[dns-operations] Any DNAME usage experience?

John Levine johnl at taugh.com
Sun Mar 29 22:46:30 UTC 2020


In article <20200329204015.GK41308 at straasha.imrryr.org> you write:
>The actual user in question publishes TLSA RRs for only a selected
>subset of ports, e.g. for 25 and 443, but not 587.

OK.

>DNAME is a bit more flexible in this context.  It is by no means
>popular.  Among 1.87 million domains with DANE TLSA RRs for their
>primary MX hosts, 524 alias their TLSA RRs, of which three use DNAMEs
>that purpose.

Yeah, 89 of those CNAMEs are mine.

>And there are 2 TLDs that employ DNAMEs:
>
>    ; Taiwan simplified -> traditional
>    ;
>    xn--kprw13d. IN DNAME xn--kpry57d.
>
>    ; Iran arabic -> subdomain
>    xn--mgba3a4f16a. IN DNAME xn--mgba3a4f16a.ir.

>Bottom-line, they're used infrequently, but they do seem to work.

In the DNS sense, sure they work.

In the application sense, I doubt it.  When I looked through the .CAT
DNAMEs for www.<accented>.cat I don't think I found any web servers
that gave me what looked like a deliberate answer rather than a
default or error page.  I'd be quite surprised if there were many web
or mail servers in Taiwan or Iran that gave reasonable responses to
their DNAME'd names.

R's,
John


More information about the dns-operations mailing list