> On 13 Jul 2021, at 6:22 am, Petr Špaček <[email protected]> wrote:
>
> As Viktor pointed out in
> https://mailarchive.ietf.org/arch/msg/dnsop/w7JBD4czpGKr46v-DlycGbOv9zs/ , it
> seems that this problem plagues roughly tens out of 150k domains he surveyed.
> I think this makes further discussion about _necessity_ of the workaround
> kind of moot.
Full disclosure, I only tested TLSA records. I can't speak to what
one might expect with SRV or other record types. Yes, failures are
not that common, for what is worth another example:
https://dnsviz.net/d/_tcp.mail.ncsc.de/YO3DpQ/dnssec/
https://dnsviz.net/d/_25._tcp.mail.ncsc.de/YO3Bsw/dnssec/
Here the "A" query for the ENT was unexpectedly "REFUSED". :-(
If implementations at least seriously consider the advice to treat
special-use labels *specially*, I'll declare victory...
--
Viktor.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
