On 04/13/2018 04:47 PM, bert hubert wrote:
2) Try:
ping goes-via-embedded-nul.tdns.powerdns.org
ping goes-via-embedded-space.tdns.powerdns.org.
ping goes-via-embedded-dot.tdns.powerdns.org.
None of these resolve when I try them, I wonder if that is because
implementations want CNA
bert hubert wrote:
> 2) Try:
> ping goes-via-embedded-nul.tdns.powerdns.org
> ping goes-via-embedded-space.tdns.powerdns.org.
> ping goes-via-embedded-dot.tdns.powerdns.org.
>
> None of these resolve when I try them, I wonder if that is because
> implementations want CNAMEs to be 'host
one thing to note is that when the server is authoritative for more than
one zone, a cname that crosses from one such zone to another is allowed
by 1035 to be chased. however, the resolver has no reason to accept
out-of-zone records, since it cannot be sure that a new query in the
bailiwick of
On Mon, Apr 16, 2018 at 03:30:36PM +0100, Tony Finch wrote:
> I'm slightly surprised that Evan and Mukund haven't mentioned this, but
> BIND 9.1 to 9.11 had additional-from-cache and additional-from-auth
> options which controlled this behaviour. (I turned them off on my servers
> years ago.) In 9.
bert hubert wrote:
>
> In writing this server and while consulting with some other implementors, I
> for now have decided that in 2018 it makes no sense to:
>
> 1) chase CNAMEs that point to another zone
> 2) look for glue outside of the zone
>
> Given that any resolver will ignore those answers a
On 13 April 2018 at 11:11, bert hubert wrote:
> > >1) chase CNAMEs that point to another zone
> > >2) look for glue outside of the zone
> >
> > 1) What was the historical text that indicated that an authoritative
> server
> > should chase CNAMEs before responding? This worries me.
>
> RFC 1034, 4
At Fri, 13 Apr 2018 16:47:07 +0200,
bert hubert wrote:
> In writing this server and while consulting with some other implementors, I
> for now have decided that in 2018 it makes no sense to:
>
> 1) chase CNAMEs that point to another zone
It may not even make sense to chase CNAME in the same zone
On Fri, Apr 13, 2018 at 05:35:14PM +, Evan Hunt wrote:
> On Sat, Apr 14, 2018 at 01:13:30AM +0800, Mukund Sivaraman wrote:
> > On Fri, Apr 13, 2018 at 04:31:35PM +, Evan Hunt wrote:
> > > I could have sworn there was an RFC published several years ago concerning
> > > the prevention of cach
On Sat, Apr 14, 2018 at 01:13:30AM +0800, Mukund Sivaraman wrote:
> On Fri, Apr 13, 2018 at 04:31:35PM +, Evan Hunt wrote:
> > I could have sworn there was an RFC published several years ago concerning
> > the prevention of cache poisoning, which specified that resolvers had to
> > ignore out o
On Fri, Apr 13, 2018 at 04:31:35PM +, Evan Hunt wrote:
> I could have sworn there was an RFC published several years ago concerning
> the prevention of cache poisoning, which specified that resolvers had to
> ignore out of zone CNAMEs and re-query, but I can't find it now. Poor
> google skills,
On Fri, Apr 13, 2018 at 05:11:52PM +0200, bert hubert wrote:
> RFC 1034, 4.3.2, step 3, a. It says to go back to step 1, which means that
> in step 2 we look up the best zone again for the target of the CNAME. I have
> not looked if newer RFCs deprecate this or not. So with 'chase' I mean,
> consul
My takeaway is that RFC 1034 Section 4.3.2 talks about "servers" without
differentiating between authoritative servers and the server side of
resolvers. If we can get agreement on detangling those two, it would be
a huge service to the DNS community.
--Paul Hoffman
___
On Fri, Apr 13, 2018 at 07:59:19AM -0700, Paul Hoffman wrote:
> >Specifically, I thought it was a good a idea to make a "minimal but
> >correct and best practices" authoritative nameserver.
> Thank you, thank you.
I can also tell you it is fun to start one from scratch and not make the
same mistak
the authority server should never fetch anything, and therefore, should
not return out-of-zone data. if that means a cname chain ends without a
result, that's the resolver's problem. if that means a delegated zone's
name servers are only available in a sibling or uncle zone, that's the
delegate
On 13 Apr 2018, at 7:47, bert hubert wrote:
Specifically, I thought it was a good a idea to make a "minimal but
correct
and best practices" authoritative nameserver.
Thank you, thank you.
In writing this server and while consulting with some other
implementors, I
for now have decided that
Hi everyone,
[tl;dr - is it ok not to chase CNAMEs out of zones and only to do in-zone
glue? how many CNAMEs should one follow? Plus some fun things]
Under the watchful eye of the lovely camel Farsight sent us [1], I've been
working on enhancing the 'hello-dns' pages on http://powerdns.org/hello-
16 matches
Mail list logo
