Proper implamentation of A and CNAME records
Jonathan de Boyne Pollard
J.deBoynePollard at Tesco.NET
Fri Aug 6 16:43:52 UTC 2004
KD> In the general case, there would not be an extra lookup, since the
KD> CNAME and the A record would both come from the authoritative server
KD> in the same response.
In the real world, this is false. There is at least one content DNS
server software that doesn't follow RFC 2308 and RFC 1034 and that
returns responses with just the first client-side alias in the chain and
nothing else. (Quite a few DNS server softwares have various quirks
when it comes to client-side aliases. One content DNS server software
by default simply doesn't publish them. Another resolving proxy DNS
server software doesn't cache them. And all but one resolving proxy DNS
server software will fail to handle them if they are used in delegation
information.)
KD> the obvious maintenance benefit of only having to update one DNS
KD> record if the address changes
... is highly overrated, in these days of text editors with
search-and-replace capabilities. (And yes, I deliberately chose the
most basic database modification tool to emphasize the point.)
KD> This primitive "CNAMEs bad!" mindset [...]
... is a straw man entirely of your own making. The advice that I and
others give is that when there are multiple ways of doing things, only
some of which involve the use of client-side aliases, one should use one
of the ways that do not. The irony is that, entirely contrary to what
you imply, this is _modern_ thinking, based upon people's experience of
client-side aliases, and the fact that they still, after all these
years, don't work right in practice. The _primitive_ thinking here is
actually that which declares client-side aliases to be not problematic.
More information about the bind-users
mailing list