[dns-operations] CNAME at the apex breaks DNSSEC DS lookups from caches
Paul Vixie
paul at redbarn.org
Sun Apr 17 02:57:58 UTC 2022
Evan Hunt wrote on 2022-04-17 02:58:
> ...
>
> I was the original author of the ANAME draft, and I thought it was a
> terrible idea, and said so at the time. The only reason I wrote it was that
> I believed browser vendors would remain unwilling to adopt a more sensible
> alternative, and as soon as my pessimism turned out to be unfounded, I was
> quite happy to drop the proposal.
the browsers are doing something that makes more sense to them.
https://www.domaintools.com/resources/blog/the-use-cases-and-benefits-of-svcb-and-https-dns-record-types
--
P Vixie
More information about the dns-operations
mailing list