If CloudFlare is similar to Akamai's solution, recursive servers never
see the CNAME record. Instead, when the auth server receives the
query
for the A record of the apex, it performs its own query for the CNAME,
and returns the result of this.
In other words, if your theory is correct, this "CNAME"
is window dressing for the customer ("yes, they gave me a
CNAME, I'm happy!") while actually they serve A records
that they've specified to give the same answer as "whatever
address the A record of such-and-such name has". What they
present in their customer interface or store in their
zone-file-equivalent is arbitrary.
Makes DNSSEC interesting.
It's always helpful to be able to tell your customer "yes, we gave
you a CNAME, just like you asked for. We do it even if our competitors
say no!"
John Wobus
P.S. Hm, I wonder if a TLD will give me a three part CNAME:
if they've given me "example.com. CNAME foo", will they also give
me "www.example.com. CNAME foo"?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
