It appears that Yorgos Thessalonikefs <[email protected]> said: >Various ways that could give resolution inconsistencies between >implementations (I am not considering the actual attack scenario because >noone cares about that resolution).
Different resolvers allow different lengths of CNAME chains before they give up. I think that's much more likely to make a practical difference, but we've been living with it for decades and dnsop has never provided definitive advice on how to deal with it. Why is this any more urgent? R's, John _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
