>> If I look up foo and it has an ANAME to bar, which of these do I get >> back? > > ; ANSWER SECTION > foo. A 1.2.3.4
Who provides the DNSSEC proof for this record? AIUI, there is no A 1.2.3.4 in the "foo." zone originally, but there is an ANAME. How, then, does this avoid DNSSEC-signing-on-the-fly (which may be impossible)? > ; ADDITIONAL SECTION > foo. ANAME bar. > bar. A 1.2.3.4 These two can of course easily be DNSSEC-signed, using the traditional model, as all this data would be "where it belongs". Regards, - Håvard _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
