[dns-operations] CNAME points to itself
Paul Vixie
paul at redbarn.org
Tue Jul 5 16:30:42 UTC 2016
"CNAME chains should be followed and CNAME loops signalled as an error."
(RFC 1034, page 15).
that signaling is done at follow-time, which is not in the authority server.
re:
Stephane Bortzmeyer wrote:
> On Tue, Jul 05, 2016 at 02:48:20PM +0800,
> yhpeng at orange.fr<yhpeng at orange.fr> wrote
> a message of 16 lines which said:
>
>> I have found that CNAME can be setup to point to itself (at least in BIND9
>> it can be).
>>
>> www.itest.com. 300 IN CNAME www.itest.com.
>>
>> should this be disabled?
>
> It wouldn't help, a rogue DNS zone operator could always run a
> modified version (or simply another server) allowing this. A DNS
> resolver MUST defend itself against the possibility of infinite
> recursion
> <https://indico.dns-oarc.net/event/21/contribution/11/material/slides/0.pdf>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
P Vixie
More information about the dns-operations
mailing list