At Fri, 13 Apr 2018 16:47:07 +0200, bert hubert <bert.hub...@powerdns.com> wrote:
> In writing this server and while consulting with some other implementors, I > for now have decided that in 2018 it makes no sense to: > > 1) chase CNAMEs that point to another zone It may not even make sense to chase CNAME in the same zone, since the receiving resolver generally can't be sure if it's really in the same zone and would need to chase it by itself anyway. When a resolver receives this from an 'example.com' authoritative server: alias.example.com. CNAME cname1.example.com. cname1.example.com. AAAA 2001:db8::1 It might look cname1.example.com. is actually in the example.com. zone, but the resolver can't be 100% sure about it unless it also knows cname1.example.com. is on a zone cut. And, in my understanding, today's deployed resolvers actually chase cname1.example.com./AAAA by itself. So the AAAA added by the authoritative server would effectively be a waste. (If the zone is DNSSEC signed and the authoritative server can include DNSSEC proofs of the RRsets in the chain, the story may become different. But I don't think we are discussing such an "advanced" case). -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
