Paul Vixie writes: > > For example www.example.com <http://www.example.com> pushes you a AAAA > > record for img1.example.com <http://img1.example.com>. Should you use > > it? > > no. sibling names might be delegation points. kashpureff taught us this > in 1996 or so, and kaminsky reinforced that lesson in 2008. > > > What if it is for img1.img-example.com <http://img1.img-example.com>? > > certainly not.
In the large I agree with you, but I think there's more to it than that. If it pushed me DNSSEC records that I could verify myself from my own configured trust anchor, why can't I trust them then? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
