[dns-operations] Any DNAME usage experience?
Viktor Dukhovni
ietf-dane at dukhovni.org
Sun Mar 29 19:13:24 UTC 2020
On Sun, Mar 29, 2020 at 12:35:15PM -0400, John Levine wrote:
> I have to say that at this point my advice is don't bother. Whatever
> problem you hope DNAMEs will solve, they won't.
I see some administrators succesfully using DNAMEs to retarget
the entire "_tcp" subtree of a set of hosts to a common location.
Something along the lines of:
_tcp.mail1.example.com. IN DNAME _dane.example.com.
_tcp.mail2.example.com. IN DNAME _dane.example.com.
_tcp.mail3.example.com. IN DNAME _dane.example.com.
*._dane.example.com IN TLSA 2 1 1 ...
This works fine.
--
Viktor.
More information about the dns-operations
mailing list