On Tue, 3 May 2016, Ray Bellis wrote:
another examples are : 1, when querying DNSSEC records for
www.example.com <http://www.example.com>, it normally needs querying
example.com too for DNSSEC verification.
Hmm... Isn't "EDNS chain query" supposed to solve this?
Yes.
2, DKIM exmaple in Appendix A of rfc5617
Appendix A. Lookup Examples
aaa.example A 192.0.2.1 (1)
_adsp._domainkey.aaa.example TXT "dkim=all" (2)
bbb.example MX 10 mail.bbb.example (3)
mail.bbb.example A 192.0.2.2 (4)
The RFC 5617 text following these examples describes those lookups as
sequential - I'd defer to the authors of those (John Levine reads this
list) as to whether it would be appropriate to perform those lookups in
parallel.
It would be nice if you do a qtype=mx lookup that you could get the
related records. Whether it is dmarc or tlsa or ipseckey. But what
happened is that we moved those type of records to a different location
from the qname. So that made this proposed feature a lot less
interesting.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
