[dns-operations] DNAME interoperability

Mark Andrews marka at isc.org
Wed Nov 30 23:26:00 UTC 2011


In message <1322643956.5554.4.camel at jhorne.csd.plymouth.ac.uk>, John Horne writes:
> On Wed, 2011-11-30 at 09:52 +0100, Phil Regnauld wrote:
> > John Horne (john.horne) writes:
> > > On Tue, 2011-11-29 at 18:36 +0000, Tony Finch wrote:
> > > > Possibly of interest to this list, I've posted an article on my blog
> > > > describing a couple of DNAME interoperability problems that we have
> > > > encountered. Has anyone else seen anything similar?
> > > > 
> > > > http://fanf.livejournal.com/116744.html
> > > > 
> > > Hello,
> > > 
> > > A few years ago we used the DNAME record for our old short-name of
> > > 'plym.ac.uk' pointing to the long-name of 'plymouth.ac.uk'. However, we
> > > found that Microsoft 2003 DNS servers did not recognise DNAME, so we had
> > > to abandon that. A quick check indicates that 2008 MS DNS does now
> > > support DNAME.
> > 
> > 	Many organizations still don't run 2008 DNS. When you say "Microsoft 2003
> > 	DNS servers", do you mean "recursive/caching servers don't understand the
> > 	DNAME RRtype", or "authoritative servers don't support/offer the DNAME
> > 	RRtype [as master or slave]", or both ?
> > 
> > 	Cheers,
> > 	Phil
> > 
> Both.

They don't have to understand it.  They just have to not choke on
it.  It was always exected that non DNAME aware servers / libraries
would just ignore the DNAME record in the response.

Overloading DO=1 to also indicate DNAME support is a possibility.
DNSSEC aware client should be expecting DNAME record as DNAME'
understanding is a requirement for them.

It's about a 2 minutes work to stop named emiting a DNAME without
DO being set on normal queries.  I suspect that it would be similar
for other nameservers.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list