On 4/27/22 15:11, Bob Harold wrote:
To avoid (C)DS at an apex under the _boot tree, one could use another _name like: _nsboot.dedyn.io._boot.ns1.desec.io <http://boot.ns1.desec.io>. CDS ... So the CDS records in this new scheme are never at an apex, but one level down under a new "_nsboot" label. It adds another label, but avoids any ambiguity.
Interesting proposal! When named like _dsauth.example.com._signal.ns1.desec.io or similarly, this would suggest that other things could be signaled as well. Perhaps this could be useful in other cases. Best, Peter -- https://desec.io/ _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
