On Thu, Apr 30, 2020 at 9:44 PM John Levine <jo...@taugh.com> wrote: > In article <yblr1w438fb....@w7.hardakers.net> you write: > >Yep, I suspect some of the bigger TLDs probably couldn't opt in to this > >draft simply because they're full of, um, "history". Until that history > >is cleaned, they probably couldn't deploy it. > > It's not just history. All of the nominet TLDs and many Verisign TLDs > have signed A records that are clearly deliberate. There's also a fair > number of TXT records named zz--zz.<domain> that have some sort of info > about when the zone was updated. > > I think it's benign to allow any sort of record as an immediate child > of the domain, since you need to go two levels down for split zones. > That handes the nominet and zz--zz cases. > > R's, > John > > Is there any chance that a user trying to reach https://example.com could get the orphan glue A record for example.com instead of the A record in the real zone? (Just trying to think of cases where orphan glue might make a difference.)
-- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
