It appears that Bellebaum, Thomas <thomas.belleb...@aisec.fraunhofer.de> said: >> Without being able to cite chapter and verse of a relevant RFC, I >> would say that the client (stub resolver?) ought to toss RRsets >> which are unrelated to the resolution of the original queried-for >> name. > >That is what we would have expected, and what seems to be implemented >in many popular DNS resolvers. Some of them do not even look at >unrelated records and simply follow the CNAME chain to the requested >RRs. > >We figured there must either have been universal silent agreement on >this in the WG or this must have come up at some point (possibly while >working on DNSSEC?).
That's cache poisoning. Search for "Eugene Kashpureff" to learn all about it. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
