[dns-operations] Curious use of cname

Paul Vixie paul at redbarn.org
Thu Aug 7 02:16:54 UTC 2014

Andrew Sullivan wrote:
> No.  They're doing it by simulating it. The actual dns responses are a or aaaa records.  It only works under some circumstances.  

my view of the cname-precludes-other-data rule is that it's always been
clear. protocol engineering means figuring out what other compliant
agents could reasonably assume about data you're about to send them and
make sure every possibility is OK with you or else don't send it. in
that sense, sending a CNAME sometimes and an answer at other times
(based on the qtype) means that some initiators will follow the CNAME
even for qtypes you wish they wouldn't, and that should not be OK with
you as a responder so you should not send the thing that will act
against your own interests.

the now-common CDN trick of inventing a nonstandard "ALIAS" record or
similar, that causes the authority server to recurse for any qtype
that's not actually present in the zone, and to report that recursive
data as authoritative, does not cause any compliant initiator to react
in any way that's undesirable. it means you can't use any secondary
servers that don't have this nonstandard behaviour, but that's a
tractable constraint. it seems to me that this behaviour is desirable
enough by a wide enough audience that it should be standardized for
interoperability reasons, even if not recommended as part of the core
DNS standard.


More information about the dns-operations mailing list