In message
, Ted Lemon
writes:
> Which do you want? TLSA, or delegation? You can't have both.
>From a technical perspective a insecure delegation for .localhost
back to the root servers to break the DNSSEC chain of trust. You
can then populate a local .localhost how ever you see fit and hav
The point is that the current policy for the root precludes an
unsecure delegation.
On Sun, Nov 20, 2016 at 9:20 PM, Mark Andrews wrote:
>
> In message
> , Ted
> Lemon writes:
>> Which do you want? TLSA, or delegation? You can't have both.
>
> From a technical perspective a insecure delegati
In message
, Ted Lemon
writes:
> The point is that the current policy for the root precludes an
> unsecure delegation.
Please quote the relevent documents that preclude this. From
all I've seen this is a open issue.
Mark
> On Sun, Nov 20, 2016 at 9:20 PM, Mark Andrews wrote:
> >
> > In mes
Dear Mark,
thanks for your kind reply.
in RFC 2672,
"The synthesized CNAME RR, if provided, MUST have
The same CLASS as the QCLASS of the query,
TTL equal to zero,"
In RFC6672
"A CNAME RR with Time to Live (TTL) equal to the corresponding DNAME
RR is synthesized and inclu
