[cabfpub] Pre-Ballot 125 - CAA Records
Sigbjørn Vik
sigbjorn at opera.com
Wed Jul 16 00:49:04 MST 2014
On 15-Jul-14 21:04, Rick Andrews wrote:
> I agree with Geoff. CAs will typically issue a DNS query for just CAA
> records, not ANY. And if you’re worried about the impact to the client
> that’s looking up the address for www.example.com
> <http://www.example.com> in DNS, they also will not be affected by the
> addition of CAA records because they’ll be asking for A or AAAA records,
> not ANY.
>
> I believe there’s no technical size concern here. I think the original
> comment came from Sigbjørn at Opera. If you’re still on the list, Siggy,
> would you please comment? Or perhaps someone else from Opera can comment?
The comment came from the sysadmin who implemented this, I am no DNS
expert myself.
> *On Behalf Of *Geoff Keating
> In actual use there should be no problem since real queries (as opposed
> to those intended for DoS) will not ask for the CAA record and so won't
> get it.
When implementing this, we do need to bear in mind the potential for
abuse as well.
--
Sigbjørn Vik
Opera Software
More information about the Public
mailing list