Andrew Sullivan wrote: > No. They're doing it by simulating it. The actual dns responses are a or > aaaa records. It only works under some circumstances.
my view of the cname-precludes-other-data rule is that it's always been clear. protocol engineering means figuring out what other compliant agents could reasonably assume about data you're about to send them and make sure every possibility is OK with you or else don't send it. in that sense, sending a CNAME sometimes and an answer at other times (based on the qtype) means that some initiators will follow the CNAME even for qtypes you wish they wouldn't, and that should not be OK with you as a responder so you should not send the thing that will act against your own interests. the now-common CDN trick of inventing a nonstandard "ALIAS" record or similar, that causes the authority server to recurse for any qtype that's not actually present in the zone, and to report that recursive data as authoritative, does not cause any compliant initiator to react in any way that's undesirable. it means you can't use any secondary servers that don't have this nonstandard behaviour, but that's a tractable constraint. it seems to me that this behaviour is desirable enough by a wide enough audience that it should be standardized for interoperability reasons, even if not recommended as part of the core DNS standard. vixie _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
