Hi Victor, On Jun 23, 2018, at 17:04, Viktor Dukhovni <[email protected]> wrote:
> [...] > Yes, but if they have the NSEC bitmap, they can follow the XNAME > without asking again. > [...] > That's already handled by NSEC/NSEC3. I think a pragmatic solution needs to work in unsigned zones. The demand for this kind of functionality is from the same customers who are relying upon non-standard response tricks from enterprise DNS providers as part of wider requirements for things like geo-steering and site failover. Many of those enterprise DNS providers don't support those tricks in signed zones (in part, no doubt, because doing so would be complicated and there has not been significant demand for it, by which I mean customers willing to pay more for it). If an XNAME proposal was to solve real-world problems for these people it would need to work with or without DNSSEC. (And I wasn't entirely serious about calling the wildcard RRTYPE * :-) Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
