Proper CNAME interpretation

Mark Andrews marka at isc.org
Fri Sep 16 09:48:21 UTC 2011


In message <7737.1316035628 at tristatelogic.com>, "Ronald F. Guilmette" writes:
> 
> In message <7D9B265C-36BF-40C1-9012-AC0A96FB88CD at sackheads.org>, you wrote:
> 
> >On Sep 14, 2011, at 4:35 PM, Ronald F. Guilmette wrote:
> >
> >> Is there a rule that says how a resolver should behave in cases where
> >> there is both an A record and also a CNAME record for the same FQDN?
> >> Which one should take precedence, the A or the CNAME?
> >
> >
> >RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
> >should be present; this ensures that the data for a canonical name and its
> >aliases cannot be different. This rule also insures that a cached CNAME can
> >be used without checking with an authoritative server for other RR types."
> 
> Thanks for the response John.
> 
> So, um, the first part of that just says what people should not be doing
> when they are constructing sets of RRs applicable to a given domain name.
> 
> But we all know that, right?  We know you are not supposed to put a CNAME
> with other stuff for the same domain.
> 
> The second part however seems to go more to my question, which is "What is
> the resolver supposed to do when some knucklehead breaks the rules and puts
> a CNAME in with some other stuff?"

You get indeterminate behaviour.

> It sure _sounds_ like that second sentence is encouraging any & all people
> who are writing resolvers, or other related tools, that they should ignore
> any flotsam & jetsum that appear along side a CNAME.  But is that encourage-
> ment espressed anywhere as a "MUST"?

The second sentence is saying if you have a CNAME record in the
cache and don't have the type you are looking for you just follow
the CNAME.  If you don't do this the resolver would have to make a
two queries.  One to the authoritative server for the missing type
which will normally result in the CNAME being returned and one for
the target of the CNAME.

> Not that I would want to deviate from common established practice... if
> in fact ignoring flotsam & jetsum that appears with a CNAME is the common
> practice.  I'd just like to be able to defend the "rightness" of my code...
> RFC-wise... in case anybody ever presses me and says "Why did you do THAT??",
> you know, after I tell them that my code ignores flotsam & jetsum that appear
> s
> along side a CNAME.

In this case you also have a CNAME that points to itself which is also
a error condition.
 
> Regards,
> rfg
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list