On Fri, Jul 30, 2021 at 12:11 PM Shane Kerr <[email protected]> wrote: ...
> This can't store out-of-bailiwick data, which means we can't secure an > arbitrary NS RRset this way. Converting DNSName from "prefix" to just > "name" would allow that. > Actually I think it can, but I confused the issue with a mistake below: > 4. For ADoX, place NS records (with a prefix like "ns3.") and SVCB > > records (with a prefix like "_dns.ns3.") in the DS glue. > This should say "NS records (with a prefix of ".")". The NS RDATA is unconstrained.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
