[bind10-dev] CNAME, DNAME and authority section
Michal 'vorner' Vaner
michal.vaner at nic.cz
Sat Feb 5 08:38:00 UTC 2011
Hello
I'm facing a slight problem about behaviour. If the auth server puts a CNAME or
DNAME into the answer, the specs are somehow silent regarding what should be put
into the authority section (if anything).
The memory data source does not do chaining. But in theory, these
implementations probably make sense:
• Put there the authority section of the original CNAME. It means we have some
authority data no matter what happens and if the client wanted to get all
authoritative data on the path, it could.
• Put there the authority section of the final target. It is the data the
client is interested (the target). If we don't have it (eg. it leads out of
our zones), don't put anything.
• The authority section of the furthest data in the chain (eg. like previous,
but if it leads out of our zones, we put the last one, so we don't have empty
authority section).
• Everything.
It would make sense either the first or the last IMO, but most implementations
AFAIK do the second (including bind 9 and SQL data source).
Restricted to the memory data source, which doesn't do chaining yet, should I
put the authority section there or not? What do you think?
Thanks
--
Let me show you my collection of bugs.
Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20110205/9b68bdce/attachment.bin>
More information about the bind10-dev
mailing list