On 8/23/22 7:00 AM, Tobias Fiebig wrote:
Context: I am currently dealing with academic reviewers claiming that not using CNAMEs for NS is, quote, "[...] by the spec, [..] true, [but] also commonly ignored in practice.
Obeying the speed limit is "[...] by the spec, [...] true, [but] also commonly ignored in practice" doesn't mean that speeding is legal.
It /MAY/ be an indication that the law / speed limit or RFC / CNAME spec needs to be changed.
However there is a process to go about doing both of those things. In the mean time, don't speed. Or at least don't be upset when you get stopped or your CNAME NS records fail to operate as desired.
I would personally argue "RFC says no" still holds, and I think you already gave me another good argument to make why exclusion of CNAME NS is valid in our case.
I want to say "be liberal in what you accept and conservative in what you send" but "brown M&Ms".
I do encourage you to stand your ground and not support CNAMEs for NS records. Or at most call it out as an "undefined behavior" that you will not expend effort to make work.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
