I should also note though that Chrome's built-in stub won't do any followup queries if the full chain is not in the response from the recursive.
On Wed, May 27, 2020 at 3:03 PM Eric Orth <erico...@google.com> wrote: > > > On Wed, May 27, 2020 at 1:49 PM John R Levine <jo...@taugh.com> wrote: > >> While I should have been doing something else, I made a rather long CNAME >> chain. When I looked up chain.examp1e.com it got SERVFAIL, but after I >> warmed up my cache five links at a time by looking for chain5, chain10, >> chain15, and so forth, it worked. At least it worked in "dig" and >> "host". >> When I try and look up http://chain.examp1e.com, Chrome waits a while >> and says not found, > > > If Chrome is using its built-in stub, there's not expected to be a limit > (other than the overall message size limits), but nothing tests chains this > long other than security fuzzers that are only looking for crashes or > memory issues. > > >> Firefox waits a while and says "Hmm. We’re having >> trouble finding that site." and Safari on my Mac hangs. (Feel free to >> try >> it yourself.) >> >> I realize the answer to most questions like this can be summarized as >> "don't do that", but is there any consensus as to the maximum CNAME chain >> length that works reliably, and what happens if the chain is too long? >> Hanging seems sub-optimal. >> >> Regards, >> John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY >> Please consider the environment before reading this e-mail. https://jl.ly >> >> $ dig chain.examp1e.com A >> ;; Truncated, retrying in TCP mode. >> >> ; <<>> DiG 9.10.6 <<>> chain.examp1e.com a >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59001 >> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 102, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;chain.examp1e.com. IN A >> >> ;; ANSWER SECTION: >> chain.examp1e.com. 3371 IN CNAME chain100.examp1e.com. >> chain100.examp1e.com. 3371 IN CNAME chain99.examp1e.com. >> chain99.examp1e.com. 3371 IN CNAME chain98.examp1e.com. >> chain98.examp1e.com. 3371 IN CNAME chain97.examp1e.com. >> chain97.examp1e.com. 3371 IN CNAME chain96.examp1e.com. >> chain96.examp1e.com. 3372 IN CNAME chain95.examp1e.com. >> chain95.examp1e.com. 3372 IN CNAME chain94.examp1e.com. >> chain94.examp1e.com. 3372 IN CNAME chain93.examp1e.com. >> chain93.examp1e.com. 3372 IN CNAME chain92.examp1e.com. >> chain92.examp1e.com. 3589 IN CNAME chain91.examp1e.com. >> chain91.examp1e.com. 3589 IN CNAME chain90.examp1e.com. >> chain90.examp1e.com. 3583 IN CNAME chain89.examp1e.com. >> chain89.examp1e.com. 3583 IN CNAME chain88.examp1e.com. >> chain88.examp1e.com. 3583 IN CNAME chain87.examp1e.com. >> chain87.examp1e.com. 3583 IN CNAME chain86.examp1e.com. >> chain86.examp1e.com. 3583 IN CNAME chain85.examp1e.com. >> chain85.examp1e.com. 3577 IN CNAME chain84.examp1e.com. >> chain84.examp1e.com. 3578 IN CNAME chain83.examp1e.com. >> chain83.examp1e.com. 3578 IN CNAME chain82.examp1e.com. >> chain82.examp1e.com. 3578 IN CNAME chain81.examp1e.com. >> chain81.examp1e.com. 3579 IN CNAME chain80.examp1e.com. >> chain80.examp1e.com. 3570 IN CNAME chain79.examp1e.com. >> chain79.examp1e.com. 3571 IN CNAME chain78.examp1e.com. >> chain78.examp1e.com. 3571 IN CNAME chain77.examp1e.com. >> chain77.examp1e.com. 3571 IN CNAME chain76.examp1e.com. >> chain76.examp1e.com. 3572 IN CNAME chain75.examp1e.com. >> chain75.examp1e.com. 3564 IN CNAME chain74.examp1e.com. >> chain74.examp1e.com. 3564 IN CNAME chain73.examp1e.com. >> chain73.examp1e.com. 3564 IN CNAME chain72.examp1e.com. >> chain72.examp1e.com. 3564 IN CNAME chain71.examp1e.com. >> chain71.examp1e.com. 3564 IN CNAME chain70.examp1e.com. >> chain70.examp1e.com. 3519 IN CNAME chain69.examp1e.com. >> chain69.examp1e.com. 3519 IN CNAME chain68.examp1e.com. >> chain68.examp1e.com. 3519 IN CNAME chain67.examp1e.com. >> chain67.examp1e.com. 3519 IN CNAME chain66.examp1e.com. >> chain66.examp1e.com. 3519 IN CNAME chain65.examp1e.com. >> chain65.examp1e.com. 3519 IN CNAME