[dns-operations] does anybody know why yahoo+akamai are doing this?

David Blacka davidb at verisignlabs.com
Tue Mar 21 20:45:30 UTC 2006

On Mar 20, 2006, at 1:58 PM, Paul Vixie wrote:

> # > 	AA says that the *first* answer (CNAME) is authoritative.  Any
> # > 	other records in the answer section may not be authoritative.
> #
> # Yes, I know that.  What puzzled me was that it had www.yahoo.com
> # CNAME as authoritative data, yet not yahoo.com NS.
> #
> # I'm guessing that there is some sort of semi-obvious scenario here,
> # but I haven't been able to think of it, so I'm asking.
> the yahoo.com nameservers do not (thank the gods!) have fetch-glue  
> enabled,
> and so they don't have any NS information for the target of the  
> nonterminal
> CNAME chain they're returning.  RFC1034 implies that whatever is  
> the closest
> zone cut to this nonterminal CNAME target, should go into the  
> authority
> section.

Ok, this makes sense, and I'm not sure why I didn't get this in the  
first place.

I'm not sure that the word "implies" is correct, however, since a  
literal reading of the algorithm in 1034 section 4.3.2 directly leads  
to adding the closest zone cut to the target being added.

David Blacka    <davidb at verisignlabs.com>
Sr. Engineer    VeriSign Applied Research

More information about the dns-operations mailing list