On 5/17/24 22:30, Jan-Piet Mens wrote:
How about Knot resolver ?
The question is moot as it's not permitted.
I think the question is whether Knot Resolver follows the letter of the RFC,
like BIND, or whether it is less strict.
This is a good question, because ...
RFC 1912, section 2.4 says:
"Don't use CNAMEs in combination with RRs which point to other names
like MX, CNAME, PTR and NS."
... because Knot Resolver actually does *not* follow the letter of this RFC, at
least for CNAMEs:
$ dig +noall +answer @localhost outlook.office.com
outlook.office.com. 60 IN CNAME substrate.office.com.
substrate.office.com. 300 IN CNAME outlook.office365.com.
outlook.office365.com. 60 IN CNAME ooc-g2.tm-4.office.com.
ooc-g2.tm-4.office.com. 10 IN A 52.98.241.194
...
That said, setting up a CNAME NS is certainly a bad idea if BIND can't resolve
it, because that'll kill a bunch of your audience.
Peter
--
https://desec.io/
--
