On Thursday, 23 January 2020 21:43:48 UTC Viktor Dukhovni wrote: > [ I think the issue merits some attention beyond just giving up. Anyone > else care to comment? ]
apex cname is a bad idea that can't be stopped. modern dns has a lot of these, for example ECS and what i once called "stupid DNS tricks"[1]. anything that anybody wants to do is a possible topic for wide deployment and eventual standardization, and system coherence be damned. HTTPSSVC is the right answer for this. we should push _hard_ on that rather than distracting our energies with trying to fix the DNSSEC problems related to apex cname. to DNSSEC, a name is either canonical or not. if it's not it will have a CNAME and only a CNAME -- and this is a good thing. -- Paul [1] https://queue.acm.org/detail.cfm?id=1647302 _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
