On 23/08/2022 14.15, Tobias Fiebig wrote:
Is there something I missed/should CNAME in NS be considered valid now? [...] However, it seems odd that RFC2181 and operational practice seem to diverge here.
This sounds like running a few tests in the wild might imply that such setup is OK. (compliant/valid/reliable) I believe that's a wrong approach in principle and risky in practice.
DNS servers are not even *obliged* to fail on non-compliant input, except for explicit requirements like in DNSSEC validation. They're *allowed* to fail, which is a thing depending on particular implementation and can change over time.
--Vladimir | knot-resolver.cz
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
