Yet another reason to validate on the stub... :) On Wed, Jul 24, 2024 at 8:37 AM Philip Homburg <pch-dnso...@u-1.phicoh.com> wrote:
> > Partially. I believe the DNSSEC validation and following the > > CNAME-chain have to be implemented in the same routine. This is > > because to perform an authenticated denial of existence, you first > > need to know which name and rrtype you want to prove does not exist. > > DNSSEC validation follows the CNAME-chain that is part of validation. > > However, the ultimate user of the data also has to follow the CNAME-chain > to avoid picking up unwanted additional records in the answer section. > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
