[dns-operations] Adding CNAME for the root domain issue

Dave Warren davew at hireahit.com
Wed Apr 27 21:31:18 UTC 2016

On 2016-04-27 13:16, Fred Morris wrote:
> I've been biting my tongue, but ok I give up. Not your fault specifically
> Mark...
> On Wed, 27 Apr 2016, Mark Jeftovic wrote:
>> I refer to apex aliasing in the book (almost done) as "the big kahuna of
>> protocol violations"
> What toxic landscape gives rise to this unwanted denizen? If something
> demands a CNAME at the apex, it's hardly a zone at all: how can we do NS
> records?
> Just CNAME it. There I said it: CNAME it in the parent zone, because it's
> not a zone at all.
> But that will never happen because rules exist against that sort of thing.

It's not just about rules against this configuration, even if we 
eliminated those rules, it wouldn't solve the problem for the user who 
wants this:

example.com. CNAME cdn.someservice.example.
mail.example.com. A

Or more likely:

example.com. CNAME cdn.someservice.example.
example.com. MX 0 mail.example.com.
mail.example.com. A

A new RR that would be"return defined record if it exists, otherwise 
alias to..." might solve all of the problems by simply allowing aliases 
and other records to coexist, but frankly, SRV records are a better 
solution in a number of ways (and SRV records already exist, we just 
need to get browser manufacturers to implement them)

If we were redesigning DNS completely, we might instead allow any RR 
type other than SOA and NS to return a "Alias to..." response instead of 
an actual response, but this would be impossible to implement in a 
backward compatible way.

Dave Warren

More information about the dns-operations mailing list