On 2/27/20 4:51 AM, Lanlan Pan wrote: > [...] > Just configure ANAME in the zonefile, authortitative return response > is CNAME, no ANAME. > If enable DNSSEC, this will cause some dynamic signature > calculation(ECDSA will be better).
I would (generally) NOT recommend sending CNAME in answer in case of a zone apex. From my point of view, one of the main reasons for all the ANAME variants is that *this* is causing problems, although it kind-of works in many cases. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop