Hi Ray
On Mon, Sep 17, 2018 at 09:47:50AM +0100, Ray Bellis wrote:
> On 17/09/2018 08:43, Mukund Sivaraman wrote:
>
> > The suggestion is only to require support in resolvers going forward for
> > CNAME co-existing with other types for now. That should not break any
> > detail of how DNS is used today.
>
> ....
>
> > Although it changes current DNS protocol, AFAICT there does not seem to
> > be anything badly wrong with allowing CNAME + other types at a node,
> > where the CNAME is considered a fallback when the required type doesn't
> > exist.
>
> This is not true.
>
> Ondrej demonstrated at the last hackathon that permitting a CNAME
> alongside the apex can cause MX-related failures in resolvers that are
> not upgraded.
"The suggestion is only to require support in resolvers going forward
for CNAME co-existing with other types for now."
It is obvious if authoritatives did that today and a RFC 1035 resolver
cached a CNAME, it would match the cached CNAME when doing a type lookup
in cache.
Mukund
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
