|
|
|
|
|
|
by zyberzero
2982 days ago
|
|
|
They do, and they don't. They have a round robin setup, for which resolver that validates the DNS challenge - however, they do not validate the DNS challenges from several resolvers[1]. So, if that particular resolver got caught in the BGP leak while doing a challenge verification you could get a valid cert.
Lots of ifs and buts - but it is certainly possible. [1] https://news.ycombinator.com/item?id=16918382 |
|
|