James Ponder <[EMAIL PROTECTED]> writes: >> ;; ANSWER SECTION: >> www.microsoft.com. 3599 IN CNAME toggle.www.ms.akadns.net. >> toggle.www.ms.akadns.net. 299 IN CNAME g.www.ms.akadns.net. >> g.www.ms.akadns.net. 299 IN CNAME lb1.www.ms.akadns.net. >> lb1.www.ms.akadns.net. 300 IN A 207.46.19.254 >> lb1.www.ms.akadns.net. 300 IN A 207.46.192.254 >> lb1.www.ms.akadns.net. 300 IN A 207.46.193.254 >> lb1.www.ms.akadns.net. 300 IN A 207.46.19.190 >> lb1.www.ms.akadns.net. 300 IN A 65.55.21.250 > > That's a nice case, thanks for pointing it out. > > Unless I'm mistaken (using tcpdump) bind (9.5.0-P1) does this in 3 > transactions: > 1. initial query for www.microsoft.com stopping at the CNAME toggle > 2. query for toggle from akadns.net nameservers, stopping at lb1 > 3. query for lb1 > > It appears to process the two CNAMEs on akadns.net together, so there's > never a request relating to g.www.ms.akadns.net.
yes. > I'm confused why Bind would accept the g.www.ms.akadns.net CNAME when it > asked about toggle.www.ms.akadns.net and yet not accept the A records > for lb1.www.ms.akadns.net at the same time? in my story about the history of thinking about baliwick, i left out the middle part (which ends at the dawn of the kaminsky era) where it was believed that a same-parent-zone CNAME chain was OK to cache as long as you restarted your transaction at the terminus of that chain. at home i don't have to wait for IETF to catch up, i can be as paranoid as i want to me. at work (in BIND) we try very hard not to get ahead of the standards process on controversial issues. we (ISC) are an instrument of the community, and we work within it. > I'm also not seeing the rationale behind not accepting the whole chain > from toggle down to the A records - we know we're talking to the > akadns.net authoritative nameserver after all. Isn't it being overly > paranoid rather than properly paranoid? yes, it is, but who knew until now? -- Paul Vixie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
