CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12
Evan Hunt
each at isc.org
Sat Mar 10 18:40:17 UTC 2018
On Sat, Mar 10, 2018 at 06:30:41PM +0000, Tony Finch wrote:
> I have said this already so I'm at risk of being a bore, but it would be
> super cool if BIND could make use of the DS records (or PNEs) it gets in
> referrals, instead of re-fetching them during validation. It should
> provide a nice speed-up, as well as allowing the validator to avoid
> looking into insecure subtrees, which will have the side-effect of
> avoiding problems with apex CNAMEs.
Yep, that's one of the approaches we've discussed.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list