[dns-operations] does anybody know why yahoo+akamai are doing this?

Paul Vixie paul at vix.com
Tue Mar 21 18:38:19 UTC 2006


# >..., RFC1034 is just wrong in this case.  ...
# 
# Wrong in what sense?

as in several other important topics (like wildcards, and class semantics),
RFC 1034 assumes that CNAMEs will not have out-of-zone targets, and then
has a "what NS RRset to add" rule that depends on the CNAME target.  it also
assumes the existence of something like fetch-glue but doesn't require same.

but yahoo and most of the rest of the world uses out-of-zone CNAMEs and turns
off fetch-glue (or runs name server software that doesn't offer fetch-glue),
and so there's a rule describing an NS RRset that won't be available or might
not exist.

# I can see that the protocol design looks like it is placing undue work on
# operations (as in increased load to the roots).  Is that what you mean by
# RFC 1034 being "wrong" in this case?

see above.  RFC 1034 should say "if the CNAME chain leaves the zone, you don't
have to add an NS RRset other than the one for the last zone it exited."  but
isn't this really a topic for namedroppers@ rather than dns-operations@ ?



More information about the dns-operations mailing list