[dns-operations] Lack of tlsa support
Warren Kumari
warren at kumari.net
Wed May 27 19:40:47 UTC 2015
On Wed, May 27, 2015 at 3:02 PM, Joe Abley <jabley at hopcount.ca> wrote:
>
>
> On 27 May 2015, at 19:14, Warren Kumari wrote:
>
>>> For what it's worth, I have no problem getting a reasonable (negative)
>>> response to ACCOUNTANT/IN/TLSA or SOMETHING.ACCOUNTANT/IN/TLSA from
>>> 156.154.144.195 with EDNS0.DO=1 or without EDNS0. Perhaps I'm special :-)
Yah, /I/ know you are special -- but I don't know how 156.154.144.195
knows you are.
Can you include a dig (or similar) showing you asking the question and
getting an answer (not a timeout?). I've queried from multiple places
with no love...
W
>>
>>
>> Unable to parse.
>
>
> Unsure why. :-)
>
>> Are you saying that you *are* getting a reasonable
>> (negative) response to ACCOUNTANT/IN/TLSA?
>
>
> Yes. And also to SOMETHING.ACCOUNTANT, both with EDNS0.DO=1 and with no
> EDNS0 (see above).
>
>
> Joe
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
More information about the dns-operations
mailing list