Is there an RFC or draft that talks about what the right thing is to do when an unsigned CNAME points to a record in a signed zone?
That is, suppose we are doing validation. The CNAME doesn’t validate, because it’s not signed. When we look up the record the CNAME points to, do we set the DO bit? Do we validate the answer? Or do we assume that because the CNAME isn’t signed, we don’t need to validate what it points to? I think the answer is that we validate, but I’m curious to know what others think of this. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
