yes. you might want to view/review
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-wcard-clarify-01.txt
DNSsec will work properly with wildcards, regardless of where they are
in the DNS.
bmanning@karoshi.com wrote:
yes. you might want to view/review
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-wcard-clarify-01.txt
Wow. That's supposed to clarify? Needs serious editting!
(heck, there are typos in the first sentence of the first paragraph of
the introduction, and it gets worse from there.)
DNSsec will work properly with wildcards, regardless of where they are
in the DNS.
Well, maybe. Only when the world changes to follow this internet-draft.
But at least it's good that somebody is thinking about it....
Which means that a rogue DNS can lead you down the garden path and
DNSsec won’t give you a clue that you’re being lied to. It’s the same
question as the “what happens to SSL to a phantom site?” - Verisign can
provide an A record for the server and an SSL cert that will work.