Proposal for using NAPTR/URI records
Nico Williams
nico at cryptonector.com
Thu Feb 26 14:20:46 EST 2015
On Thu, Feb 26, 2015 at 07:19:27PM +0000, Brandon Allbery wrote:
> On Thu, 2015-02-26 at 13:17 -0600, Nico Williams wrote:
> > On Thu, Feb 26, 2015 at 05:15:15PM +0000, Brandon Allbery wrote:
> > > On Thu, 2015-02-26 at 10:55 -0600, Nico Williams wrote:
> > > > > 2. DNS stacks which drop queries for unknown QTYPEs.
> > > >
> > > > type=ANY.
> > >
> > > I've seen too many commodity routers that (a) insist on giving out the
> > > address of their internal DNS caching server (b) silently drop any RR
> > > they don't understand from cached/forwarded replies.
> >
> > How can (b) work in a DNSSEC world? I imagine the affected zones are
> > opting out.
>
> You think commodity routers speak DNSSEC?
No, but I'm asking what results. It must be equivalent to a timeout.
More information about the krbdev
mailing list