Name names. DNS is out there in public. There are a LOT of US .gov sites where the .gov is all signed, but it ends up in $BIGCLOUDPROVIDER that is not.
www.gsa.gov www.state.gov www.house.gov www.senate.gov www.cia.gov www.cisa.gov (*ehem*) www.get.gov (not even .gov is signed?!) Same thing for a lot of .mil. On Thu, Oct 31, 2024 at 3:34 PM Mark Andrews <ma...@isc.org> wrote: > > > > On 1 Nov 2024, at 09:15, Bob McDonald <bmcdonal...@gmail.com> wrote: > > > > If a host is defined as a CNAME chain where the domain of the host is > DNSSEC signed but the domain(S) of the target(s) in the CNAME chain are > not, does that mean that the entry really isn't DNSSEC protected? > > Correct. Every element of the chain needs to be DNSSEC signed (and > validated as secure) for it to be protected. > > > I can list an example dig for the host in question but I'm reluctant to > do so as it's a US gov host. > > > > Please advise. > > > > Regards, > > > > Bob > > -- > > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
