In article <[email protected]> you write: >The actual user in question publishes TLSA RRs for only a selected >subset of ports, e.g. for 25 and 443, but not 587.
OK. >DNAME is a bit more flexible in this context. It is by no means >popular. Among 1.87 million domains with DANE TLSA RRs for their >primary MX hosts, 524 alias their TLSA RRs, of which three use DNAMEs >that purpose. Yeah, 89 of those CNAMEs are mine. >And there are 2 TLDs that employ DNAMEs: > > ; Taiwan simplified -> traditional > ; > xn--kprw13d. IN DNAME xn--kpry57d. > > ; Iran arabic -> subdomain > xn--mgba3a4f16a. IN DNAME xn--mgba3a4f16a.ir. >Bottom-line, they're used infrequently, but they do seem to work. In the DNS sense, sure they work. In the application sense, I doubt it. When I looked through the .CAT DNAMEs for www.<accented>.cat I don't think I found any web servers that gave me what looked like a deliberate answer rather than a default or error page. I'd be quite surprised if there were many web or mail servers in Taiwan or Iran that gave reasonable responses to their DNAME'd names. R's, John _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
