Re: DNS Partial zone CNAMEs?

Mon, 13 Feb 2012 09:09:24 -0800 

On Mon, Feb 13, 2012 at 9:19 AM, Kennedy, Jim <kennedy...@elyriaschools.org>
wrote:
> I put up a primary zone   www.google.com   Then I put up a DNAME leaving
the
> first line blank )alias name) so that it would use the parent domain.
And the
> FQDN for the target host as nosslsearch.google.com.

  I presume you mean something like this?

www.google.com.     SOA     blah blah blah
                    DNAME   nosslsearch.google.com.

  I'm not sure that use case -- a DNAME for the current label -- is
expected.  It seems to be something of a misapplication.  DNAME was, as far
as I know, intended to map *child* domains to a new target, not the zone
apex.  Your use case isn't mentioned explicitly in
RFC-2672<http://tools.ietf.org/html/rfc2672>,
as far as I can tell.  It would appear to run contrary to Section 4.1 Step
3.c (page 4), which states in part:

"If at some label, a match is impossible (i.e., the corresponding label
does not exist), look to see whether the last label matched has a DNAME
record".

  Since you have to have other records (like SOA) defined for the zone
apex, the label exists and should be matched as such.

  Now, obviously, it works anyway, but one should be wary of depending on
undefined behavior.  A later change may "fix" it to stop working, or some
other software may choke.

  I'm not saying don't do it.  (I'm also not saying *do* do it.)  I just
want to point it out.

  And my reading of RFC-2672 may be wrong.  DNAME isn't something I've
played with myself.

  If you want, I can ask over on the DNS ops list.  Most of the
heavy-hitters in DNS land are subscribed (including the principle authors
of the specs, the reference implementation, and several other major
implementations), so that's as close to authorative it can get without it
being formally specified.  OTOH, if you're going to do it anyway, it's
academic.  :)  If you do want me to ask, please let me know what version
and service pack of Windows you're running on your servers, and your
typical client population.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Reply via email to