[dns-operations] Looping wildcard CNAMEs can be an obstacle for DANE, (googledomains.com-hosted example)

Viktor Dukhovni ietf-dane at dukhovni.org
Mon May 7 16:06:44 UTC 2018



> On May 7, 2018, at 11:43 AM, Florian Weimer <fweimer at redhat.com> wrote:
> 
>> It has the same odd broken CNAME:
>> ;; ANSWER SECTION:
>> *.christianfreear.com.	3596	IN	CNAME	\@.christianfreear.com.
>> Seems to me a more interesting question is why people are putting that
>> particular broken CNAME into their DNS.
> 
> It's probably the result of a DNS zone file parser which does not implement the RFC 1035 syntax (where @ denotes “the current origin”).

That much is fairly clear, what's less clear is whether the error
happens before the zone is transferred to Google for hosting, or is
a problem in how the zone is imported at Google.  I've not seen
the same problem anywhere else, suggesting an issue at Google,
but just two data points don't preclude other possibilities.

-- 
	Viktor.





More information about the dns-operations mailing list