com/?p=54649#comment-237576 Tony,

Nice article, so how is Outbond DANE handled if you have a third party email gateway in front of the MS tenant. Our third party actually sends the email out for our Tenant. How is DANE TLSA handled in this case since the third party actually sends the email. I don’t have DANE setup on the third party email gateway either by the way. (which is TrendMicros)

]]>