frequent queries to root servers

Grant Taylor gtaylor at
Sat Jan 30 21:40:36 UTC 2016

On 01/30/2016 04:44 AM, Reindl Harald wrote:
> nonsense

Okay ...

> From RFC 1034 - Domain names - concepts and facilities:
> Of course, by the robustness principle, domain software should not fail
> when presented with CNAME chains or loops; CNAME chains should be
> followed and CNAME loops signalled as an error.

I'll agree that they SHOULD work. But I've had too many occasions over 
the last 15 years where chained CNAMEs DIDN'T work.

> "Domain names in RRs which point at another name should always point at
> the primary name and not the alias. This avoids extra indirections in
> accessing information" is NOT a MUST

I think chained CNAMEs fall into the gray area (no mans land) between 
zealots on either side of the RFC interpretation line.

If chained CNAMEs work for you, more power to you.  But don't be 
surprised if they fail unexpectedly at some point.

> see above

I see my experience of poorly written resolvers, and server forbidding 
CNAMEs referring to other CNAMEs in the same zone, and DNS gateways that 
are overly zealous in their filtering.

I maintain that using chained CNAMEs is not safe, and as such should not 
be relied upon.  -  We are each entitled to our own opinions.

Grant. . . .
unix || die

More information about the bind-users mailing list