[dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail

Dave Lawrence tale at dd.org
Wed May 27 20:35:29 UTC 2020


Viktor Dukhovni writes:
> Interesting.  I would have expected the RDATA to just be opaque bytes
> when stored, and the server to return what ever it had, e.g.:
> 
>     _25._tcp.smtp.example.com. IN TLSA #2 0001
>     _25._tcp.smtp.example.com. IN RRSIG TLSA ...
> 
> and let the client deal with malformed RDATA.

... you would expect a DNS server to not do validation on the RDATA of
known types and just serve whatever was stuffed in there?




More information about the dns-operations mailing list