[dns-operations] Any DNAME usage experience?
Mark Andrews
marka at isc.org
Tue Mar 31 22:37:04 UTC 2020
> On 31 Mar 2020, at 23:03, Vladimír Čunát <vladimir.cunat+ietf at nic.cz> wrote:
>
> On 3/31/20 6:47 AM, Brian Somers wrote:
>> One useful thing I could say (If you haven’t hit delete yet) is that I *HAVE* seen RRSIGs with compressed signers in the wild, so never assume that, just because RFCs say MUST NOT, you’ll never see these horrible things.
>
> Sure, validators MUST NOT crash on those, etc... but does that mean they
> SHOULD accept such signatures? I don't think so. (unless there's some
> additional motivation)
Well BIND has rejected them in RRSIGs from the get go. They are also rejected
is SIG records. So while Brian may have seen them, I would presume that what
ever was generating them has been fixed.
static inline isc_result_t
fromwire_rrsig(ARGS_FROMWIRE) {
...
dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
which went into the code on 2003-09-30
and dns_name_fromwire has
} else if (c >= 192) {
/*
* Ordinary 14-bit pointer.
*/
if ((dctx->allowed & DNS_COMPRESS_GLOBAL14) ==
0) {
return (DNS_R_DISALLOWED);
}
new_current = c & 0x3F;
state = fw_newcurrent;
Mark
> --Vladimir
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list