[dns-operations] Adding CNAME for the root domain issue
Dave Warren
davew at hireahit.com
Wed Apr 27 21:31:18 UTC 2016
On 2016-04-27 13:16, Fred Morris wrote:
> I've been biting my tongue, but ok I give up. Not your fault specifically
> Mark...
>
> On Wed, 27 Apr 2016, Mark Jeftovic wrote:
>> I refer to apex aliasing in the book (almost done) as "the big kahuna of
>> protocol violations"
> What toxic landscape gives rise to this unwanted denizen? If something
> demands a CNAME at the apex, it's hardly a zone at all: how can we do NS
> records?
>
> Just CNAME it. There I said it: CNAME it in the parent zone, because it's
> not a zone at all.
>
> But that will never happen because rules exist against that sort of thing.
It's not just about rules against this configuration, even if we
eliminated those rules, it wouldn't solve the problem for the user who
wants this:
example.com. CNAME cdn.someservice.example.
mail.example.com. A 192.24.0.5
Or more likely:
example.com. CNAME cdn.someservice.example.
example.com. MX 0 mail.example.com.
mail.example.com. A 192.24.0.5
A new RR that would be"return defined record if it exists, otherwise
alias to..." might solve all of the problems by simply allowing aliases
and other records to coexist, but frankly, SRV records are a better
solution in a number of ways (and SRV records already exist, we just
need to get browser manufacturers to implement them)
If we were redesigning DNS completely, we might instead allow any RR
type other than SOA and NS to return a "Alias to..." response instead of
an actual response, but this would be impossible to implement in a
backward compatible way.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the dns-operations
mailing list