Hi Wouter, > The solution we would like to implement is that the CNAME is not > followed for qtype ANY. (and fix DNSSEC-validation of such responses). > Because it is RFC-conformant and short.
I'd argue that RFC 1034 isn't absolutely clear on this topic, see <http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-July/001929.html> Also, when you say "not followed", would this only prevent actively chasing the CNAME target or would it also prevent data already present in the cache from being added to the response? In any case, any optimization should not be seen as an encouragement to use qtype ANY in applications -- for anything else but debugging. -Peter _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
