[dns-operations] Looping wildcard CNAMEs can be an obstacle for DANE, (googledomains.com-hosted example)

John Levine johnl at taugh.com
Mon Apr 16 17:36:52 UTC 2018


In article <alpine.DEB.2.11.1804161127180.27682 at grey.csi.cam.ac.uk> you write:
>>   _25._tcp.frasier.family. IN TLSA ? ; ServFail AD=0
>
>I wonder why unbound gets in a tangle - BIND and Knot handle it OK.

1.1.1.1, 8.8.8.8, and 9.9.9.9 all return SERVFAIL

1.1.1.1 helpfully puts the looping CNAME in the answer section.

R's,
John



More information about the dns-operations mailing list