Allow Multiple-Cnames in BIND 9
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sat Dec 1 14:09:33 UTC 2001
> To try and lead the conversation down a more productive route, we
> occasionally get complaints from end users who are stuck behind really
> old/broken resolvers that don't handle the truncated bit properly, thereby
> preventing them from resolving addresses for hosts whose A RR set is too
> large to fit into a UDP packet. One thing we've considered is patching
> BIND to always return some random subset of the possible A records that
> will fit into a UDP packet... any comments on the pro's or con's of that
> approach? Does anyone have a working model that I could crib from? :)
Which describes what multiple-cnames did. Return a random subset
of 1 RR and potentialy following it.
DNSSEC makes doing this sort of thing real messy as you have to
generate/match signatures to subsets when you send them out and
also ensure that signatures stay with the answers. If you have
to query for the SIG records you are going to have to send them
all and the client will waste a lot of CPU attempting to verify
them all.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list