Yet another reason to validate on the stub... :) On Wed, Jul 24, 2024 at 8:37 AM Philip Homburg <[email protected]> wrote:
> > Partially. I believe the DNSSEC validation and following the > > CNAME-chain have to be implemented in the same routine. This is > > because to perform an authenticated denial of existence, you first > > need to know which name and rrtype you want to prove does not exist. > > DNSSEC validation follows the CNAME-chain that is part of validation. > > However, the ultimate user of the data also has to follow the CNAME-chain > to avoid picking up unwanted additional records in the answer section. > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
