Use a DNAME record. That works with DNSSEC.
e.g.
oldzone.com SOA .....
oldzone.com NS ns1.newzone.com
oldzone.com NS ns2.newzone.com
oldzone.com MX 0 mail.newzone.com
oldzone.com A ...
oldzone.com AAAA ...
oldzone.com DNAME newzone.com
Mark
In message
<CAEKtLiR=1jeKEaUw+74TMBVMtKy7HRHgYkaS3_mix59dXNz_=w...@mail.gmail.com>
, Casey Deccio writes:
> --===============3720066438239880950==
> Content-Type: multipart/alternative; boundary=90e6ba6e89ce47e69d04e7de3b53
>
> --90e6ba6e89ce47e69d04e7de3b53
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Thu, Oct 3, 2013 at 2:54 PM, Paul Wouters <p...@cypherpunks.ca> wrote:
>
> > You are why we can't have nice things :P
> >
> > We had enough Sitewinders. With DNSSEC on the endnode, your lies won't
> > be believed anway. What you are trying is wrong, bad and broken.
> >
> >
> This might be a fair statement in the right context. But it was taken out
> of context--because I really didn't provide any. Not that I need to
> justify my question, but since you brought it up, what I am looking to do
> is decrease the risk of DNS resolution failures resulting from a namespace
> transition by creating a fallback from the old to the new namespace. For
> some definite period of time after the change, an NXDOMAIN in the old
> namespace would result in a synthesized CNAME pointing to the same name in
> the new namespace. Anyway, there might not be an easy way to to do it, and
> we might just have to lose our safety net, but I wanted to ask users on the
> list if there's some obscure configuration that might be helpful.
>
> If it's not already clear from my development of DNSSEC helper tools (e.g.,
> DNSViz), I'm an advocate of secure DNS. :)
>
> Cheers,
> Casey
>
> --90e6ba6e89ce47e69d04e7de3b53
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
>
> <div dir=3D"ltr">On Thu, Oct 3, 2013 at 2:54 PM, Paul Wouters <span dir=3D"=
> ltr"><<a href=3D"mailto:p...@cypherpunks.ca"; target=3D"_blank">paul@cyph=
> erpunks.ca</a>></span> wrote:<br><div class=3D"gmail_extra"><div class=
> =3D"gmail_quote">
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">You are why we can't have nice things :P=
> <br>
> <br></blockquote><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
> ex;border-left:1px #ccc solid;padding-left:1ex">
> We had enough Sitewinders. With DNSSEC on the endnode, your lies won't<=
> br>
> be believed anway. What you are trying is wrong, bad and broken.<br>
> <br></blockquote><br>This might be a fair statement in the right context.=
> =A0 But it was taken out of context--because I really didn't provide an=
> y.=A0 Not that I need to justify my question, but since you brought it up, =
> what I am looking to do is decrease the risk of DNS resolution failures res=
> ulting from a namespace transition by creating a fallback from the old to t=
> he new namespace.=A0 For some definite period of time after the change, an =
> NXDOMAIN in the old namespace would result in a synthesized CNAME pointing =
> to the same name in the new namespace.=A0 Anyway, there might not be an eas=
> y way to to do it, and we might just have to lose our safety net, but I wan=
> ted to ask users on the list if there's some obscure configuration that=
> might be helpful.<br>
> <br>If it's not already clear from my development of DNSSEC helper tool=
> s (e.g., DNSViz), I'm an advocate of secure DNS. :)<br><br></div><div c=
> lass=3D"gmail_quote">Cheers,<br></div><div class=3D"gmail_quote"><div>Casey=
> <br>
> </div></div></div></div>
>
> --90e6ba6e89ce47e69d04e7de3b53--
>
> --===============3720066438239880950==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============3720066438239880950==--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
