Chaining CNAMEs?

[Joseph S D Yao]

On Tue, Aug 22, 2006 at 11:34:22AM +1000, Mark Andrews wrote:
> 
> > Hi,
> > I was just browsing through the latest edition of the O'Reilly
> > DNS/BIND book, and ran across a bit on pointing a CNAME record at
> > another alias:
> > 
> > "The answer is yes: you can chain together CNAME records. The BIND
> > implementation supports it, and the RFCs don't expressly forbid it."
> > 
> > The authors go on to recommend against it anyway, but I had always
> > thought that this was actually illegal.  I don't remember now where I
> > had gotten that idea... I think the issue had to do with not being
> > guaranteed that the server would always do the additional processing
> > to ensure that you got to the canonical name at the end of the chain.
> > 
> > I guess I've been mistaken?  :-)
> 
> 	RFC 1034:
> 
> Domain names in RRs which point at another name should always point at
> the primary name and not the alias.  This avoids extra indirections in
> accessing information.  For example, the address to name RR for the
> above host should be:
> 
>     52.0.0.10.IN-ADDR.ARPA  IN      PTR     C.ISI.EDU
> 
> rather than pointing at USC-ISIC.ARPA.  Of course, by the robustness
> principle, domain software should not fail when presented with CNAME
> chains or loops; CNAME chains should be followed and CNAME loops
> signalled as an error.


(a) The OP (Chris De Young?) may have been thinking of the prohibition
against using the LHS of a CNAME record as the RHS of an NS or MX
record.

(b) Note that RFC 1034 above says SHOULD, not MUST.  Words have meanings,
especially when re-inforced by specifications of the subset of possible
meanings to which the word is restricted in context (as in RFCs).

(c) Note the last sentence, an extension of "Send conservatively, accept
liberally, expect the unexpected."


-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.