shane-ns1
commented
7 months ago IIRC DNAME also has language around explicit queries, possibly for similar reasons? :thinking:
Open RoyArends opened 7 months ago
shane-ns1
commented
7 months ago IIRC DNAME also has language around explicit queries, possibly for similar reasons? :thinking:
vttale
commented
7 months ago Agreed, I've always expected that explicit DELEG queries would work. I'd also expect them to be returned in ANY queries, to the extent that the auth policy for ANY queries allows.
For the same reason explicit DS records need to work:
DS records are obscured when parent and child are hosted on the same server. Only an explicit DS request can establish a chain of trust. As an example, UK and CO.UK are hosted from the same server set, and explicit DS queries are needed to establish a chain of trust.
This can be made to work in the authoritative server by treating DELEG requests the same way as DS requests.