DNSSEC and TLSA PoC Site
FAQ - How does it work?


FAQ
Here are some basic information links:

Why do I need DNSSEC
https://www.nic.cz/dnssec/

DNSSEC online test for clients
https://en.internet.nl/

How to enable DNSSEC validation on my DNS servers
http://www.internetsociety.org/deploy360/blog/2014/01/weekend-project-enable-dnssec-validation-on-your-dns-resolver/

DNSSEC Validator browser plugin for clients
https://www.dnssec-validator.cz/

DNSSEC Server online checking
http://dnssec-debugger.verisignlabs.com/
http://dnsviz.net/

DNSSEC Documents and RFCs
http://www.dnssec.net/rfc

DANE Documents and RFCs
https://datatracker.ietf.org/wg/dane/documents/

DANE/TLSA Sample pages
http://www.internetsociety.org/deploy360/resources/dane-test-sites/
http://dane.verisignlabs.com/

SMIMEA Test pages
https://www.smimea.info
https://dst.grierforensics.com

Current commercial mailgateway products supporting RFC8162
You can use any "classic" SMIME capable mailgateway to decrypt inbound mails which were encrypted using your SMIMEA key from DNS.
However, you need an RFC8182 capable mailgateway to encrypt outbound mails to mailpartners who publish their SMIMEA key in DNS.

DataEnter: XWall-Cryptofilter