These are zones I do not control. I assume the recursive I'm using (which does support DNSSEC) is of no help here.
I'd be happier if everyone would sign, for a bunch of reasons. I'm sure many would be. -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > -----Original Message----- > From: Mark Andrews <ma...@isc.org> > Sent: Monday, January 6, 2025 4:43 PM > To: Brotman, Alex <alex_brot...@comcast.com> > Cc: dnsop@ietf.org > Subject: Re: [DNSOP] Flag for Wildcard Responses > > Sign the zone. Wildcard responses are visible in the DNSSEC records. The > RRSIG > label count is different and there will be NSEC/NSEC3 records that show > whether > the wild card response is valid or not. > -- > Mark Andrews > > > On 7 Jan 2025, at 08:04, Brotman, Alex > <Alex_Brotman=40comcast....@dmarc.ietf.org> wrote: > > > > Looking at something relating to the day job, and I'm curious if there's > > any > method declared in the IETF world where the query side of the interaction can > understand that the response was fulfilled by a wildcard record. I've asked > a few > folks, and I haven't gotten anything that suggests as though this is > possible. No > one knew of any RFC or similar document that suggested this was an option. I > was curious if we're all missing something that could indicate this type of > response. If not, is it something that should exist? > > > > (and if I'm in the wrong place, please be gentle) > > > > -- > > Alex Brotman > > Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > > > > > > _______________________________________________ > > DNSOP mailing list -- dnsop@ietf.org > > To unsubscribe send an email to dnsop-le...@ietf.org _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
