BIND with DNAME

Jim Reid jim at rfc1035.com
Tue Apr 10 13:40:51 UTC 2001 

>>>>> "Simon" == Simon Waters <Simon at wretched.demon.co.uk> writes:

    >> AFIAK the DNAME RR type is only supported in BIND9. The rest of
    >> the world's name servers will not be able to handle them
    >> properly. So you should think on that. What if a stub resolver
    >> or a BIND8 (say) name server gets an answer containing a DNAME?

    Simon> I thought the whole point was that they synthesize CNAME's
    Simon> for those that can't cope, so that shouldn't happen, or did
    Simon> I miss something?

The name server should synthesize the CNAME for DNAME-challenged
clients as you rightly say, but it doesn't have to. The RFC says
SHOULD, it doesn't say MUST. The name server will also put the DNAME
in the Answer Section of the reply. You missed Step 4c of Section 4.1
of RFC2672: "If a DNAME record exists at that point, copy that record
into the answer section". Hopefully old DNS software will ignore that
unknown record type if it comes across any, but who's to say?

Have a play with a pretend example.com zone on my name server,
gromit.rfc1035.com. This zone just has a DNAME for example.com
pointing at rfc1035.com. See what you get back from an ANY query with
the BIND9 dig. Compare that with what an old version of dig does. Or
look up the A records for gromit.example.com. Pay attention to the
Answer Section of the replies.

Faking CNAMEs might cause other problems. For instance mail systems
are not supposed to follow CNAMEs. So if sendmail or whatever does an
MX lookup and gets an on-the-fly CNAME back because of a DNAME...

BTW I was lazy when I set up this example.com zone. It has 1 NS record
which has a target of ns0.example.com. There's no A record for that
name. But thanks to DNAME fakery, the name server creates a CNAME for
ns0.example.com on the fly. Targets of NS records should not be
CNAMEs. Now this has happened because I couldn't be bothered setting
up the example.com zone properly, which is fair enough. But it
indicates the subtle problems that can be caused by ill-judged use of
DNAMEs.

    Simon> I'm intrigued how it will be used for load balancing

I am too.

    Simon> and missed the original post, quite why you'd want to port
    Simon> it back to version 8 befuddles me as well, there has to be
    Simon> some reason to upgrade

Suppose a BIND9 server is master for a zone containing a DNAME. What
happens if that zone is slaved on some other name server that doesn't
understand DNAME? For starters, the zone transfer fails.... If a slave
server accepts the wire format for a DNAME even though it doesn't
understand the semantics of DNAME, that could make life very
interesting.

More information about the bind-users mailing list