On Mar 14, 2013, at 6:55 PM, Joe Abley <[email protected]> wrote:
>
> On 2013-03-14, at 18:52, George Michaelson <[email protected]> wrote:
>
>> how many of the deployed resolvers can understand DNAME
>
> Good question, it would interesting to design an experiment to measure that.
>
>> and whats the outcome for dns lookups where the intermediate systems dont
>> understand DNAME.
>
> CNAME synthesis, see RFC 6672 section 3.
>
You mean like
test.dname-only.res.dnssecready.net txt
test.d-and-c.res.dnssecready.net txt
test.d-bad-c.res.dnssecread.net txt
The first name returns only dname, second one both, the third one has different
targets for
the C and D names. The txt record pointed to tells you if you
the results tell you if the D or C name what happened.
<dhcp-606e:~/Code/evldns 23:09> dig test.d-bad-c.res.dnssecready.net txt
; <<>> DiG 9.8.3-P1 <<>> test.d-bad-c.res.dnssecready.net txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12051
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.d-bad-c.res.dnssecready.net. IN TXT
;; ANSWER SECTION:
d-bad-c.res.dnssecready.net. 300 IN DNAME good-Dname.dnssec-test.org.
test.d-bad-c.res.dnssecready.net. 300 IN CNAME test.good-Dname.dnssec-test.org.
test.good-Dname.dnssec-test.org. 3600 IN TXT "GOOD: DNAME followed"
But the original server returned
;; ANSWER SECTION:
d-bad-c.res.dnssecready.net. 300 IN DNAME good-Dname.dnssec-test.org.
d-bad-c.res.dnssecready.net. 1 IN CNAME bad-Cname.dnssec-test.org.
According to a large scale resolver/forwarder survey that I conducted recently
DNAME is fully supported at least
50% of resolvers/forwarders tested supported it. Im sure the number is higher
today because
Google has added DNAME support since then. Fully supported means that the
resolver follows DNAME and includes the
DNAME 's used
Olafur
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
