CNAME and other data -vs- could not find NS and/or SOA records

Kevin Darcy kcd at daimlerchrysler.com
Wed Jun 2 21:13:19 UTC 2004 

phil-news-nospam at ipal.net wrote:

>On Tue, 01 Jun 2004 19:10:43 +0100 Jim Reid <jim at rfc1035.com> wrote:
>|>>>>> "Phil" == phil-news-nospam  <phil-news-nospam at ipal.net> writes:
>| 
>|    Phil> I have a domain (several of them, actually) in which I need
>|    Phil> to CNAME them to another domain (which is under someone
>|    Phil> else's authority).
>| 
>|  
>
>| If you want anyone to help you, try telling us what *exactly* you're
>| trying to do. ie "I have a zone called ipal.net. Here it is. I want
>| anyone sending mail to ipal.net to have it sent to the ipal.com mail
>| server. And anyone looking up www.ipal.net should be directed to the
>| web server at www.ipal.org. I need to do this for ipal2.net and
>| ipal3.net too. Here are their zone files. What's the solution?"
>
>Users with registered domains need to CNAME to another (third level)
>domain, which has dynamic DNS information supplied.  It's basic, and
>simple, and with some DNS servers that are not strict, it works.  It
>even used to in BIND many versions ago (but I don't recall which).
>I just know I've done it before.
>
>One other alternative: ICANN require every registrar to allow CNAME as an
>owner choosable alternative to NS delegation for registered domains (then
>I won't have to worry about it, won't have to hack it in, and things will
>work a lot smoother).
>
I agree, this would meet the requirement you are presenting, without 
requiring any protocol changes. Good luck with ICANN and/or the 
registrars...

>In case you haven't noticed, this is something that thousands of people
>have needed to use for years.  Why the RFC hasn't been revised I cannot
>say.  Maybe you can.  Just update it to say that a CNAME can accompany
>an SOA and NS.  Specify that if query type is SOA or NS, return those,
>but if any other, return CNAME instead.  
>
That's ridiculous. You want to special-case SOA and NS records? You want 
to selectively disable aliasing for SOA and NS? But what if I *want* to 
alias an SOA or NS record? What if I'm doing that today? You've just 
taken away functionality that people might be relying on. You'll never 
get that deployed unless you extend the protocol with some sort of 
"versioning" functionality so a client and server can agree to use the 
"Phil Howard" semantics instead of the normal ones. Good luck on that.

If I have the time, I might
generalize my patch so that it allows CNAME with any record, and answers
the CNAME if specific requested records are not present, or for ANY.
I think that will maximize the workability.

OK, but the stranded CNAME problems rears its ugly head again. You can't 
guarantee whether a given cache has the "specific requested records 
[...] present" or not, since any RRset can expire from the cache at any 
given time. I suppose you could limit your new semantics to only 
*authoritative* servers, but now you've created an inconsistency 
problem, where caching resolvers give different answers from 
authoritative servers for the same query. Bad juju...

                                                                         
                                    - Kevin

More information about the bind-users mailing list