Hello,
On 21 Sep 2017, at 18:01, Evan Hunt wrote:
On Thu, Sep 21, 2017 at 02:20:15PM +0200, Peter van Dijk wrote:
thank you for this, I like it a lot. One nit below.
Me too, with another nit...
This creates a kind of confusion, however, because the answer
to a
query that results in CNAME processing contains in the echoed
Question Section one QNAME (the name in the original query),
and a
second QNAME that is in the data field of the last CNAME. The
Why only the "last CNAME?" If a chain contains more than one CNAME,
the
answer includes intermediate names as well:
;; ANSWER SECTION:
www.paypal.com. 5 IN CNAME
geo.paypal.com.akadns.net.
geo.paypal.com.akadns.net. 5 IN CNAME
wlb.paypal.com.akadns.net.
wlb.paypal.com.akadns.net. 5 IN CNAME
www.paypal.com.edgekey.net.
www.paypal.com.edgekey.NET. 5 IN CNAME
e3694.a.akamaiedge.net.
e3694.a.akamaiedge.net. 5 IN A 104.91.181.63
That’s a very good point. If any of these CNAMEs are synthesised from
wildcards, and DNSSEC is in play, then the use of QNAME in RFC5155 (and
presumably also the NSEC equivalent) demands that each step of this
chain is the QNAME at some point.
If it's necessary to have a specific term that only refers to the
*last*
name, perhaps "QNAME (final)" would be a better choice for that.
+1 - with the caveat that the definition needs to decide if it applies
when the chain does not end (a loop, or a failure). Is that ‘final’?
‘effective’?’ ‘intermediate’? Perhaps the right division is
original+intermediate+final, dropping effective in favour of the
intermediate+final division.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
