CNAME only zone?

John Wobus jw354 at
Fri Dec 16 15:45:17 UTC 2011

> If CloudFlare is similar to Akamai's solution, recursive servers never
> see the CNAME record.  Instead, when the auth server receives the  
> query
> for the A record of the apex, it performs its own query for the CNAME,
> and returns the result of this.

In other words, if your theory is correct, this "CNAME"
is window dressing for the customer ("yes, they gave me a
CNAME, I'm happy!") while actually they serve A records
that they've specified to give the same answer as "whatever
address the A record of such-and-such name has".  What they
present in their customer interface or store in their
zone-file-equivalent is arbitrary.

Makes DNSSEC interesting.

It's always helpful to be able to tell your customer "yes, we gave
you a CNAME, just like you asked for.  We do it even if our competitors
say no!"

John Wobus

P.S. Hm, I wonder if a TLD will give me a three part CNAME:
if they've given me " CNAME foo", will they also give
me " CNAME foo"?

More information about the bind-users mailing list