Viktor Dukhovni <[email protected]> wrote: > > thus in case a target hostname in the SRV RR is a CNAME: > > _imap._tcp.example.com. IN SRV 0 0 143 imap.example.com. > imap.example.com. IN CNAME mail.example.net. > mail.example.net. IN A 192.0.2.1 > > the associated TLSA RRset would be at: > > _143._tcp.imap.example.com. > > rather than: > > _143._tcp.mail.example.net.
Right. This is consistent with RFC 6698 section A.2. TLSA lookups need to work the same way whether the client software is configured to use the server host name directly, or if it is discovering the host name via a SRV record. Also, client software can rely on standard resolver alias processing, rather than having its own duplicate alias handling logic. I think it would be unwise wrt. consistency with other specifications to require weird behaviour in the face of a misconfiguration. RFC 2782 and RFC 5321 say the targets of SRV and MX records must not be aliases. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
