On Tue, Sep 20, 2016 at 12:37 PM, Robert Edmonds <edmo...@mycre.ws> wrote:
> Stephane Bortzmeyer wrote:
>> Do you like long terminology discussions, backed by a dozen RFC, where
>> people disagree on what's written in these RFC? If so, read on.
> Yes, please!
>> RFC 1034 had a different definition of QNAME but is not clear on the
>> specific case of CNAME chains:
>> > A standard query specifies a target domain name (QNAME)
> RFC 1034 gives an "algorithm" (§4.3.2):
> […] Search the available zones for the zone which is the nearest
> ancestor to QNAME. […]
> […] If the whole of QNAME is matched, we have found the node.
> If the data at the node is a CNAME, and QTYPE doesn't match
> CNAME, copy the CNAME RR into the answer section of the
> response, change QNAME to the canonical name in the CNAME
> RR, and go back to step 1.
> It seems the use of QNAME for anything other than the question resource
> record name is due to this "variable reuse" in the §4.3.2 "algorithm".
> RFC 1035 gives a definition of QNAME in §4.1.
> All communications inside of the domain protocol are carried in a
> single format called a message. […]
> The names of the sections after the header are derived from their
> use in standard queries. The question section contains fields that
> describe a question to a name server. These fields are a query type
> (QTYPE), a query class (QCLASS), and a query domain name (QNAME).
> So, this implies that QNAME means the same thing regardless of whether
> the message is a query or response.
> Also see §4.1.2 which is even more graphic about where the QNAME is.
>> So, which is right? In this DNS query:
>> % dig A www.afnic.fr
>> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> A www.afnic.fr
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35551
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 1280
>> ;; QUESTION SECTION:
>> ;www.afnic.fr. IN A
>> ;; ANSWER SECTION:
>> www.afnic.fr. 213 IN CNAME www.nic.fr.
>> www.nic.fr. 213 IN CNAME lb01-1.nic.fr.
>> lb01-1.nic.fr. 213 IN A 220.127.116.11
>> ;; Query time: 875 msec
>> ;; SERVER: 192.168.43.1#53(192.168.43.1)
>> ;; WHEN: Tue Sep 20 18:11:06 CEST 2016
>> ;; MSG SIZE rcvd: 100
>> Is the QNAME "www.afnic.fr" or "lb01-1.nic.fr" ("the data field of the
>> last CNAME")???
> "www.afnic.fr", because that is the domain name in the question section.
The QNAME is (or, should be :-)) the name which is in the question.
Things get tricky when chasing CNAMEs because there can be multiple
questions, and so "the" QNAME changes. But, in your example above, I
believe it is www.afnic.fr.
I think the RFC2308 definition is only true in the negative caching
context... or something...
> Robert Edmonds
> DNSOP mailing list
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
DNSOP mailing list