[dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail
tale at dd.org
Wed May 27 20:35:29 UTC 2020
Viktor Dukhovni writes:
> Interesting. I would have expected the RDATA to just be opaque bytes
> when stored, and the server to return what ever it had, e.g.:
> _25._tcp.smtp.example.com. IN TLSA #2 0001
> _25._tcp.smtp.example.com. IN RRSIG TLSA ...
> and let the client deal with malformed RDATA.
... you would expect a DNS server to not do validation on the RDATA of
known types and just serve whatever was stuffed in there?
More information about the dns-operations