Aliasing a domain any implications for DNSSEC/DANE
John
john at klam.ca
Fri Jan 16 14:35:11 CET 2015
I originally thought of using dname records for the domain aliases and
cname records for the TLSA records.
But for this to work I would need to enable recursion on the
authoritative server. I understand that for very good reasons this is
considered a very bad idea., therefor I wont go tin this direction.
As an alternative I a considering using the same zone file for all three
zones.
I assume that i should only have maintain and inline on the main domain
domain entry in bind.
Is this the "best" way of aliasing? What gotchas should I be aware of?
--
John Allen
KLaM
------------------------------------------
Save the whales. Collect the whole set.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150116/baa3413c/attachment.bin>
More information about the dane-users
mailing list