BIND 10 #504: CNAME Implementation
BIND 10 Development
do-not-reply at isc.org
Fri Jan 21 00:00:37 UTC 2011
#504: CNAME Implementation
-------------------------------------+-------------------------------------
Reporter: stephen | Owner: jinmei
Type: | Status: reviewing
enhancement | Milestone: A-Team-
Priority: major | Sprint-20110126
Component: data | Resolution:
source | Sensitive: 0
Keywords: | Add Hours to Ticket: 0
Estimated Number of Hours: 5.0 | Total Hours: 0
Billable?: 1 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by each):
About a month ago, there was a discussion on the ISC tech-staff mailing
list about CNAME chaining behavior (ISC personnel can review it at
https://wiki.isc.org/mhonarc/tech-staff/msg08812.html.) We should have a
discussion about this before going forward with CNAME handling in the
authoritative server.
Briefly: An authoritative server can believe itself to be authoritative
for zones X and Y when actually it's only authoritative for X. If we
allow CNAME chains between two zones, we may be giving false information
and claiming it's authoritative. For example, a query for www.foo.com/A
comes in could get back www.foo.com/CNAME and www.bar.com/A, which would
be wrong if this server wasn't actually authoritative for bar.com.
In my opinion we should not chain outside of a zone, including not below
zone cuts. In the linked discussion, Paul Vixie argued that we should not
chain at all, even within the zone.
Jinmei told me via jabber that the in-memory data source doesn't chase
CNAME targets yet; in light of this I'd like to recommend that it not be
taught to do so until we've had time to discuss the issue further. (Note
that the existing query logic for the SQL data source does return CNAME
chains; this should probably be smartened up later.)
--
Ticket URL: <http://bind10.isc.org/ticket/504#comment:12>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list