Point domain name of my zone to name in somebody else's zone?
davew at hireahit.com
Thu May 8 18:29:01 UTC 2014
On 2014-05-08 07:45, Barry Margolin wrote:
> In article <mailman.171.1399542062.26362.bind-users at lists.isc.org>,
> Tony Finch <dot at dotat.at> wrote:
>> Dave Warren <davew at hireahit.com> wrote:
>>> DNSMadeEasy calls this an "ANAME" record, internally they just lookup the
>>> destination's IP and cache it, updating it as needed.
>>> It works, but it would be nice if this could be done in DNS. Sadly, it
>>> and probably won't in our lifetimes.
>> Never say never :-)
>> You can implement something ANAME-alike with a script that polls the
>> A and AAAA records at the target name and does a DNS UPDATE on the owner
>> as necessary, but that might not scale too well.
>> There are a couple of difficulties with implementing ANAME inside the
>> Firstly it implies a weird authoritative/recursive hybrid. A bit ugly but
>> not unreasonable.
>> Secondly, and more importantly, is the question of how this works with
>> zone transfers and secondaries. How do you ensure they support ANAME
>> records? Do you include a backwards compatibility hack by adding the A and
>> AAAA records to the zone?
> It also has adverse implications for DNS-based CDN routing, e.g. Akamai.
> Everyone will be routed to the servers close to the auth servers of the
> domain containing the ANAME, instead of routing each end user to their
> closest servers.
Indeed. Were such a thing implemented, I'd think it would be smart to
have the authoritative server return both the ANAME and A records,
allowing a compliant resolver to do it's own A record lookup to find an
appropriate CDN endpoint, while older resolvers with no concept of ANAME
would simply ignore it and use the (possibly-less-than-optimal) A record.
Arguably adjusting CNAME to allow it to coexist with other record types
might be a better long-term solution, perhaps allowing CNAME to coexist
with SOA, NS and DNAME records? Although allowing a CNAME to coexist
with NS could have some interesting side effects. There might be
backward compatibility issues that make this impossible, but I would
hazard a guess that since DNAMEs already return a matching CNAME and
nothing explodes, the problems would be minor and limited in scope.
More information about the bind-users