Sign the zone. Wildcard responses are visible in the DNSSEC records. The RRSIG label count is different and there will be NSEC/NSEC3 records that show whether the wild card response is valid or not. -- Mark Andrews
> On 7 Jan 2025, at 08:04, Brotman, Alex > <Alex_Brotman=40comcast....@dmarc.ietf.org> wrote: > > Looking at something relating to the day job, and I'm curious if there's any > method declared in the IETF world where the query side of the interaction can > understand that the response was fulfilled by a wildcard record. I've asked > a few folks, and I haven't gotten anything that suggests as though this is > possible. No one knew of any RFC or similar document that suggested this was > an option. I was curious if we're all missing something that could indicate > this type of response. If not, is it something that should exist? > > (and if I'm in the wrong place, please be gentle) > > -- > Alex Brotman > Sr. Engineer, Anti-Abuse & Messaging Policy > Comcast > > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
