[dns-operations] Lack of tlsa support
Wessels, Duane
dwessels at verisign.com
Thu May 28 00:25:45 UTC 2015
> On May 27, 2015, at 10:32 AM, Joe Abley <jabley at hopcount.ca> wrote:
>
> It's not obvious that this is a problem for anybody, though; it's not like you'd expect to see a TLSA RRSet in there.
Isn't this truly a problem because if my cache is cold (for the zone in question) my recursive name server
could send it a query for "_443._tcp.www.example.accountant. TLSA" (to keep picking on them) which would then
just timeout?
DW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4676 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150528/69048bb4/attachment.bin>
More information about the dns-operations
mailing list