Hi Joe, About the "CNAME-restart logic" mentioned in https://blog.cloudflare.com/cname-a-record-order-dns-standards/, we have tested mainstream resolver's behaviors in our USENIX Security 2023 paper. There could be mutiple CNAME records for one qname. Different resolvers have unique processing logic when doing the CNAME chaining (CNAME-restart you called).
CNAME Chaining: https://www.usenix.org/system/files/usenixsecurity23-li-xiang.pdf (Section 4.1 and Table 2) Third, we also found that the resolver can select a CNAME record from all > the CNAME records embedded in R (during U pdateQuery) and query the closest server in the cache, but the > implementations differ. BIND, Unbound, MaraDNS, and Simple DNS Plus use the first CNAME record to issue > the following query Q, while Knot Resolver and PowerDNS Recursor use the last CNAME record. > Microsoft DNS selects a random CNAME record to lookup. Xiang Li Nankai University
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
