Alex,
On 06/01/2025 22.02, Brotman, Alex wrote:
Looking at something relating to the day job, and I'm curious if there's any
method declared in the IETF world where the query side of the interaction can
understand that the response was fulfilled by a wildcard record. I've asked a
few folks, and I haven't gotten anything that suggests as though this is
possible. No one knew of any RFC or similar document that suggested this was
an option. I was curious if we're all missing something that could indicate
this type of response. If not, is it something that should exist?
Others have mentioned signed zones.
For unsigned zones, you cannot know from an answer, but you can send
queries for the wildcard record itself.
So if you query FOO.BAR.EXAMPLE and get an answer at the server for
EXAMPLE, you can query *.BAR.EXAMPLE and *.EXAMPLE at the same server
and see if the wildcard record exists at either of these.
Cheers,
--
Shane
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
