Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote:
> My web server doesn't have an API it can use to update
> ESNIKeys in the DNS. Many implementations/deployments may
> have such an API but in my case, the zone file that
> includes the ESNIKeys RR is on another machine and the
> web server doesn't have write access to that. I do
> control both machines as it happens, but I still don't
> want to give general write-access to the web server.When you say, "general write-access", did you mean that you didn't want to setup Dynamic DNS to be able to update the QNAMEs involved, because that usually permits the web server to delete A and AAAA records, as well as updating the ESNI ? Or did you mean "general write-access", meaning NFS or something like that? -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
