[bind10-dev] should b10-auth return CNAME chain?

Mark Andrews marka at isc.org
Tue Jan 25 02:14:09 UTC 2011

I've seen sites configure their nameservers to serve "com" or "."
instead of all the zones they are actually delegated.  Preventing
these servers doing accidental harm is a good thing.  Just because
the CNAME in the zone file is in baliwick that doesn't mean the
target is still in baliwick once the actual delegtions are taken
into account.

There are a lot of servers out there that do follow the CNAME chains
in the responses even though it is not a good idea to do so.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind10-dev mailing list