cname quick question

Tal Dayan tal at zapta.com
Tue Feb 27 23:20:44 UTC 2001 


Hi Cricket.

Thanks for explaining it to me.

If I understand it correctly, the change itself is technically feasible and
the standards can be modified, but the main trick is to find a modification
that will be interoperability with the existing DNS servers (whether BIND or
others).

So here is a challenge for you and the other DNS gurus on this list. Can you
come with a creative idea how to modify BIND (and the standards) such that
new servers will allow a CNAME for domain names without breaking
interoperability with existing servers.

Possibly you can use different assumptions for the things that are in the
control of the domain owner (e.g. the version of DNS server they and their
secondary use) and those that our out of their control (e.g. the version of
clients the rest of the Internet uses).

solving this problem will eliminate the semi weekly question and the
following discussion about this issue and will help many DNS users like us.

Thanks,

Tal



> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Cricket Liu
> Sent: Tuesday, February 27, 2001 11:55 AM
> To: bind-users at isc.org
> Subject: Re: cname quick question
>
>
>
> > Will the people that are trusted with the future of BIND its
> future (great
> > job, thanks),  please explain their motivation not to allow the use of
> CNAME
> > record for the domain itself. I wonder if there is some deep
> problem here
> > that I can't see myself.
> >
> > And if the issue is just a matter of legality with current standards and
> is
> > not problematic by itself, what are the forums to direct a request to
> > include this feature in coming versions of the standards ?
>
> As I see it, if we ignore the fact that using CNAMEs at nodes that own
> other records violates the DNS specs, there are still two
> technical aspects
> to this problem:
>
> 1.  You need to patch name servers' zone loading routines, as Erik did,
> to allow the CNAME and other data configuration.  This isn't hard to do.
>
> 2.  Presumably, the behavior you'd like is to have the authoritative name
> server look for the answer to a query first (e.g., "Do I have an A record
> for foo.example?") and, if not, then check for a CNAME (e.g., "Do I
> have a CNAME record for foo.example?").  That's probably a little
> harder to do, but still doable.
>
> So far, these changes only need to be made on name servers run by
> those folks who want to use a CNAME at their zone's apex.  Unfortunately,
> there's also these ones to take care of on every name server on the
> Internet:
>
> 3.  You need to patch name servers' resolution routines so that they don't
> ignore a zone's CNAME after following delegation to that zone.
>
> 4.  You need to patch name servers' resolution routines so that they don't
> cache CNAME records, or don't follow them automatically.  For example,
> if my name server caches this record, returned from one of those patched
> name servers:
>
> foo.example.    IN    CNAME    bar.example.
>
> it'll change all lookups for foo.example into bar.example.  So if I try to
> look up the MX records for foo.example, I'll end up with the MX
> records for bar.example.  That's not good.
>
> Before you do 1 and 2, you need to do 3 and 4, or else you'll break your
> mail (and who knows what else).  Since 3 and 4 require changes to every
> name server on the Internet, I humbly suggest you've got your work cut out
> for you.
>
> cricket
>
>
>

More information about the bind-users mailing list