ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: BUSTED - RE: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomaindelegation

2006-08-29 16:35:59
from [Wietse Venema] [Permanent Link] 
Hallam-Baker, Phillip:

So what happens if I have outsourced all my Web hosting to
Lieberhost.com by declaring:

*.example.com     CNAME   www69.lieberhost.com
mail.example.com  A       10.0.0.0
example.com       MZ      1 1 mail.example.com


Oops I have just delegated signing authority for my outgoing
emails even though my MX record config clearly shows that I did
not intend to do that.


Just like mail.example.com overrides the wild-card, would not a
subdomain _domainkey.example.com override the wildcard as well?

DNS is quite flexible: you can use a CNAME record to delegate only
a specific signing domain name, and you can use an NS record to
delegate an entire signing domain hierarchy.

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Delegation semantics, J.D. Falk
Next by Date:  Re: [ietf-dkim] Delegated signatures in real life, Stephen Farrell
Previous by Thread:  BUSTED - RE: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomaindelegation, Hallam-Baker, Phillip
Next by Thread:  [ietf-dkim] Itemized Summary of SSP Requirements-00, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]