Mark Andrews 于2018年2月3日周六 上午4:11写道:
> The problem is that search lists are being applied when “localhost” is
> being entered into name lookup APIs and is being matched against
> localhost.example which isn’t expected to to a address on the current
> machine and that the search list may be auto co
On Sat, Feb 03, 2018 at 12:20:34PM +0100, Stefan Bühler wrote:
> This advise suggests that if the auth server has access to the zone's
> private key and can sign responses on the fly, ANAME works with signed
> zones.
>
> But it doesn't! Because ANAME-aware recursive resolvers will replace
> the si
Hi again,
On 01/26/2018 09:09 PM, Evan Hunt wrote:
>> I have concerns about the resolver replacing A/ records in signed
>> zones as it breaks validation.
>
> What do you mean by "the resolver" in this case?
The "recursive resolver".
>> If a resolver understanding ANAME is queried using the
