> On 27/02/2019 00:10, Matthew Hardeman wrote: > > Is it even proper to have a SAN dnsName in in-addr.arpa ever? > > > > While in-addr.arpa IS a real DNS heirarchy under the .arpa TLD, it > > rarely has anything other than PTR and NS records defined. > > > > While there is no current use, and the test below was obviously somewhat > contrived (and seems to have triggered a different issue), one cannot rule > out > the possibility of a need appearing in the future.
At least the last time this came up a few years ago, there were actually a significant number of webservers running under in-addr.arpa, with Comodo and LE certificates (as well as a handful of others). I believe Corey posted a list. Exactly what they were doing there is an open question, and when I asked, no one responded. I'm still very curious as to why some people seem to actually be running servers there, or if it's just a side-effect of misconfigured CNAMEs causing them to appear to be there, or similar. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
