cname quick question

Erik Aronesty erik at primedata.org
Thu Mar 1 16:48:53 UTC 2001 

Mark,

Following your excellent example:

There is a CNAME present at the node, so the request for the SOA/NS record 
will be restarted with the QNAME changed to the target.  The SOA will 
then be returned from the canonical name.

--> The query will not fail if the algorithm is follwed.

Other results:

The SOA present at the zone-top will never be cached/used except 
in requests which prevent chaining, IE: requests for the CNAME itself or for 
other domains in the zone file.  Likewise, the NS records will only be used 
for the authority section in non-chained requests.  

If you consider the meaning of NS/SOA records - this behavior is correct.  
(Or as close to correct as possible - since there really should have been 
*two types of NS records*, as was pointed out earlier on namedroppers)

That's it.  Where do you foresee failure/doom in this?  Bear in mind that 
this is how BIND resolver used to behave in versions 4 through 8.2.2 
when CNAME's were not prevented from being in the zone top.

			- Erik


-----Original Message-----
From:	Mark.Andrews at nominum.com [SMTP:Mark.Andrews at nominum.com]
Sent:	Thursday, March 01, 2001 10:49 AM
To:	Erik Aronesty
Cc:	'Jim Reid'; bind-users at isc.org
Subject:	Re: cname quick question


> 
> JIM>Please *read* the extract from RFC1034 above. Now *think* about what
> JIM>it says and what that means. Pay particular attention to the last
> JIM>sentence. Hint: suppose clueless.example.com was a CNAME pointing at
> JIM>moron.example.net. That CNAME is cached by some name server. It can
> JIM>safely use that cached CNAME without having to query the example.com
> JIM>name servers to check that no other record types exist for
> JIM>clueless.example.com.
> 
> 1- Suppose clueless.example.com was at the zone top with a "@ IN CNAME moron.
> example.net."
> 
> 2- The CNAME can still get cached by a name server.  The CNAME can still be
>    safely used from the cache -and no other record types ever have to be quer
> ied -
>    since the SOA and NS record types are transmitted in the authority section
> .

	The problem is once the CNAME is cached you can't retrieve
	the SOA or NS records.  i.e. "dig NS clueless.example.com"
	or "dig SOA clueless.example.com" will FAIL.

	People have as much right to query for NS and SOA records
	as any other type.  You seem to think that the only way
	they can be transmitted is as a side effect of a query for
	some other type.  THIS IS FALSE.

> 
> 4- You example just shows that you arent' paying attention.
> 
> 			- Erik

	Erik you are the one that is not paying attention.  Your
	changes will not interoperate cleanly with the exist resolvers.

	It doesn't matter how many time you say they will when you
	have proved by your own examples that they don't.

	Mark
> 
> 
> --- thread below ---
> 
> -----Original Message-----
> From:	Jim Reid [SMTP:jim at rfc1035.com]
> Sent:	Thursday, March 01, 2001 5:16 AM
> To:	Erik Aronesty
> Cc:	bind-users at isc.org
Subject:	Re: cname quick question
> 
> >>>>> "Erik" == Erik Aronesty <erik at primedata.org> writes:
> 
>     >> If a CNAME RR is present at a node, no other data should be
>     >> present; this ensures that the data for a canonical name and
>     >> its aliases cannot be different.  This rule also insures that a
>     >> cached CNAME can be used without checking with an authoritative
>     >> server for other RR types.
> 
>     Erik> Exactly.  How does having a CNAME at the zone-top cause this
>     Erik> to be an error?  For that mater how does having an SOA
>     Erik> record fail to allow cached CNAMES to be used without
>     Erik> checking an authoritative server for other RR types?  It
>     Erik> doesn't.  Because the SOA record is used for zone transfers
>     Erik> and cache/timing information itself.  The RFC neglected to
>     Erik> mention that.  That's all.
> 
> JIM>Like Tal Dayan, you are being obtuse or deliberately provocative.
> JIM>Please *read* the extract from RFC1034 above. Now *think* about what
> JIM>it says and what that means. Pay particular attention to the last
> JIM>sentence. Hint: suppose clueless.example.com was a CNAME pointing at
> JIM>moron.example.net. That CNAME is cached by some name server. It can
> JIM>safely use that cached CNAME without having to query the example.com
> JIM>name servers to check that no other record types exist for
> JIM>clueless.example.com.
> 
> 1- Suppose clueless.example.com was at the zone top.
> 
> 2- The CNAME can still get cached by a name server.  The CNAME can still be
>    safely used from the cache -and no other record types ever have to be quer
> ied -
>    since the SOA and NS record types are transmitted in the authority section
> .
> 
> 4- You example just shows that you arent' paying attention.
> 
> 			- Erik
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list