resolve_secure_cname

Function resolve_secure_cname 

Source
pub async fn resolve_secure_cname(mx_host: &str) -> Result<SecureCnameStatus>
Expand description

Performs an explicit CNAME lookup for mx_host to determine whether it is a securely published alias.

This is a narrow fallback in the DANE path: when the MX host’s address (A/AAAA) records did not resolve securely we may still be looking at a secure CNAME whose target merely lives in an unsigned zone. Querying the CNAME type explicitly isolates the alias’s own DNSSEC status (a CNAME-type query is answered by the alias RRset and is not chased into the insecure target), and works uniformly across resolver backends because it relies only on the per-answer secure bit rather than per-record validation proofs.