MX records

[Kevin Darcy]

Patrice Neff wrote:

> Kevin Darcy wrote:
>
> Thank you for your reply, I'll try it out!
>
> >A records can co-exist with MX records, but CNAMEs can't co-exist
> >with any records at all, except for some of the newer
> >DNSSEC-related ones.
>
> Why is this limitation?

If this limitation didn't exist, then every time a caching, recursive
server got a query and only a CNAME was cached for the name, it would
have to fetch not only the data associated with the name itself, but
also for the name to which the CNAME pointed, thus doubling its
workload.

Also, there is bad ambiguity if you allow other records to be owned by
the owner of a CNAME. Say a name owns an A record 1.2.3.4 and also owns
a CNAME pointing to some other name which owns an A record 2.3.4.5.
Which is "correct"? Should *both* be returned in the answer? What if it
gets an error trying to retrieve data for the name to which the
CNAME points? Should it return just what it has (i.e. a partial RRset),
or should it just fail the entire query? If it returns a partial RRset
and indicates no error, then this means downstream servers may get
different RRsets from the same server at different times even though the
underlying data hasn't changed, and without ever knowing that an error
occurred. *Inconsistent* results, in other words. On the other hand, if
you just fail the query, then what you've done is double the number of
points of failure for the query, thus making DNS less reliable.

The prohibition against "CNAME and other data" fixes all of this. No-one
has really ever come up with a legitimate reason for the rule to be
lifted or modified, except, as previously mentioned, some DNSSEC special
cases. Aliases are *only* aliases, names which own other records can't
be aliases: most DNS admins have been able to live with this segregation
for many years.


- Kevin