[dns-operations] Any DNAME usage experience?
johnl at taugh.com
Sun Mar 29 20:15:07 UTC 2020
In article <20200329191324.GI41308 at straasha.imrryr.org> you write:
>On Sun, Mar 29, 2020 at 12:35:15PM -0400, John Levine wrote:
>> I have to say that at this point my advice is don't bother. Whatever
>> problem you hope DNAMEs will solve, they won't.
>I see some administrators succesfully using DNAMEs to retarget
>the entire "_tcp" subtree of a set of hosts to a common location.
>Something along the lines of:
> _tcp.mail1.example.com. IN DNAME _dane.example.com.
> _tcp.mail2.example.com. IN DNAME _dane.example.com.
> _tcp.mail3.example.com. IN DNAME _dane.example.com.
> *._dane.example.com IN TLSA 2 1 1 ...
>This works fine.
I suppose, although for this application, wouldn't this work just as well?
*._tcp.mail1.example.com. IN CNAME _dane.example.com.
*._tcp.mail2.example.com. IN CNAME _dane.example.com.
*._tcp.mail3.example.com. IN CNAME _dane.example.com.
_dane.example.com IN TLSA 2 1 1 ...
I can see that if you had both mail and web with _25 and _443 TLSA,
DNAME might be a little easier to set up.
More information about the dns-operations