On Apr 29, 2020, at 11:38 PM, Brian Somers <[email protected]> wrote: > Furthermore, the CNAME alias RRset must be validated unless the CD bit is set. > A validating resolver MUST validate and can only return RRsets if they are > proven > to be either insecure or secure. If the aliased RRset is bogus, the answer is > SERVFAIL.
Ah. I like this answer. Is there a place where this is stated in the RFC that we can point to?
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
