[dns-operations] Adding CNAME for the root domain issue

Tony Finch dot at dotat.at
Thu Apr 28 11:52:49 UTC 2016

Matthew Pounsett <matt at conundrum.com> wrote:
> On 27 April 2016 at 16:35, David Conrad <drc at virtualized.org> wrote:
> >
> > I thought the problem with SRV was the multiple round trips?
> That's what it comes down to I think, yeah; the risk of another RTT ends
> the world in a flaming conflagration.  Never mind that in many cases the
> target host(s) will be in-zone, and therefore could be handed out in the
> additional data (especially if signed),

But SRV additional data can't tell a client if the apparently missing
target addresses are actually missing. To avoid the extra round trip, the
SRV answer needs to be able to say, this target has no A / this target has
no AAAA.

(There's a similar problem for generic v4+v6 address queries.)

> and that most of the time when the target is out of zone they'd be
> following a CNAME change 5 deep into a CDN anyway.

At least for CNAME the stub gets a definite yes or no answer in one RTT
to the recursive server.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Faeroes, Southeast Iceland: Northeasterly 5 or 6, decreasing 4 at times later,
and becoming cyclonic in Southeast Iceland. Moderate or rough. Wintry showers.

More information about the dns-operations mailing list