cname quick question

Cricket Liu cricket at VeriSign.com
Tue Feb 27 19:54:58 UTC 2001


> Will the people that are trusted with the future of BIND its future (great
> job, thanks),  please explain their motivation not to allow the use of
CNAME
> record for the domain itself. I wonder if there is some deep problem here
> that I can't see myself.
>
> And if the issue is just a matter of legality with current standards and
is
> not problematic by itself, what are the forums to direct a request to
> include this feature in coming versions of the standards ?

As I see it, if we ignore the fact that using CNAMEs at nodes that own
other records violates the DNS specs, there are still two technical aspects
to this problem:

1.  You need to patch name servers' zone loading routines, as Erik did,
to allow the CNAME and other data configuration.  This isn't hard to do.

2.  Presumably, the behavior you'd like is to have the authoritative name
server look for the answer to a query first (e.g., "Do I have an A record
for foo.example?") and, if not, then check for a CNAME (e.g., "Do I
have a CNAME record for foo.example?").  That's probably a little
harder to do, but still doable.

So far, these changes only need to be made on name servers run by
those folks who want to use a CNAME at their zone's apex.  Unfortunately,
there's also these ones to take care of on every name server on the
Internet:

3.  You need to patch name servers' resolution routines so that they don't
ignore a zone's CNAME after following delegation to that zone.

4.  You need to patch name servers' resolution routines so that they don't
cache CNAME records, or don't follow them automatically.  For example,
if my name server caches this record, returned from one of those patched
name servers:

foo.example.    IN    CNAME    bar.example.

it'll change all lookups for foo.example into bar.example.  So if I try to
look up the MX records for foo.example, I'll end up with the MX
records for bar.example.  That's not good.

Before you do 1 and 2, you need to do 3 and 4, or else you'll break your
mail (and who knows what else).  Since 3 and 4 require changes to every
name server on the Internet, I humbly suggest you've got your work cut out
for you.

cricket



More information about the bind-users mailing list