> On 1 Nov 2024, at 09:15, Bob McDonald <bmcdonal...@gmail.com> wrote:
>
> If a host is defined as a CNAME chain where the domain of the host is DNSSEC
> signed but the domain(S) of the target(s) in the CNAME chain are not, does
> that mean that the entry really isn't DNSSEC protected?
Correct. Every element of the chain needs to be DNSSEC signed (and validated
as secure) for it to be protected.
> I can list an example dig for the host in question but I'm reluctant to do so
> as it's a US gov host.
>
> Please advise.
>
> Regards,
>
> Bob
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
