[dns-operations] CNAME at the apex breaks DNSSEC DS lookups from caches

Paul Vixie paul at redbarn.org
Sun Apr 17 02:57:58 UTC 2022



Evan Hunt wrote on 2022-04-17 02:58:
> ...
> 
> I was the original author of the ANAME draft, and I thought it was a
> terrible idea, and said so at the time. The only reason I wrote it was that
> I believed browser vendors would remain unwilling to adopt a more sensible
> alternative, and as soon as my pessimism turned out to be unfounded, I was
> quite happy to drop the proposal.

the browsers are doing something that makes more sense to them.

https://www.domaintools.com/resources/blog/the-use-cases-and-benefits-of-svcb-and-https-dns-record-types

-- 
P Vixie




More information about the dns-operations mailing list