Moin! On 08 May 2014, at 17:47, Paul Vixie <[email protected]> wrote: > Tony Finch wrote: >> Barry Margolin pointed out an amusing interaction between two stupid DNS >> tricks on the bind-users list: >> https://lists.isc.org/pipermail/bind-users/2014-May/093171.html >> >> If you have an authoritative server with "ANAME" or "CNAME flattening" >> support, and the target of the ANAME is a CDN that does source-based >> answer selection, then the synthetic A / AAAA records will be based on the >> auth server address rather than the client address, unless you have >> some special arrangement between the auth server and the CDN like >> edns-client-subnet support. > > madness. this way lies madness. the dns design had moving parts and > nonmoving parts. the dns implementation is becoming something else entirely. There is madness, but the madness is in mixing authoritative and recursive functions in one server and not in using DNS to direct traffic. After all that's what all lookups do, give you an IP address you connect to.
All of this also is secondary to edns-client-subnet, which is something we should work on IMHO. So long -Ralf _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
