[bind10-dev] CNAME, DNAME and authority section
Mark Andrews
marka at isc.org
Sun Feb 6 01:33:07 UTC 2011
In message <20110205173231.GA18258 at tarantula>, Michal 'vorner' Vaner writes:
> Hello
>
> On Sun, Feb 06, 2011 at 12:53:20AM +1100, Mark Andrews wrote:
> > In message <20110205083800.GA10642 at tarantula>, Michal 'vorner' Vaner writ=
> es:
> > > I'm facing a slight problem about behaviour. If the auth server puts a =
> CNAM=3D
> > > E or
> > > DNAME into the answer, the specs are somehow silent regarding what shou=
> ld b=3D
> > > e put
> > > into the authority section (if anything).
> >=20
> > Go re-read RFC 1034. It isn't silent.
>
> Thanks for your pointer, I did reread it and I found interesting information
> there.
>
> Both according to the algorithm and to the examples, it seems that the auth=
> ority
> section should be left empty (or, more precisely, it doesn't say anything s=
> hould
> be put into there in case of success).
You restart the alogorithm after processing a CNAME. You end up with
* the data at the name the CNAME points to.
* negative response for the target of the CNAME (see 2308 for more details).
* a referral to the targets of the CNAME, if you don't have those details
you end up with a empty authority section.
In all cases it is the target of the CNAME which decides what gets added next.
You don't add NS records for the owner of the CNAME.
Mark
> Therefore, all nameservers that currently live in the wild do that not in
> conformance of that RFC (but, it seems, neither against it, as nothing seem=
> s to
> forbid adding more data anywhere into the packet), which means we are free =
> to do
> whatever we like in case of success, and that includes finding a CNAME or D=
> NAME.
> That is what I mean it is silent to the current point =E2=80=92 it neither =
> says we
> should nor we shouldn't.
>
> Of course, I might missed something or might have misinterpreted it, in whi=
> ch
> case I'll be very happy for a more concrete pointer or explanation.
>
> But if I'm right, the original question, what should we do with regard to
> authority section in case of CNAME or DNAME is still left open.
>
> Thank you
>
> With regards
>
> --=20
> BOFH Excuse #430:
>
> Mouse has out-of-cheese-error
>
> Michal 'vorner' Vaner
>
> --oyUTqETQ0mS9luUI
> Content-Type: application/pgp-signature
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
>
> iEYEARECAAYFAk1Nia8ACgkQ7/oWwynB3bI/oQCghFx5w4X4SwAqEoYCM5GUbgyG
> wiEAmwcULKFEeb8eLhCaF5Y78/KHGyzM
> =+/6J
> -----END PGP SIGNATURE-----
>
> --oyUTqETQ0mS9luUI--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind10-dev
mailing list