Proper implamentation of A and CNAME records

Jonathan de Boyne Pollard J.deBoynePollard at Tesco.NET
Fri Aug 6 16:43:52 UTC 2004


KD> In the general case, there would not be an extra lookup, since the
KD> CNAME and the A record would both come from the authoritative server
KD> in the same response.

In the real world, this is false.  There is at least one content DNS 
server software that doesn't follow RFC 2308 and RFC 1034 and that 
returns responses with just the first client-side alias in the chain and 
nothing else.  (Quite a few DNS server softwares have various quirks 
when it comes to client-side aliases.  One content DNS server software 
by default simply doesn't publish them.  Another resolving proxy DNS 
server software doesn't cache them.  And all but one resolving proxy DNS 
server software will fail to handle them if they are used in delegation 
information.)

KD> the obvious maintenance benefit of only having to update one DNS
KD> record if the address changes

... is highly overrated, in these days of text editors with 
search-and-replace capabilities.  (And yes, I deliberately chose the 
most basic database modification tool to emphasize the point.)

KD> This primitive "CNAMEs bad!" mindset [...]

... is a straw man entirely of your own making.  The advice that I and 
others give is that when there are multiple ways of doing things, only 
some of which involve the use of client-side aliases, one should use one 
of the ways that do not.  The irony is that, entirely contrary to what 
you imply, this is _modern_ thinking, based upon people's experience of 
client-side aliases, and the fact that they still, after all these 
years, don't work right in practice.  The _primitive_ thinking here is 
actually that which declares client-side aliases to be not problematic.


More information about the bind-users mailing list