Post A5UEvKi13dRqBfQ2jo by nat@ferrus.net
(DIR) More posts by nat@ferrus.net
(DIR) Post #A5U75GDXoQn1WHOBJg by wolf480pl@mstdn.io
2021-03-23T00:25:32Z
0 likes, 0 repeats
Why do authoritative naneservers don't resolve themselves the CNAMEs they return? What ciuld possibly go wrong if they did?(Note: I'm not expecting a one true answer, rather I'm trying to start a discussion. You don't have to.be an expert at DNS, just try to think about it and say your conclusions)
(DIR) Post #A5U801AMRgAhLRxpPk by cjd@mastodon.social
2021-03-23T00:35:47Z
0 likes, 0 repeats
@wolf480pl might make testing more painful
(DIR) Post #A5UEZQDZtWCUu0jYky by nat@ferrus.net
2021-03-23T01:49:21Z
0 likes, 0 repeats
@wolf480pl Caching? They could have different cache timeouts?
(DIR) Post #A5UEvKi13dRqBfQ2jo by nat@ferrus.net
2021-03-23T01:53:21Z
0 likes, 0 repeats
@wolf480pl Thinking about it a bit, at least for the case where the same nameserver is authoritative for both the alias and the target, I don't see any reason not to replace the use of CNAMEs with an explicit alias feature. By making the administrator request an "alias", then you can still have CNAMEs if there does end up being a case where there's a benefit.
(DIR) Post #A5UjIsySp7ElkDG8VE by wolf480pl@mstdn.io
2021-03-23T07:33:48Z
0 likes, 0 repeats
@nat yeah, but TTL in responses is per-record, so you just need to remmber how much time happened since you got it and lower the TTL accordingly.
(DIR) Post #A5V95iPVNzOe1bHvQe by swiley@qoto.org
2021-03-23T12:22:44Z
0 likes, 0 repeats
@wolf480pl You certainly could write a DNS server that does this, I'm sure they exist. It can be nice to have the option to do it in the protocol and DNS already has plenty of situations where you have to make another query to get an answer back.
(DIR) Post #A5VAv5cIxr8yimKtkW by wolf480pl@mstdn.io
2021-03-23T12:43:15Z
0 likes, 0 repeats
@swiley yeah, but aside from CNAMEs and out-of-bailwick NS records... and MXes and SRVs, every query a caching resolver does returns either an error, a final answer, or gets it closer to the result. And the resolver knows that it will need to do at most as many queries as there is labels in the queried domain name.OTOH with CNAMEs and those other pesky indirections, it can potentially go on for an infinite journey chasing aliases.
(DIR) Post #A5VBCeJrC8S5Gv52ga by swiley@qoto.org
2021-03-23T12:46:21Z
0 likes, 0 repeats
@wolf480pl You definitely can't get rid of NS records though so even without getting CNAME records back you'd still have the problem.
(DIR) Post #A5VBFUoQztUGeijwmW by wolf480pl@mstdn.io
2021-03-23T12:46:57Z
0 likes, 0 repeats
@swiley you can make glue mandatory though
(DIR) Post #A5VBYTiRIb2okxzHLU by swiley@qoto.org
2021-03-23T12:50:21Z
0 likes, 0 repeats
@wolf480pl You'd be responsible for updating the glue records for name servers from other domains then. Stuff would break more often.
(DIR) Post #A5VBe09u6WDwpBT2dU by wolf480pl@mstdn.io
2021-03-23T12:51:22Z
0 likes, 0 repeats
@swiley or the authoritative server could do that automatically
(DIR) Post #A5VBw1gp9PG6mkSbWi by swiley@qoto.org
2021-03-23T12:54:36Z
0 likes, 0 repeats
@wolf480pl Then the authoritative server would be making queries on behalf of someone else which I thought was generally considered poor design.
(DIR) Post #A5VC9JKItAqpFWGFpA by wolf480pl@mstdn.io
2021-03-23T12:57:02Z
0 likes, 0 repeats
@swiley yes, and this also true about my* initial idea with CNAMEs*(actually it's djb's idea)
(DIR) Post #A5VCXOvphSz9aGIo6K by swiley@qoto.org
2021-03-23T13:01:20Z
0 likes, 0 repeats
@wolf480pl Oh right, I guess I was only thinking about CNAMEs inside one domain.