Selective forwarding from an internal only name server

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Thu Aug 18 14:45:11 UTC 2016 

As I read it, you have to buy the "flattening" as an extra service from CloudFlare. Their default is to give CNAME at the apex, intentionally violating RFCs.

What a concept: charging extra for RFC-compliance.

											- Kevin


-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Barry Margolin
Sent: Wednesday, August 17, 2016 9:08 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: Selective forwarding from an internal only name server

In article <mailman.301.1471466524.15653.bind-users at lists.isc.org>,
 "Darcy Kevin (FCA)" <kevin.darcy at fcagroup.com> wrote:

> Barry,
> 	Cloudflare has been doing this for a while, so that their customers 
> won't be "limited by the DNS specifications (RFCs)" <rolls eyes>. 
> Having done that, they were compelled to offer another service -- so-called "CNAME flattening"
> -- to fix the brokenness that's caused by their base offering.
> 
> See
> https://support.cloudflare.com/hc/en-us/articles/200169056-CNAME-Flatt
> ening-RF C-compliant-support-for-CNAME-at-the-root
> 
> I think Akamai also offers something similar.

But these don't work by sending an actual CNAME record. The server that implements flattening looks ip the IP of the target, and returns it as an A record for the domain.

That's why Cloudflare's method is "RFC-compliant", but what MS is doing with sharepoint.com is not.

> 
> 									- Kevin
> 
> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf 
> Of Barry Margolin
> Sent: Wednesday, August 17, 2016 4:34 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Selective forwarding from an internal only name server
> 
> In article <mailman.299.1471461214.15653.bind-users at lists.isc.org>,
>  "Darcy Kevin (FCA)" <kevin.darcy at fcagroup.com> wrote:
> 
> > Well, sharepoint.com is a CNAME to sharepoint.microsoft.com, so you 
> > might need to make arrangements for that to be resolvable as well.
> 
> That doesn't seem valid to begin with. The .COM zone has delegation NS 
> records for sharepoint.com. Having a CNAME record for the same name is wrong.
> 
> --
> Barry Margolin
> Arlington, MA
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list