1–3 of 3
Doug Beattie's profile photo
Doug BeattieRyan Sleevi2
10/9/17
[cabfpub] CAA, DNSSEC and NXDOMAIN
only alongside NXDOMAIN responses for a > signed zone – they provide authenticated denial of existence, essentially a > “signed NXDOMAIN” response. Is this considered a failure
unread,
[cabfpub] CAA, DNSSEC and NXDOMAIN
only alongside NXDOMAIN responses for a > signed zone – they provide authenticated denial of existence, essentially a > “signed NXDOMAIN” response. Is this considered a failure
10/9/17
Doug Beattie's profile photo
Doug Beattie, … Jacob Hoffman-Andrews5
10/4/17
[cabfpub] CAA look up failures and retry logic
" returns NXDOMAIN, the CA is still required to attempt looking up a CAA record for "example.com ". So I agree that your "most likely" option is the ideal
unread,
[cabfpub] CAA look up failures and retry logic
" returns NXDOMAIN, the CA is still required to attempt looking up a CAA record for "example.com ". So I agree that your "most likely" option is the ideal
10/4/17
Gervase Markham's profile photo
Gervase Markham
1/25/17
[cabfpub] Fwd: Fwd: Draft CAA motion (3)
(eg NXDOMAIN), but the length of the case should be *reasonably* limited. The typical scenario to avoid is the case when the user (or resolver) queries the record (eg for debugging or
unread,
[cabfpub] Fwd: Fwd: Draft CAA motion (3)
(eg NXDOMAIN), but the length of the case should be *reasonably* limited. The typical scenario to avoid is the case when the user (or resolver) queries the record (eg for debugging or
1/25/17