[dns-operations] Lack of tlsa support
Mark Andrews
marka at isc.org
Thu May 28 01:32:12 UTC 2015
In message <0CFF2137-A8B7-44BB-A2A7-6BD3CD0DB34B at verisign.com>, "Wessels, Duane
" writes:
> > On May 27, 2015, at 10:32 AM, Joe Abley <jabley at hopcount.ca> wrote:
> >
> > It's not obvious that this is a problem for anybody, though; it's not
> > like you'd expect to see a TLSA RRSet in there.
>
> Isn't this truly a problem because if my cache is cold (for the zone in
> question) my recursive name server
> could send it a query for "_443._tcp.www.example.accountant. TLSA" (to
> keep picking on them) which would then
> just timeout?
Yes and you never know when a resolver will go back to a TLD to get
a referral.
> DW
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list