Synthesized CNAME from NXDOMAIN
Casey Deccio
casey at deccio.net
Thu Oct 3 23:06:09 UTC 2013
On Thu, Oct 3, 2013 at 2:54 PM, Paul Wouters <paul at cypherpunks.ca> wrote:
> You are why we can't have nice things :P
>
> We had enough Sitewinders. With DNSSEC on the endnode, your lies won't
> be believed anway. What you are trying is wrong, bad and broken.
>
>
This might be a fair statement in the right context. But it was taken out
of context--because I really didn't provide any. Not that I need to
justify my question, but since you brought it up, what I am looking to do
is decrease the risk of DNS resolution failures resulting from a namespace
transition by creating a fallback from the old to the new namespace. For
some definite period of time after the change, an NXDOMAIN in the old
namespace would result in a synthesized CNAME pointing to the same name in
the new namespace. Anyway, there might not be an easy way to to do it, and
we might just have to lose our safety net, but I wanted to ask users on the
list if there's some obscure configuration that might be helpful.
If it's not already clear from my development of DNSSEC helper tools (e.g.,
DNSViz), I'm an advocate of secure DNS. :)
Cheers,
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131003/d68c15cb/attachment.html>
More information about the bind-users
mailing list