On Thu, Aug 07, 2014 at 07:51:53AM +1000, Mark Andrews wrote: > Those with developers that don't read RFC 1034 which tried to prevent > this from happening.
You're probably right. But of course, RFC 1034 was written a number of years ago, and some of the protocol-specification language that later became well-understood isn't used in it. In particular, > RR. If a CNAME RR is present at a node, no other data should be > present; this ensures that the data for a canonical name and its aliases > cannot be different. this makes it sound like "nothing at a CNAME but a CNAME is a good idea" instead of "if you have a CNAME, that means by definition nothing else can be there." To a naïve reader, the text above might read as, "You shouldn't do this, but you could. But it'd have a bad consequence, and you don't want that, right?" What it should say, of course, is more like, "CNAME just means that the name you looked up is actually some other name, therefore there MUST be no other data at the owner name of a CNAME." Something like that. I've talked to people who've been facile with the DNS for a number of years, who didn't get that this wasn't some arbitrary rule, but was the very meaning of "canonical name". If you explain it, the lights always go on. But RFC 1034 does a poor job of explaining it. Best regards, A -- Andrew Sullivan [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
