frequent queries to root servers
gtaylor at tnetconsulting.net
Sat Jan 30 21:40:36 UTC 2016
On 01/30/2016 04:44 AM, Reindl Harald wrote:
> From RFC 1034 - Domain names - concepts and facilities:
> Of course, by the robustness principle, domain software should not fail
> when presented with CNAME chains or loops; CNAME chains should be
> followed and CNAME loops signalled as an error.
I'll agree that they SHOULD work. But I've had too many occasions over
the last 15 years where chained CNAMEs DIDN'T work.
> "Domain names in RRs which point at another name should always point at
> the primary name and not the alias. This avoids extra indirections in
> accessing information" is NOT a MUST
I think chained CNAMEs fall into the gray area (no mans land) between
zealots on either side of the RFC interpretation line.
If chained CNAMEs work for you, more power to you. But don't be
surprised if they fail unexpectedly at some point.
> see above
I see my experience of poorly written resolvers, and server forbidding
CNAMEs referring to other CNAMEs in the same zone, and DNS gateways that
are overly zealous in their filtering.
I maintain that using chained CNAMEs is not safe, and as such should not
be relied upon. - We are each entitled to our own opinions.
Grant. . . .
unix || die
More information about the bind-users