CNAME and Round Robin

Mathias Körber mathias at koerber.org
Tue Nov 14 16:15:54 UTC 2000 

Igmar et al,

I still have difficulties grasping *why* SSL works with
RR on CNAMES, and not with RR on A records. What is it that
SSL does that is different from a normal web-connection?

(I know about proxies having problems with SSL, but that is
not an DNS issue IMHO, and might be solved by now for all I know).

If someone could try this out using a sniffer or similar and
describe exactly what the difference is, maybe it will be easier
to understand.

And no, I don't think RR on CNAMES will happen any time soon, as
multiple CNAMES for the same label are bad and have been taken out
of BIND in the latest version.

regards
mathias

> -----Original Message-----
> From: news at dejanews.com [mailto:news at dejanews.com]On Behalf Of
> cxclark01 at my-deja.com
> Sent: Tuesday, November 14, 2000 23:16
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: CNAME and Round Robin
>=20
>=20
> In article =
<Pine.LNX.4.21.0011141445410.6202-100000 at server.serve.me.nl>,
>   Igmar Palsenberg <maillist at chello.nl> wrote:
> >
> > Round robin on CNAME's used to work, but it's oficially now allowed.
> Bind
> > 9 refuses to do RR CNAME's.
> >
> > Using round robin on a SSL server doens't make sense to me, so I
> guess you
> > don't have many options.
> >
> > 	Igmar
> >
> >
> thanks, RR on CNAME's when it worked, worked better than RR on A
> records for SSL sessions. a RR on A records returns both IP addresses
> in a single query.
> > www.omni-direct.com
> Server:  omdnsx1.om-inc.com
> Address:  167.213.108.21
>=20
> Name:    www.omni-direct.com
> Addresses:  167.213.107.36, 167.213.107.37
>=20
> When the CNAME RR worked it returned a single CNAME in a query that
> would be looked up to a single IP, then the next query would return =
the
> other CNAME with a single IP.
>=20
> > www.omni-direct.com
> Server:  omdnsx1.om-inc.com
> Address:  167.213.108.21
>=20
> Name:    richux33.om-inc.com
> Address:  167.213.107.36
> Aliases:  www.omni-direct.com
>=20
> > www.omni-direct.com
> Server:  omdnsx1.om-inc.com
> Address:  167.213.108.21
>=20
> Name:    richux34.om-inc.com
> Address:  167.213.107.37
> Aliases:  www.omni-direct.com
>=20
>=20
> Of course this is running some ancient version of BIND ( I think the
> admin told me 4.9.3 ) They are upgrading to BIND 9 this weekend and it
> will be busted again.
>=20
> Maybe the ability to do RR on CNAME's is a feature that should
> get "reintroduced" into a future version of BIND?
>=20
>=20
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>=20
>=20

More information about the bind-users mailing list