[dns-operations] DNAME implementation consistency?
Chris Thompson
cet1 at cam.ac.uk
Tue Mar 20 21:22:24 UTC 2018
On Mar 20 2018, Tony Finch wrote:
>
>> On 19 Mar 2018, at 23:25, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>>
>> I believe Cambridge University uses DNAMEs extensively.
>
>Right, but only for the reverse DNS - see the link below. I'm not aware of
>any problems, but because reverse DNS is not absolutely necessary, me / my
>users would not be likely to notice problems...
>
>https://tools.ietf.org/html/draft-fanf-dnsop-rfc2317bis-00.html#section-8
I am surprised that Tony doesn't remember the problem we had with e-mail
being emitted from an IP address with reverse lookup involving a DNAME.
I don't think the following message sent on 2011-04-04 reveals anything
that should be confidential...
| Dear CL hostmaster(s),
|
| Thank you for your co-operation with changing the delegations from
| 232.128.in-addr.arpa to DNAMEs.
|
| We have encountered a problem with this involving CUP. They have
| hosts at 128.232.233.1 & 128.232.233.2 which emit e-mail directly
| to the Internet (i.e. not via ppsw). It turned out that a few SMTP
| receivers, unfortunately including those for comcast.net, both require
| a successful reverse lookup for the calling IP address, and think it
| has failed if there is a DNAME involved. But not, to our surprise
| after several experiments, if there is just a CNAME indirecting to
| the PTR record.
|
| So please can we ask you to replace
|
| $GENERATE 128-255 $ 86400 DNAME $.232.128.in-addr.arpa.cam.ac.uk.
|
| by
|
| $GENERATE 128-232 $ 86400 DNAME $.232.128.in-addr.arpa.cam.ac.uk.
| $GENERATE 0-255 $.233 86400 CNAME $.233.232.128.in-addr.arpa.cam.ac.uk.
| $GENERATE 234-255 $ 86400 DNAME $.232.128.in-addr.arpa.cam.ac.uk.
|
| That is, explicitly expand just the one DNAME into 256 CNAMEs. This
| ought to work round CUP's problem. There aren't any other e-mail
| emitters of this sort in this address range.
Indeed, this work round did solve the immediate problem. Maybe it
would no longer be necessary (nearly) seven years on, but I see that
block of 256 CNAMEs instead of a DNAME is still there!
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the dns-operations
mailing list