This isn’t about whether name servers load A records with non LDH names
as they all can.

The real question is do the name lookup api’s in the web browsers barf
on non IDN, non LDH names since that is the mechanism being proposed
for people to test this.


> On 2 Feb 2018, at 6:50 pm, Petr Špaček <> wrote:
> On 2.2.2018 07:55, A. Schulze wrote> Paul Hoffman:
>>> My preference is #1 because, in general, a label starting with _ has
>>> been meant for infrastructure, and that's what these labels are.
>>> Others might like #2 so they don't have to add configuration to BIND
>>> (and maybe other authoritative servers).
>> just checked, my NSD and POWERDNS serve A record for _foo.examle.
>> without noise...
>> so: #1
> For the record, I also like more the underscore variant (#1 above).
> BIND spits a warning about it and I like it. After all, this whole KSK
> sentinel bussiness is quite specialized thing to do and should be done
> only by people who know what they are doing, so warning is appropriate.
> After all, what is your guess about number of zones containing such
> names? 10? 20 zones globally? I cannot see more, and most likely vast
> majority of people who would like to create such zones is following this
> dicussion.
> Please do not overcomplicate things. The technology seems okay to me.
> (I've implemented it including tests, see Knot Resolver 2.0.0.)
> Could we polish the text and publish it, pretty please?
> (BTW I have seen underscore names with A records in Microsoft Active
> Direcotry DNS years ago, so this is not the first time _ A is used.)
> -- 
> Petr Špaček  @  CZ.NIC
> _______________________________________________
> DNSOP mailing list

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET:

DNSOP mailing list

Reply via email to