BIND 10 #505: DNAME Implementation

BIND 10 Development do-not-reply at isc.org
Fri Feb 4 21:57:07 UTC 2011 

#505: DNAME Implementation
-------------------------------------+-------------------------------------
                 Reporter:  stephen  |                Owner:  jinmei
                     Type:           |               Status:  reviewing
  enhancement                        |            Milestone:  A-Team-
                 Priority:  major    |  Sprint-20110209
                Component:           |           Resolution:
  b10-auth                           |            Sensitive:  0
                 Keywords:           |  Add Hours to Ticket:  0
Estimated Number of Hours:  2.0      |          Total Hours:  0
                Billable?:  1        |
                Internal?:  0        |
-------------------------------------+-------------------------------------

Comment (by jinmei):

 Replying to [comment:14 vorner]:
 > Hmm, that sounds really strange to me. After all, following a DNAME is a
 successfull match. Should I remove it as well?

 According to the source code BIND 9 (seemingly) tries to fill in the
 authority section for the zone of the final (the end of DNAME/CNAME
 chain) answer, and if it cannot reach the final zone it leaves the
 authority section blank.

 I've not looked into the NSD implementation to figure out why it
 doesn't fill in the authority section in the case of DNAME.
 Interestingly, NSD fills in the authority section for an incomplete
 CNAME chain, so the rationale should be different from BIND 9, and
 apparently it handles the DNAME case separately.

 What should we do?  Frankly, I'm not sure.  The protocol spec (RFC1034
 and rfc2672bis-dname-21) seems to be silent about that point.  My
 initial feeling would be "do as other implementations (especially BIND
 9) do unless there's a strong reason not to do so".  Maybe you should
 ask this at bind10-dev (and I'm okay with moving forward with this
 ticket while discussing it there).  Some list members have
 knowledge/opinions about protocol matter and they may provide insight
 we've overlooked.

 > And what about CNAME? It is similar.

 If we adopt BIND 9's policy, we'd not filling in the authority section
 because at least right now we only return the first RR of the chain.
 But I think the same discussion applies: the protocol spec is silent,
 and we may want to ask this at bind10-dev.

-- 
Ticket URL: <http://bind10.isc.org/ticket/505#comment:15>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list