CNAME as NS record?

Jonathan de Boyne Pollard J.deBoynePollard at tesco.net
Tue Sep 9 12:12:50 UTC 2003


b> But can [an intermediate domain name that is a client-side alias]
b> actually cause lookup problems in the real world?

Yes.  I know of only one resolving proxy DNS server software that is actually
capable of handling client-side aliases in delegations everywhere that they
might occur.  Most of the world uses softwares that aren't, to various
degrees, and query resolution will fail in undefined and various ways when
those softwares encounter such delegations.  (For example: It has been stated
that _no_ version of ISC's BIND will handle intermediate domain names in
delegations that are in fact client-side aliases.  Once the "CNAME" resource
record is obtained (however so) and cached by BIND, mapping the intermediate
name to an IP address, when trying to follow the delegation, will fail.)

A general principle: avoid using "CNAME" resource records.  Several DNS server
softwares (both proxy and content) don't deal with them at all well, and they
usually cause more DNS traffic to occur than not using them would.  If (as is
the case here - and as is very often the case) there's a choice between two
ways of doing things, and only one way involves the use of "CNAME" resource
records, choose the other way.


More information about the bind-users mailing list