nanog mailing list archives
Re: DNS hostnames with a duplicate CNAME and A record - which should be removed?
From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Sat, 20 Oct 2012 07:05:35 +0900
Landon Stewart wrote:
I've been reading various sites and information including RFC 1034 but it's difficult to decide what to do when it's already an issue. For example in RFC 1034 section 3.6.2 the use of CNAME's with NS and MX records is not permitted but other research shows this is widely used even though its technically invalid. IMHO it should have never happened in the first place (where an A record already exists a CNAME should not have been allowed to get added for example) but what can be done now that it's already an issue?
The rule of RFC1034 is not applicable to secure DNS. W.r.t. RFC1034, the following text: The one exception to this rule is that queries which match the CNAME type are not restarted. is the key. For name servers, any RR types which may coexist with CNAME must also match CNAME. In addition, for queries with such RR types, cached CNAME without cached exact RR types should be ignored.
In the case of the A,NS,MX,SOA and CNAME duplicates an example of how our old/current name server's responses are: (*note: not all of this is real data, customer zones have been obfuscated)*
SOA and NS could have matched CNAME, which enables a zone containing just a CNAME, though RFC1034 does not specify so. It is not harmful except that queries with SOA or NS type may cause loops if some cache have CNAME RRs. Masataka Ohta
Current thread:
- DNS hostnames with a duplicate CNAME and A record - which should be removed? Landon Stewart (Oct 17)
- Re: DNS hostnames with a duplicate CNAME and A record - which should be removed? Andrew Sullivan (Oct 17)
- Re: DNS hostnames with a duplicate CNAME and A record - which should be removed? William Herrin (Oct 17)
- Re: DNS hostnames with a duplicate CNAME and A record - which should be removed? Tony Finch (Oct 18)
- Re: DNS hostnames with a duplicate CNAME and A record - which should be removed? jeff weisberg (Oct 18)
- Re: DNS hostnames with a duplicate CNAME and A record - which should be removed? Landon Stewart (Oct 18)
- Re: DNS hostnames with a duplicate CNAME and A record - which should be removed? Jimmy Hess (Oct 19)
- Re: DNS hostnames with a duplicate CNAME and A record - which should be removed? Masataka Ohta (Oct 19)