[bind10-dev] should b10-auth return CNAME chain?
Jerry Scharf
scharf at isc.org
Mon Jan 24 15:47:43 UTC 2011
Mark,
If the CNAME and the A are in the same zone, how can you call it
poisoning? If someone has control of the zone, what you get is what you
get. I do agree that is could be better to not complete the chain when
it is out of zone.
jerry
On 1/24/2011 2:50 AM, Mark Andrews wrote:
>
> Returning just the CNAME and not what it points to prevents the
> authoritative nameserver accidently poisioning caches which follow
> such CNAME records. This forces the cache to make a additional
> lookup.
>
> BIND 9 may yet stop following the chain internally when operating
> in authoritative mode. It's been proposed several times and not
> been outright rejected.
>
More information about the bind10-dev
mailing list