chain64.examp1e.com. >> chain64.examp1e.com. 3520 IN CNAME chain63.examp1e.com. >> chain63.examp1e.com. 3520 IN CNAME chain62.examp1e.com. >> chain62.examp1e.com. 3520 IN CNAME chain61.examp1e.com. >> chain61.examp1e.com. 3554 IN CNAME chain60.examp1e.com. >> chain60.examp1e.com. 3549 IN CNAME chain59.examp1e.com. >> chain59.examp1e.com. 3549 IN CNAME chain58.examp1e.com. >> chain58.examp1e.com. 3549 IN CNAME chain57.examp1e.com. >> chain57.examp1e.com. 3549 IN CNAME chain56.examp1e.com. >> chain56.examp1e.com. 3549 IN CNAME chain55.examp1e.com. >> chain55.examp1e.com. 3535 IN CNAME chain54.examp1e.com. >> chain54.examp1e.com. 3536 IN CNAME chain53.examp1e.com. >> chain53.examp1e.com. 3536 IN CNAME chain52.examp1e.com. >> chain52.examp1e.com. 3536 IN CNAME chain51.examp1e.com. >> chain51.examp1e.com. 3536 IN CNAME chain50.examp1e.com. >> chain50.examp1e.com. 3536 IN CNAME chain49.examp1e.com. >> chain49.examp1e.com. 3536 IN CNAME chain48.examp1e.com. >> chain48.examp1e.com. 3536 IN CNAME chain47.examp1e.com. >> chain47.examp1e.com. 3536 IN CNAME chain46.examp1e.com. >> chain46.examp1e.com. 3541 IN CNAME chain45.examp1e.com. >> chain45.examp1e.com. 3531 IN CNAME chain44.examp1e.com. >> chain44.examp1e.com. 3531 IN CNAME chain43.examp1e.com. >> chain43.examp1e.com. 3531 IN CNAME chain42.examp1e.com. >> chain42.examp1e.com. 3531 IN CNAME chain41.examp1e.com. >> chain41.examp1e.com. 3531 IN CNAME chain40.examp1e.com. >> chain40.examp1e.com. 3525 IN CNAME chain39.examp1e.com. >> chain39.examp1e.com. 3526 IN CNAME chain38.examp1e.com. >> chain38.examp1e.com. 3526 IN CNAME chain37.examp1e.com. >> chain37.examp1e.com. 3526 IN CNAME chain36.examp1e.com. >> chain36.examp1e.com. 3526 IN CNAME chain35.examp1e.com. >> chain35.examp1e.com. 3513 IN CNAME chain34.examp1e.com. >> chain34.examp1e.com. 3513 IN CNAME chain33.examp1e.com. >> chain33.examp1e.com. 3513 IN CNAME chain32.examp1e.com. >> chain32.examp1e.com. 3513 IN CNAME chain31.examp1e.com. >> chain31.examp1e.com. 3513 IN CNAME chain30.examp1e.com. >> chain30.examp1e.com. 3508 IN CNAME chain29.examp1e.com. >> chain29.examp1e.com. 3508 IN CNAME chain28.examp1e.com. >> chain28.examp1e.com. 3508 IN CNAME chain27.examp1e.com. >> chain27.examp1e.com. 3508 IN CNAME chain26.examp1e.com. >> chain26.examp1e.com. 3508 IN CNAME chain25.examp1e.com. >> chain25.examp1e.com. 3499 IN CNAME chain24.examp1e.com. >> chain24.examp1e.com. 3499 IN CNAME chain23.examp1e.com. >> chain23.examp1e.com. 3500 IN CNAME chain22.examp1e.com. >> chain22.examp1e.com. 3500 IN CNAME chain21.examp1e.com. >> chain21.examp1e.com. 3500 IN CNAME chain20.examp1e.com. >> chain20.examp1e.com. 3447 IN CNAME chain19.examp1e.com. >> chain19.examp1e.com. 3447 IN CNAME chain18.examp1e.com. >> chain18.examp1e.com. 3447 IN CNAME chain17.examp1e.com. >> chain17.examp1e.com. 3448 IN CNAME chain16.examp1e.com. >> chain16.examp1e.com. 3448 IN CNAME chain15.examp1e.com. >> chain15.examp1e.com. 3448 IN CNAME chain14.examp1e.com. >> chain14.examp1e.com. 3448 IN CNAME chain13.examp1e.com. >> chain13.examp1e.com. 3448 IN CNAME chain12.examp1e.com. >> chain12.examp1e.com. 3449 IN CNAME chain11.examp1e.com. >> chain11.examp1e.com. 3486 IN CNAME chain10.examp1e.com. >> chain10.examp1e.com. 3455 IN CNAME chain9.examp1e.com. >> chain9.examp1e.com. 3455 IN CNAME chain8.examp1e.com. >> chain8.examp1e.com. 3455 IN CNAME chain7.examp1e.com. >> chain7.examp1e.com. 3455 IN CNAME chain6.examp1e.com. >> chain6.examp1e.com. 3455 IN CNAME chain5.examp1e.com. >> chain5.examp1e.com. 3455 IN CNAME chain4.examp1e.com. >> chain4.examp1e.com. 3455 IN CNAME chain3.examp1e.com. >> chain3.examp1e.com. 3455 IN CNAME chain2.examp1e.com. >> chain2.examp1e.com. 3455 IN CNAME chain1.examp1e.com. >> chain1.examp1e.com. 3466 IN CNAME chain0.examp1e.com. >> chain0.examp1e.com. 3460 IN A 64.57.183.119 >> >> ;; Query time: 2 msec >> ;; SERVER: 192.168.80.2#53(192.168.80.2) >> ;; WHEN: Wed May 27 13:31:17 EDT 2020 >> ;; MSG SIZE rcvd: 2275 >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
