[dns-operations] NS records pointing to names with CNAME records

Matthew Dempsky matthew at dempsky.org
Thu Jun 25 17:16:27 UTC 2009


On Thu, Jun 25, 2009 at 9:00 AM, Paul Vixie<vixie at isc.org> wrote:
> pretty much does not work.

Sure, but there are situations where it would work fine with the
current additional section processing rules:

    foo.dom. NS ns-alt.bar.dom.

    bar.dom. NS ns.bar.dom.
    ns.bar.dom. A 1.2.3.4
    ns-alt.bar.dom. CNAME ns.bar.dom.

But I'm not arguing that caches should allow this; I'm just interested
in knowing how existing caches handle situations like this.  Thanks to
you and Mark for explaining BIND's behavior.

> as a
> result, i know of no implementation that follows CNAME in these two
> cases.

I don't know of any implementation that includes CNAME records in
additional section processing, but dnscache and GbDns follow CNAME
records when determining which IP addresses to send queries to.

>  in RFC 1034 section 3.6.2 (page 15) i see this text:
>
>        Domain names in RRs which point at another name should always point
>        at the primary name and not the alias.  This avoids extra
>        indirections in accessing information.
>
>> I know the relevant RFCs warn that zones should not be configured this
>> way because older caches may have problems with them, but they also warn
>> against CNAME chains (which are commonly used),
>
> begging to differ, in RFC 1034 section 3.6.2 (page 15) i see this text:
>
>                ... CNAME chains should be followed and CNAME loops
>        signalled as an error.

Right, the spec says caches "should" handle CNAME chains, but also
that CNAME chains "should" not happen (see the other text you quoted).



More information about the dns-operations mailing list