AW: [OFF-TOPIC] Question about ClouDNS (and others') ALIAS records
> -Ursprüngliche Nachricht- > Von: bind-users Im Auftrag von Jan > Schaumann via bind-users > Gesendet: Dienstag, 26. März 2024 14:44 > An: bind-users@lists.isc.org > Betreff: Re: [OFF-TOPIC] Question about ClouDNS (and others') ALIAS records > > Karl Auer wrote: > > I'm puzzled by the ClouDNS "ALIAS" record. I was wondering if anyone > > knows how it is handled "under the hood"? > > Many DNS service providers have some sort of variation > of this, since "aliases at the apex" is a feature many > customers need: > > Akamai uses "Zone apex mapping": > https://techdocs.akamai.com/edge-dns/docs/features#zone-apex-mapping > > Cloudflare uses "CNAME flattening": > https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames- > at-a-domains-root/ > > AWS uses "alias records": > https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record- > sets-choosing-alias-non-alias.html > ... Some more info can be found in the deprecated draft: https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/ This is for example very similar how ALIAS is implemented in PowerDNS Auth. But as there is no standard for the "CNAME-like at apex" there is no definition on how TTLs should be implemented. Regards Klaus -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [OFF-TOPIC] Question about ClouDNS (and others') ALIAS records
Karl Auer wrote: > I'm puzzled by the ClouDNS "ALIAS" record. I was wondering if anyone > knows how it is handled "under the hood"? Many DNS service providers have some sort of variation of this, since "aliases at the apex" is a feature many customers need: Akamai uses "Zone apex mapping": https://techdocs.akamai.com/edge-dns/docs/features#zone-apex-mapping Cloudflare uses "CNAME flattening": https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/ AWS uses "alias records": https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html Simplified, the authoritative performs the "CNAME" chain resolution (because it controls the zones in question) and returns the final result so the client doesn't have to chase CNAMEs. Fortunately, nowadays we have a proper solution for this problem (which -- bringing it back on-topic :-) -- bind supports): SVCB / HTTPS records (RFC9460). However, adoption of those records is still lacking, with clients behaving inconsistently and services not offering them widely yet. -Jan -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [OFF-TOPIC] Question about ClouDNS (and others') ALIAS records
On Tue, 2024-03-26 at 08:00 -0400, Victoria Risk wrote: > We have a knowledgebase article on the topic of ‘alias’ records: > https://kb.isc.org/docs/aa-01640. The article is a bit out of date, > but still basically valid. It is not specific to the implementation > you mention however. Thanks! That was very much spot on. It suggests a reason why someone might say an ALIAS is faster than a CNAME; it's because the authoritative server does its own lookup. A recursive querier does not have to get the CNAME back then do another query. Seems like a bit of a line ball to me. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au, he/him) http://www.biplane.com.au/kauer -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [OFF-TOPIC] Question about ClouDNS (and others') ALIAS records
Karl, We have a knowledgebase article on the topic of ‘alias’ records: https://kb.isc.org/docs/aa-01640. The article is a bit out of date, but still basically valid. It is not specific to the implementation you mention however. Vicky > On Mar 26, 2024, at 7:49 AM, Karl Auer wrote: > > I'm puzzled by the ClouDNS "ALIAS" record. I was wondering if anyone > knows how it is handled "under the hood"? > > It seems to be a non-standard extension that some DNS providers > support. It seems to work similarly to, but not quite the same way as, > a CNAME. Its big advantage over a CNAME is that it can coexist with > other records of the same name (LHS). However, it seems to be non- > standard. > > - when you look up the LHS, you do not get the ALIAS RHS back > > - it seems to internally look up the RHS, and return those results > > - if you make an A query, you get any matching A records back, as well > as the results from any ALIAS records with the same LHS > > - the TTLs of records obtained via the ALIAS are inherited from the TTL > of the ALIAS record > > - the real TTLS of the A records behind the ALIAS are lost. This seems > to be risky > > Same providers say it is faster to resolve than a CNAME; I can't see > why that would be. > > Regards, K. > > -- > ~~~ > Karl Auer (ka...@biplane.com.au, he/him) > http://www.biplane.com.au/kauer > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
[OFF-TOPIC] Question about ClouDNS (and others') ALIAS records
I'm puzzled by the ClouDNS "ALIAS" record. I was wondering if anyone knows how it is handled "under the hood"? It seems to be a non-standard extension that some DNS providers support. It seems to work similarly to, but not quite the same way as, a CNAME. Its big advantage over a CNAME is that it can coexist with other records of the same name (LHS). However, it seems to be non- standard. - when you look up the LHS, you do not get the ALIAS RHS back - it seems to internally look up the RHS, and return those results - if you make an A query, you get any matching A records back, as well as the results from any ALIAS records with the same LHS - the TTLs of records obtained via the ALIAS are inherited from the TTL of the ALIAS record - the real TTLS of the A records behind the ALIAS are lost. This seems to be risky Same providers say it is faster to resolve than a CNAME; I can't see why that would be. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au, he/him) http://www.biplane.com.au/kauer -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users