[dns-operations] Looping wildcard CNAMEs can be an obstacle for DANE, (googledomains.com-hosted example)
John Levine
johnl at taugh.com
Mon Apr 16 17:36:52 UTC 2018
In article <alpine.DEB.2.11.1804161127180.27682 at grey.csi.cam.ac.uk> you write:
>> _25._tcp.frasier.family. IN TLSA ? ; ServFail AD=0
>
>I wonder why unbound gets in a tangle - BIND and Knot handle it OK.
1.1.1.1, 8.8.8.8, and 9.9.9.9 all return SERVFAIL
1.1.1.1 helpfully puts the looping CNAME in the answer section.
R's,
John
More information about the dns-operations
mailing list