At Fri, 13 Apr 2018 16:47:07 +0200,
bert hubert <> wrote:

> In writing this server and while consulting with some other implementors, I
> for now have decided that in 2018 it makes no sense to:
> 1) chase CNAMEs that point to another zone

It may not even make sense to chase CNAME in the same zone, since the
receiving resolver generally can't be sure if it's really in the same
zone and would need to chase it by itself anyway.

When a resolver receives this from an '' authoritative server: CNAME AAAA 2001:db8::1

It might look is actually in the zone, but the resolver can't be 100% sure about it unless
it also knows is on a zone cut.  And, in my
understanding, today's deployed resolvers actually chase by itself.  So the AAAA added by the
authoritative server would effectively be a waste.

(If the zone is DNSSEC signed and the authoritative server can include
DNSSEC proofs of the RRsets in the chain, the story may become
different.  But I don't think we are discussing such an "advanced"

JINMEI, Tatuya

DNSOP mailing list

Reply via email to