Hello. On 08/24/2017 05:46 PM, Hector Santos wrote: > [...] Not expecting this in my DNS resolver code, I modified the > resolver to take the CNAMEs into account and return the host names > instead. Was this the correct thing to do, thus providing the same > results regardless of the query location? [...]
I can't see any hint in RFC2317 that resolvers should/could change the data they obtain from upstream, even if just "expand CNAMEs" (and it's only BCP RFC anyway). In particular, if the particular zone is covered by DNSSEC, you may trigger validation errors by that. --Vladimir _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop