Hello,
apparently one shouldn't use CNAMEs for 'delegating' _domainkey records to another DNS server, but I see that some email service vendors use that - they have their customers add a CNAME pointing to their TXT record (one recent example that I was dealing with is atlassian.net (https://accessplanit.atlassian.net/wiki/spaces/HG/pages/417005970/SPF+DKIM+SMTP+Prevent+your+system+emails+being+caught+by+spam+filters) - probably so that they can rollover their DKIM keys without their customers needing to do anything.
I know that CNAME records can clash with other essential (MX, A, ...) records, but since a _domainkey subzone is quite specific and unlikely to be used for anything else, this should still work, right?
Or should I consider this an absolute 'no-no' and have my 'customers' add the complete TXT record?
Regards, Danilo -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
